Ahojte,
prosim o kontrolu logu. Vista po spusteni cca 5 minut nespusti firefox (aj ine programy sa spustaju pomaly). Vycistene ccleanerom
Logfile of random's system information tool 1.09 (written by random/random)
Run by Jojko at 2011-07-16 10:21:23
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 73 GB (25%) free of 295 GB
Total RAM: 2045 MB (34% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:21:58, on 16/07/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Windows\System32\aetcrss1.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ATI 2011\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\ATI 2011\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Users\Jojko\Desktop\Stiahnute veci\RSIT.exe
C:\Users\Jojko\Desktop\Stiahnute veci\Jojko.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI 2011\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jojko\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-21-1496877464-366889928-961639062-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-1496877464-366889928-961639062-1000\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'IUSR_NMPR')
O8 - Extra context menu item: &Search - ?p=ZUfox000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe (file missing)
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe (file missing)
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe (file missing)
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9b2da943107bb) (gupdate1c9b2da943107bb) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
--
End of file - 14728 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1496877464-366889928-961639062-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1496877464-366889928-961639062-1001UA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Jojko\AppData\Roaming\Mozilla\Firefox\Profiles\hlr6rmp5.default
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "extensions.enabledItems" - "{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6, {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2, {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07, {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, firefox@tvunetworks.com:2, 4, 9, 1, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3"
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"smartwebprinting@hp.com"=C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Picasa2\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/vbp;version=0.9.17]
"Description"=Veetle Broadcaster Plugin
"Path"=C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17]
"Description"=Veetle TV Core
"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17]
"Description"=Veetle TV Player
"Path"=C:\Program Files\Veetle\Player\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=0.9.9]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
NPSibelius.dll
PDFNetC.dll
QuickTimePlugin.class
ScorchPDFWrapper.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files\Mozilla Firefox\searchplugins\
amazon-en-GB.xml
bing.xml
chambers-en-GB.xml
eBay-en-GB.xml
google.xml
wikipedia.xml
yahoo-en-GB.xml
C:\Users\Jojko\AppData\Roaming\Mozilla\Firefox\Profiles\hlr6rmp5.default\extensions\
firefox@tvunetworks.com
{20a82645-c095-46ed-80e3-08825760534b}
{77b819fa-95ad-4f2c-ac7c-486b356188a9}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10 393600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-06 305328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-06 305328]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ECenter"=C:\Dell\E-Center\EULALauncher.exe [2007-05-25 17920]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-17 4907008]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]
"NMSSupport"=C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [2007-06-27 439512]
"CCUTRAYICON"=C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [2007-06-27 215256]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-07 1838592]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-01-16 37376]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"Nitro PDF Printer Monitor"=C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe [2008-09-02 210224]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-10-14 2793304]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"CertificateRegistration"=C:\Windows\system32\aetcrss1.exe [2009-09-07 204800]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"StartCCC"=C:\Program Files\ATI 2011\ATI.ACE\Core-Static\CLIStart.exe [2010-02-02 98304]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-07-06 449584]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-07-06 449584]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-01-07 68856]
"Google Update"=C:\Users\Jojko\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-22 133104]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-05-26 15147400]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-05 221184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
wlnotify.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"BindDirectlyToPropertySetStorage"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.I420"=lvcodec2.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo"=vfwwdm32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.vbs - edit - C:\Windows\system32\Notepad.exe %1
.vbs - open - C:\Windows\system32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2011-07-16 10:21:23 ----D---- C:\rsit
2011-07-13 20:32:58 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 20:32:54 ----A---- C:\Windows\system32\win32k.sys
2011-07-13 20:32:21 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 20:32:21 ----A---- C:\Windows\system32\csrsrv.dll
2011-07-07 23:49:50 ----A---- C:\Windows\system32\javaws.exe
2011-07-07 23:49:50 ----A---- C:\Windows\system32\javaw.exe
2011-07-07 23:49:50 ----A---- C:\Windows\system32\java.exe
2011-07-05 17:35:16 ----A---- C:\Windows\system32\schannel.dll
2011-06-17 17:10:44 ----A---- C:\Windows\system32\mshtmled.dll
2011-06-17 17:10:43 ----A---- C:\Windows\system32\jscript9.dll
2011-06-17 17:10:43 ----A---- C:\Windows\system32\jscript.dll
2011-06-17 17:10:43 ----A---- C:\Windows\system32\ieui.dll
2011-06-17 17:10:43 ----A---- C:\Windows\system32\iertutil.dll
2011-06-17 17:10:41 ----A---- C:\Windows\system32\mshtml.dll
2011-06-17 17:10:41 ----A---- C:\Windows\system32\ieframe.dll
2011-06-17 17:10:40 ----A---- C:\Windows\system32\urlmon.dll
2011-06-17 17:07:47 ----A---- C:\Windows\system32\inetcomm.dll
2011-06-17 17:07:44 ----A---- C:\Windows\system32\drivers\afd.sys
2011-06-17 17:07:42 ----A---- C:\Windows\system32\drivers\dfsc.sys
2011-06-17 17:07:40 ----A---- C:\Windows\system32\oleaut32.dll
2011-06-17 17:07:36 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-06-17 17:07:36 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-06-17 17:07:36 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-06-17 17:07:33 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-06-17 17:07:33 ----A---- C:\Windows\system32\drivers\srv2.sys
======List of files/folders modified in the last 1 month======
2011-07-16 10:21:13 ----D---- C:\Windows\Temp
2011-07-16 10:06:04 ----SHD---- C:\System Volume Information
2011-07-16 10:06:01 ----SHD---- C:\Windows\Installer
2011-07-16 10:06:00 ----HD---- C:\Config.Msi
2011-07-16 10:05:12 ----D---- C:\Windows
2011-07-16 10:04:55 ----D---- C:\Users\Jojko\AppData\Roaming\Graphisoft
2011-07-16 10:04:33 ----RD---- C:\Program Files
2011-07-16 10:04:33 ----D---- C:\Windows\system32\drivers
2011-07-16 10:04:33 ----D---- C:\Windows\System32
2011-07-16 10:04:31 ----D---- C:\Windows\system32\catroot
2011-07-16 10:04:31 ----D---- C:\Windows\inf
2011-07-16 10:02:28 ----D---- C:\Users\Jojko\AppData\Roaming\Winamp
2011-07-16 10:02:27 ----D---- C:\Users\Jojko\AppData\Roaming\uTorrent
2011-07-16 10:02:27 ----D---- C:\Users\Jojko\AppData\Roaming\Skype
2011-07-16 10:02:12 ----D---- C:\Windows\Logs
2011-07-16 10:02:11 ----D---- C:\Windows\Debug
2011-07-16 09:56:40 ----D---- C:\Program Files\CCleaner
2011-07-16 09:38:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-16 09:32:21 ----D---- C:\Users\Jojko\AppData\Roaming\skypePM
2011-07-16 09:26:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-14 09:03:45 ----D---- C:\Users\Jojko\AppData\Roaming\Mozilla
2011-07-14 08:57:27 ----D---- C:\Windows\winsxs
2011-07-14 02:54:56 ----D---- C:\ProgramData\Skype Extras
2011-07-13 20:33:50 ----D---- C:\Windows\Prefetch
2011-07-13 20:33:45 ----A---- C:\Windows\system32\mrt.exe
2011-07-13 20:32:39 ----D---- C:\Windows\system32\catroot2
2011-07-08 16:35:42 ----D---- C:\Program Files\Common Files\Java
2011-07-07 23:49:32 ----D---- C:\Program Files\Java
2011-07-05 18:33:29 ----D---- C:\Program Files\Mozilla Firefox
2011-07-05 18:25:17 ----RSD---- C:\Windows\Fonts
2011-07-01 09:13:18 ----D---- C:\Program Files\Google
2011-06-19 09:21:57 ----D---- C:\Windows\Microsoft.NET
2011-06-19 09:21:24 ----RSD---- C:\Windows\assembly
2011-06-18 16:46:50 ----D---- C:\Program Files\Microsoft Silverlight
2011-06-18 16:44:34 ----D---- C:\Program Files\Internet Explorer
2011-06-17 17:10:19 ----D---- C:\Program Files\Windows Mail
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-02-20 716272]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R1 MpKslbde91faf;MpKslbde91faf; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{590D9CC8-3889-41D3-8D16-344342979B89}\MpKslbde91faf.sys [2011-07-16 28752]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2010-11-14 229208]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2008-09-22 165376]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2008-09-22 18048]
R2 nmsunidr;UniDriver for NMS; C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-02-03 5313536]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-02-03 150016]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-01-28 97792]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-04-29 228224]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-24 2054872]
R3 IntelDH;IntelDH Driver; C:\Windows\System32\Drivers\IntelDH.sys [2008-01-07 5632]
R3 LVPr2Mon;LVPr2Mon Driver; C:\Windows\system32\Drivers\LVPr2Mon.sys [2009-10-07 25752]
R3 LVRS;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2009-05-01 265496]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-12-17 41752]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-07-06 22712]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2009-04-30 13976]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2009-04-30 2687512]
R3 ROCKEYNT;Feitian ROCKEY4 Device Service; C:\Windows\system32\DRIVERS\Rockey4.sys [2010-04-08 22528]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
R4 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
S3 aoflgr52;aoflgr52; C:\Windows\system32\drivers\aoflgr52.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-02-03 5313536]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cxbu0wdm;OMNIKEY 3x21; C:\Windows\system32\DRIVERS\cxbu0wdm.sys [2010-01-25 115712]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\Windows\system32\DRIVERS\ewusbnet.sys [2011-04-18 113664]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2011-04-18 103168]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2011-04-18 101120]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-08-23 47360]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-02-03 5313536]
S3 TSHWMDTCP;TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [2007-06-27 14552]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 USBCCID;USB Smart Card reader; C:\Windows\system32\DRIVERS\usbccid.sys [2009-04-11 30208]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 VNA;Check Point Virtual Network Adapter; C:\Windows\system32\DRIVERS\vna.sys [2009-04-02 129304]
S3 vna_ap;Check Point Virtual Network Adapter - Apollo; C:\Windows\system32\DRIVERS\vnaap.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-04-26 304920]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service; C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [2007-09-24 566560]
R2 AERTFilters;Andrea RT Filters Service; C:\Windows\system32\AERTSrv.exe [2007-12-05 77824]
R2 AlertService;Intel(R) Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2007-06-27 223448]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-02-03 172032]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 ISSM;Intel(R) Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2007-06-27 59096]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 154136]
R2 M1 Server;Intel(R) Viiv(TM) Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2007-06-27 268504]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 MCLServiceATL;Intel(R) Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2007-06-27 157912]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 NMSCore;Intel(R) NMSCore; C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-06-27 317656]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PunkBuster; C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe [2007-08-15 63040]
R2 QualityManager;Intel(R) Quality Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-06-27 272600]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Remote UI Service;Intel(R) Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2007-06-27 446680]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 86880]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c9b2da943107bb;Google Update Service (gupdate1c9b2da943107bb); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-01 133104]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-12-10 72704]
S3 DHTRACE;Intel(R) DHTrace Controller; C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 39640]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-07 1838592]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-01 133104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-29 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-09-23 575488]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Vista po spusteni 5 minut nereaguje
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vista po spusteni 5 minut nereaguje
Zdravím!
Dejte ještě log z ComboFix:
Dejte ještě log z ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vista po spusteni 5 minut nereaguje
Medzitym som spustil aj MBAM (len pre istotu)- potom nasleduje log z combofix-u
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Verzia databázy: 7160
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
16/07/2011 11:46:53
mbam-log-2011-07-16 (11-46-37).txt
Typ kontroly: Úplná kontrola (C:\|D:\|)
Objektov kontrolovaných: 419188
Uplynutý èas: 1 hod, 34 min, 21 sek
Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registraèné k¾úèe: 0
Infikované registraèné hodnoty: 0
Infikované položky registraèných dát: 0
Infikované prieèinky: 0
Infikované súbory: 6
Infikované služby pamäte:
(Škodlivé položky neboli zistené)
Infikované moduly pamäte:
(Škodlivé položky neboli zistené)
Infikované registraèné k¾úèe:
(Škodlivé položky neboli zistené)
Infikované registraèné hodnoty:
(Škodlivé položky neboli zistené)
Infikované položky registraèných dát:
(Škodlivé položky neboli zistené)
Infikované prieèinky:
(Škodlivé položky neboli zistené)
Infikované súbory:
c:\program files\electronic arts\medal of honor\Binaries\loader.dll (Riskware.Tool.CK) -> No action taken.
c:\program files\graphisoft\ArchiCAD\archicad.13_crk.exe (PUP.Hacktool.Patcher) -> No action taken.
c:\Users\Jojko\downloads\windows 7 ultimate (32 bit)\other windows 7 activation tools\windows 7 loader 1.7.9\windows 7 loader 1.7.9.0.exe (RiskWare.Tool.CK) -> No action taken.
c:\Users\Jojko\downloads\windows 7 ultimate (32 bit)\other windows 7 activation tools\windows loader 1.9.3 (reccomended)\windows loader 1.9.3.exe (RiskWare.Tool.HCK) -> No action taken.
c:\Users\Jojko\downloads\windows 7 ultimate (32 bit)\unique tools\remove windows genuine advantage notifications.exe (PUP.RemoveWGA) -> No action taken.
c:\Users\Jojko\downloads\windows 7 ultimate (32 bit)\windows 7 ultimate (32 bit)\windows 7 activation (reccomended)\windows 7 activation.exe (RiskWare.Tool.HCK) -> No action taken.
ComboFix 11-07-15.03 - Jojko 16/07/2011 12:02:25.4.4 - x86
Running from: c:\users\Jojko\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Jojko\AppData\Roaming\inst.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-16 to 2011-07-16 )))))))))))))))))))))))))))))))
.
.
2011-07-16 10:12 . 2011-07-16 10:13 -------- d-----w- c:\users\Jojko\AppData\Local\temp
2011-07-16 10:12 . 2011-07-16 10:12 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2011-07-16 10:12 . 2011-07-16 10:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-16 08:21 . 2011-07-16 08:22 -------- d-----w- C:\rsit
2011-07-16 07:19 . 2011-07-16 07:19 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{590D9CC8-3889-41D3-8D16-344342979B89}\MpKslbde91faf.sys
2011-07-15 22:04 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{590D9CC8-3889-41D3-8D16-344342979B89}\mpengine.dll
2011-07-13 18:32 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 18:32 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 18:32 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-05 16:33 . 2011-06-16 04:32 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-07-05 16:33 . 2011-06-16 04:32 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-07-05 16:33 . 2011-06-16 04:32 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-07-05 16:33 . 2011-06-16 04:32 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-07-05 16:33 . 2011-06-16 04:32 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-07-05 16:33 . 2011-06-16 04:32 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-07-05 16:33 . 2011-06-16 04:32 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-07-05 16:33 . 2011-06-16 04:32 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-07-05 16:33 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-05 16:33 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-05 15:35 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-17 15:10 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-17 15:10 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-17 15:10 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-17 15:07 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-17 15:07 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-17 15:07 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-17 15:07 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-17 15:07 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-17 15:07 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-17 15:07 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-17 15:07 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-17 15:07 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-17 15:06 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 17:52 . 2008-12-07 21:26 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 17:52 . 2008-12-07 21:26 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-07 15:55 . 2010-11-15 08:15 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-24 08:15 . 2011-05-24 08:15 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-22 17:56 . 2011-05-22 17:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-04 02:52 . 2010-06-14 18:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-18 15:34 . 2011-04-18 15:35 113664 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-04-18 15:34 . 2011-04-18 15:35 103168 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-04-18 15:34 . 2011-04-18 15:35 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-04-18 15:34 . 2011-04-18 15:35 101120 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2009-04-29 13:13 . 2009-04-29 13:13 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-04-29 13:30 . 2009-04-29 13:30 108272 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2011-06-16 04:32 . 2011-07-05 16:33 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Verzia databázy: 7160
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
16/07/2011 11:46:53
mbam-log-2011-07-16 (11-46-37).txt
Typ kontroly: Úplná kontrola (C:\|D:\|)
Objektov kontrolovaných: 419188
Uplynutý èas: 1 hod, 34 min, 21 sek
Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registraèné k¾úèe: 0
Infikované registraèné hodnoty: 0
Infikované položky registraèných dát: 0
Infikované prieèinky: 0
Infikované súbory: 6
Infikované služby pamäte:
(Škodlivé položky neboli zistené)
Infikované moduly pamäte:
(Škodlivé položky neboli zistené)
Infikované registraèné k¾úèe:
(Škodlivé položky neboli zistené)
Infikované registraèné hodnoty:
(Škodlivé položky neboli zistené)
Infikované položky registraèných dát:
(Škodlivé položky neboli zistené)
Infikované prieèinky:
(Škodlivé položky neboli zistené)
Infikované súbory:
c:\program files\electronic arts\medal of honor\Binaries\loader.dll (Riskware.Tool.CK) -> No action taken.
c:\program files\graphisoft\ArchiCAD\archicad.13_crk.exe (PUP.Hacktool.Patcher) -> No action taken.
c:\Users\Jojko\downloads\windows 7 ultimate (32 bit)\other windows 7 activation tools\windows 7 loader 1.7.9\windows 7 loader 1.7.9.0.exe (RiskWare.Tool.CK) -> No action taken.
c:\Users\Jojko\downloads\windows 7 ultimate (32 bit)\other windows 7 activation tools\windows loader 1.9.3 (reccomended)\windows loader 1.9.3.exe (RiskWare.Tool.HCK) -> No action taken.
c:\Users\Jojko\downloads\windows 7 ultimate (32 bit)\unique tools\remove windows genuine advantage notifications.exe (PUP.RemoveWGA) -> No action taken.
c:\Users\Jojko\downloads\windows 7 ultimate (32 bit)\windows 7 ultimate (32 bit)\windows 7 activation (reccomended)\windows 7 activation.exe (RiskWare.Tool.HCK) -> No action taken.
ComboFix 11-07-15.03 - Jojko 16/07/2011 12:02:25.4.4 - x86
Running from: c:\users\Jojko\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Jojko\AppData\Roaming\inst.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-16 to 2011-07-16 )))))))))))))))))))))))))))))))
.
.
2011-07-16 10:12 . 2011-07-16 10:13 -------- d-----w- c:\users\Jojko\AppData\Local\temp
2011-07-16 10:12 . 2011-07-16 10:12 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2011-07-16 10:12 . 2011-07-16 10:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-16 08:21 . 2011-07-16 08:22 -------- d-----w- C:\rsit
2011-07-16 07:19 . 2011-07-16 07:19 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{590D9CC8-3889-41D3-8D16-344342979B89}\MpKslbde91faf.sys
2011-07-15 22:04 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{590D9CC8-3889-41D3-8D16-344342979B89}\mpengine.dll
2011-07-13 18:32 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 18:32 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 18:32 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-05 16:33 . 2011-06-16 04:32 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-07-05 16:33 . 2011-06-16 04:32 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-07-05 16:33 . 2011-06-16 04:32 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-07-05 16:33 . 2011-06-16 04:32 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-07-05 16:33 . 2011-06-16 04:32 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-07-05 16:33 . 2011-06-16 04:32 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-07-05 16:33 . 2011-06-16 04:32 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-07-05 16:33 . 2011-06-16 04:32 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-07-05 16:33 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-05 16:33 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-05 15:35 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-17 15:10 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-17 15:10 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-17 15:10 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-17 15:07 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-17 15:07 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-17 15:07 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-17 15:07 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-17 15:07 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-17 15:07 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-17 15:07 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-17 15:07 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-17 15:07 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-17 15:06 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 17:52 . 2008-12-07 21:26 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 17:52 . 2008-12-07 21:26 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-07 15:55 . 2010-11-15 08:15 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-24 08:15 . 2011-05-24 08:15 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-22 17:56 . 2011-05-22 17:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-04 02:52 . 2010-06-14 18:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-18 15:34 . 2011-04-18 15:35 113664 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-04-18 15:34 . 2011-04-18 15:35 103168 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-04-18 15:34 . 2011-04-18 15:35 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-04-18 15:34 . 2011-04-18 15:35 101120 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2009-04-29 13:13 . 2009-04-29 13:13 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-04-29 13:30 . 2009-04-29 13:30 108272 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2011-06-16 04:32 . 2011-07-05 16:33 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vista po spusteni 5 minut nereaguje
To, co našel MBAM, smažte. Log z CF není kompletní.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vista po spusteni 5 minut nereaguje
ComboFix 11-07-15.03 - Jojko 16/07/2011 13:22:56.5.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.976 [GMT 2:00]
Running from: c:\users\Jojko\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-16 to 2011-07-16 )))))))))))))))))))))))))))))))
.
.
2011-07-16 11:30 . 2011-07-16 11:30 -------- d-----w- c:\users\Jojko\AppData\Local\temp
2011-07-16 11:30 . 2011-07-16 11:30 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2011-07-16 11:30 . 2011-07-16 11:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-16 11:21 . 2011-07-16 11:21 -------- d-----w- C:\32788R22FWJFW
2011-07-16 08:21 . 2011-07-16 08:22 -------- d-----w- C:\rsit
2011-07-16 07:19 . 2011-07-16 07:19 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{590D9CC8-3889-41D3-8D16-344342979B89}\MpKslbde91faf.sys
2011-07-15 22:04 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{590D9CC8-3889-41D3-8D16-344342979B89}\mpengine.dll
2011-07-13 18:32 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 18:32 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 18:32 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-05 16:33 . 2011-06-16 04:32 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-07-05 16:33 . 2011-06-16 04:32 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-07-05 16:33 . 2011-06-16 04:32 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-07-05 16:33 . 2011-06-16 04:32 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-07-05 16:33 . 2011-06-16 04:32 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-07-05 16:33 . 2011-06-16 04:32 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-07-05 16:33 . 2011-06-16 04:32 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-07-05 16:33 . 2011-06-16 04:32 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-07-05 16:33 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-05 16:33 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-05 15:35 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-17 15:10 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-17 15:10 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-17 15:10 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-17 15:07 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-17 15:07 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-17 15:07 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-17 15:07 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-17 15:07 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-17 15:07 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-17 15:07 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-17 15:07 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-17 15:07 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-17 15:06 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 17:52 . 2008-12-07 21:26 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 17:52 . 2008-12-07 21:26 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-07 15:55 . 2010-11-15 08:15 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-24 08:15 . 2011-05-24 08:15 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-22 17:56 . 2011-05-22 17:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-04 02:52 . 2010-06-14 18:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-18 15:34 . 2011-04-18 15:35 113664 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-04-18 15:34 . 2011-04-18 15:35 103168 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-04-18 15:34 . 2011-04-18 15:35 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-04-18 15:34 . 2011-04-18 15:35 101120 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2009-04-29 13:13 . 2009-04-29 13:13 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-04-29 13:30 . 2009-04-29 13:30 108272 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2011-06-16 04:32 . 2011-07-05 16:33 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-07 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-07 1838592]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-09-02 210224]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"CertificateRegistration"="aetcrss1.exe" [2009-09-07 204800]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"StartCCC"="c:\program files\ATI 2011\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 11:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 39C1F464D0E08CEC;39C1F464D0E08CEC;c:\program files\Mozilla Firefox\39C1F464D0E08CEC\39C1F464D0E08CEC [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9b2da943107bb;Google Update Service (gupdate1c9b2da943107bb);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 133104]
R3 cxbu0wdm;OMNIKEY 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2010-01-25 115712]
R3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 39640]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2011-04-18 113664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 133104]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2011-04-18 101120]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys [2009-04-02 129304]
R3 vna_ap;Check Point Virtual Network Adapter - Apollo;c:\windows\system32\DRIVERS\vnaap.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-02-20 716272]
S1 MpKslbde91faf;MpKslbde91faf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{590D9CC8-3889-41D3-8D16-344342979B89}\MpKslbde91faf.sys [2011-07-16 28752]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [2007-09-24 566560]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-03 172032]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 NMSCore;Intel(R) NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-06-27 317656]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
S2 QualityManager;Intel(R) Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-06-27 272600]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-03 5313536]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-03 150016]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2008-01-07 5632]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov]
2009-10-09 08:32 81920 ----a-w- c:\windows\System32\aetsprov.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 15:00]
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 15:00]
.
2011-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1496877464-366889928-961639062-1001Core.job
- c:\users\Jojko\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-22 12:15]
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1496877464-366889928-961639062-1001UA.job
- c:\users\Jojko\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-22 12:15]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {{A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - c:\poker\CDPoker\casino.exe
Trusted Zone: vpn.st.sk
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jojko\AppData\Roaming\Mozilla\Firefox\Profiles\hlr6rmp5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-16 13:30
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\39C1F464D0E08CEC]
"ImagePath"="\??\c:\program files\Mozilla Firefox\39C1F464D0E08CEC\39C1F464D0E08CEC"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(656)
c:\windows\system32\aetsprov.dll
.
Completion time: 2011-07-16 13:33:05
ComboFix-quarantined-files.txt 2011-07-16 11:33
ComboFix2.txt 2011-07-16 10:18
ComboFix3.txt 2008-12-10 16:50
.
Pre-Run: 79,240,667,136 bytes free
Post-Run: 79,176,331,264 bytes free
.
- - End Of File - - F6E03B7797184C26180D4FEA577E3840
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.976 [GMT 2:00]
Running from: c:\users\Jojko\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-16 to 2011-07-16 )))))))))))))))))))))))))))))))
.
.
2011-07-16 11:30 . 2011-07-16 11:30 -------- d-----w- c:\users\Jojko\AppData\Local\temp
2011-07-16 11:30 . 2011-07-16 11:30 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2011-07-16 11:30 . 2011-07-16 11:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-16 11:21 . 2011-07-16 11:21 -------- d-----w- C:\32788R22FWJFW
2011-07-16 08:21 . 2011-07-16 08:22 -------- d-----w- C:\rsit
2011-07-16 07:19 . 2011-07-16 07:19 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{590D9CC8-3889-41D3-8D16-344342979B89}\MpKslbde91faf.sys
2011-07-15 22:04 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{590D9CC8-3889-41D3-8D16-344342979B89}\mpengine.dll
2011-07-13 18:32 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 18:32 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 18:32 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-05 16:33 . 2011-06-16 04:32 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-07-05 16:33 . 2011-06-16 04:32 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-07-05 16:33 . 2011-06-16 04:32 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-07-05 16:33 . 2011-06-16 04:32 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-07-05 16:33 . 2011-06-16 04:32 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-07-05 16:33 . 2011-06-16 04:32 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-07-05 16:33 . 2011-06-16 04:32 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-07-05 16:33 . 2011-06-16 04:32 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-07-05 16:33 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-05 16:33 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-05 15:35 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-17 15:10 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-17 15:10 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-17 15:10 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-17 15:07 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-17 15:07 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-17 15:07 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-17 15:07 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-17 15:07 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-17 15:07 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-17 15:07 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-17 15:07 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-17 15:07 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-17 15:06 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 17:52 . 2008-12-07 21:26 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 17:52 . 2008-12-07 21:26 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-07 15:55 . 2010-11-15 08:15 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-24 08:15 . 2011-05-24 08:15 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-22 17:56 . 2011-05-22 17:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-04 02:52 . 2010-06-14 18:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-18 15:34 . 2011-04-18 15:35 113664 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-04-18 15:34 . 2011-04-18 15:35 103168 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-04-18 15:34 . 2011-04-18 15:35 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-04-18 15:34 . 2011-04-18 15:35 101120 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2009-04-29 13:13 . 2009-04-29 13:13 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-04-29 13:30 . 2009-04-29 13:30 108272 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2011-06-16 04:32 . 2011-07-05 16:33 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-07 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-07 1838592]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-09-02 210224]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"CertificateRegistration"="aetcrss1.exe" [2009-09-07 204800]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"StartCCC"="c:\program files\ATI 2011\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 11:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 39C1F464D0E08CEC;39C1F464D0E08CEC;c:\program files\Mozilla Firefox\39C1F464D0E08CEC\39C1F464D0E08CEC [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9b2da943107bb;Google Update Service (gupdate1c9b2da943107bb);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 133104]
R3 cxbu0wdm;OMNIKEY 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2010-01-25 115712]
R3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 39640]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2011-04-18 113664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 133104]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2011-04-18 101120]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys [2009-04-02 129304]
R3 vna_ap;Check Point Virtual Network Adapter - Apollo;c:\windows\system32\DRIVERS\vnaap.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-02-20 716272]
S1 MpKslbde91faf;MpKslbde91faf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{590D9CC8-3889-41D3-8D16-344342979B89}\MpKslbde91faf.sys [2011-07-16 28752]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [2007-09-24 566560]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-03 172032]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 NMSCore;Intel(R) NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-06-27 317656]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
S2 QualityManager;Intel(R) Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-06-27 272600]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-03 5313536]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-03 150016]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2008-01-07 5632]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov]
2009-10-09 08:32 81920 ----a-w- c:\windows\System32\aetsprov.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 15:00]
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 15:00]
.
2011-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1496877464-366889928-961639062-1001Core.job
- c:\users\Jojko\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-22 12:15]
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1496877464-366889928-961639062-1001UA.job
- c:\users\Jojko\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-22 12:15]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {{A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - c:\poker\CDPoker\casino.exe
Trusted Zone: vpn.st.sk
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jojko\AppData\Roaming\Mozilla\Firefox\Profiles\hlr6rmp5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-16 13:30
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\39C1F464D0E08CEC]
"ImagePath"="\??\c:\program files\Mozilla Firefox\39C1F464D0E08CEC\39C1F464D0E08CEC"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(656)
c:\windows\system32\aetsprov.dll
.
Completion time: 2011-07-16 13:33:05
ComboFix-quarantined-files.txt 2011-07-16 11:33
ComboFix2.txt 2011-07-16 10:18
ComboFix3.txt 2008-12-10 16:50
.
Pre-Run: 79,240,667,136 bytes free
Post-Run: 79,176,331,264 bytes free
.
- - End Of File - - F6E03B7797184C26180D4FEA577E3840
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vista po spusteni 5 minut nereaguje
Nový sken vypadá čistý, ten první něco smazal. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?