na kamaratovom PC vypisuje Security shield a pyta registraciu, dakujem
edit\skusal som nastroj na zablokovanie toho programu, ale zablokovalo mi to aj ine vece a teraz nie je mozne spustit napr. prehliadac, odinstalovat SW atd.
Logfile of random's system information tool 1.08 (written by random/random)
Run by Phenom X4 at 2011-12-15 11:05:53
Microsoft® Windows Vista™ Ultimate Service Pack 2
System drive C: has 389 GB (54%) free of 715 GB
Total RAM: 3326 MB (72% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:06:24, on 15. 12. 2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Phenom X4\Desktop\RSIT.exe
C:\Program Files\trend micro\Phenom X4.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SearchCore for Browsers - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\PROGRA~1\SEARCH~1\SEARCH~1\BROWSE~1.DLL
O2 - BHO: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: VDownloader Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WinSys2] C:\Windows\system32\startup.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\SEARCH~1\DATAMN~1.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsGui.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [EPSON SX125 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE /FU "C:\Windows\TEMP\E_SE9C2.tmp" /EF "HKCU"
O4 - HKCU\..\RunOnce: [ewtcjzxv] C:\Users\Phenom X4\AppData\Local\ewtcjzxv.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Users\Phenom X4\AppData\Local\Temp\{524B1FB6-1700-409E-A0A6-3FCC3F750099}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{653C06D6-FB8B-431F-B19B-C07684838AEF}: NameServer = 195.146.128.60,195.146.132.59
O20 - AppInit_DLLs: C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
--
End of file - 9021 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
AC-Pro - C:\Program Files\AutocompletePro\AutocompletePro.dll [2010-07-14 97760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-03-29 266240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
Searchqu Toolbar - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll [2011-09-19 88976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-12-14 342192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB}]
SearchCore for Browsers - C:\PROGRA~1\SEARCH~1\SEARCH~1\BROWSE~1.DLL [2011-09-19 101296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
MediaBar - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll [2011-09-18 87480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
VDownloader Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - VDownloader Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-03-29 266240]
{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - MediaBar - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll [2011-09-18 87480]
{99079a25-328f-4bd4-be04-00955acaa0a7} - Searchqu Toolbar - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll [2011-09-19 88976]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-12-14 342192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"WinSys2"=C:\Windows\system32\startup.exe [2008-07-17 57344]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-05-20 6144000]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2006-06-21 35328]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-17 13580832]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-17 92704]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-09-24 421160]
"EEventManager"=C:\Program Files\Epson Software\Event Manager\EEventManager.exe [2009-12-03 976320]
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2011-05-17 395144]
""= []
"DATAMNGR"=C:\PROGRA~1\SEARCH~1\SEARCH~1\DATAMN~1.EXE [2011-09-19 1698744]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]
"ISTray"=C:\Program Files\PC Tools Security\pctsGui.exe [2010-12-01 1589208]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-19 39408]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-10 216520]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-01-26 15026056]
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]
"EPSON SX125 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE [2009-09-14 200704]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ewtcjzxv"=C:\Users\Phenom X4\AppData\Local\ewtcjzxv.exe [2011-12-14 366080]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\Phenom X4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe
RollerCoaster Tycoon 3 Registration.lnk - C:\Users\Phenom X4\AppData\Local\Temp\{524B1FB6-1700-409E-A0A6-3FCC3F750099}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdAuxService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdCoreService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2011-12-15 11:05:55 ----A---- C:\Windows\ntbtlog.txt
2011-12-15 10:22:43 ----A---- C:\Windows\system32\drivers\pctEFA.sys
2011-12-15 10:22:43 ----A---- C:\Windows\system32\drivers\pctDS.sys
2011-12-15 10:22:42 ----A---- C:\Windows\system32\drivers\pctwfpfilter.sys
2011-12-15 10:22:42 ----A---- C:\Windows\system32\drivers\pctgntdi.sys
2011-12-15 10:22:33 ----A---- C:\Windows\system32\drivers\pctplsg.sys
2011-12-15 10:22:27 ----D---- C:\Users\Phenom X4\AppData\Roaming\PC Tools
2011-12-15 10:22:27 ----D---- C:\ProgramData\PC Tools
2011-12-15 10:22:27 ----D---- C:\Program Files\PC Tools Security
2011-12-15 10:22:27 ----D---- C:\Program Files\Common Files\PC Tools
======List of files/folders modified in the last 1 months======
2011-12-15 11:06:03 ----D---- C:\Program Files\trend micro
2011-12-15 11:05:55 ----D---- C:\Windows
2011-12-15 10:57:29 ----AD---- C:\ProgramData\TEMP
2011-12-15 10:41:59 ----D---- C:\Windows\Temp
2011-12-15 10:40:29 ----D---- C:\Windows\Prefetch
2011-12-15 10:39:18 ----D---- C:\Users\Phenom X4\AppData\Roaming\Skype
2011-12-15 10:22:43 ----D---- C:\Windows\system32\drivers
2011-12-15 10:22:27 ----RD---- C:\Program Files
2011-12-15 10:22:27 ----HD---- C:\ProgramData
2011-12-15 10:22:27 ----D---- C:\Program Files\Common Files
2011-12-15 10:21:46 ----D---- C:\Windows\System32
2011-12-15 10:21:46 ----D---- C:\Windows\inf
2011-12-15 10:21:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-12-14 19:44:37 ----D---- C:\Windows\Debug
2011-12-14 19:42:12 ----SHD---- C:\Windows\Installer
2011-12-14 19:37:30 ----D---- C:\Program Files\Eset
2011-12-14 19:33:31 ----D---- C:\Windows\twain_32
2011-12-14 19:10:01 ----D---- C:\Windows\system32\Tasks
2011-12-13 12:38:20 ----SHD---- C:\System Volume Information
2011-11-30 12:56:09 ----D---- C:\Windows\system32\catroot2
2011-11-29 16:15:33 ----A---- C:\Windows\system32\PnkBstrB.exe
2011-11-19 22:30:46 ----D---- C:\Program Files\Rockstar Games
2011-11-19 22:28:48 ----HD---- C:\Program Files\InstallShield Installation Information
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2008-04-28 14352]
R0 fvevol;BitLocker Drive Encryption Filter Driver; C:\Windows\System32\DRIVERS\fvevol.sys [2009-04-11 143848]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2006-05-16 46080]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-04-23 717296]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2008-12-24 165376]
S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2008-12-24 18048]
S3 an02bddg;an02bddg; C:\Windows\system32\drivers\an02bddg.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-05-20 2143136]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-17 7379872]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-04-29 303616]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-13 135664]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-17 196608]
S2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-01-11 66872]
S2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-12-26 68096]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-13 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-11 182768]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-09-24 820008]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosim o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Re: prosim o kontrolu
Zdravim a pekny den preji 
Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
- Ukoncete vsechny programy
- Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
- Zvolte moznost 2 a potvrte enterem
- Utilita provede svou cinnost a da log - ten sem vlozte
- Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: prosim o kontrolu
program nie je mnozene spustit, je zablokovaná komunikacia a spustanie programov...nedostanem sa ani na Internet atd.
Re: prosim o kontrolu
Prihlaste se do nouzoveho rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti) a zkuste spustit program tam
Pripadne prejmenujte RogueKiller na winlogon
Pripadne prejmenujte RogueKiller na winlogon
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: prosim o kontrolu
nepomohlo - nespustim to
Re: prosim o kontrolu
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
- Pokud ho havet blokuje, pouzijte jeden z nasledujicich
- http://download.bleepingcomputer.com/gr ... plorer.exe nebo http://download.bleepingcomputer.com/gr ... xplore.exe nebo http://download.bleepingcomputer.com/gr ... eRiNiT.exe a nebo http://download.bleepingcomputer.com/gr ... NlOgOn.exe
- Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
- Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
- RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
- Ted nerestartujte PC - prisli byste o ucinek RKillu
Pak zkuste RogueKiller"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: prosim o kontrolu
log, moznost 2
RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User: Phenom X4 [Admin rights]
Mode: Remove -- Date : 12/15/2011 17:26:22
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 6 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{653C06D6-FB8B-431F-B19B-C07684838AEF} : NameServer (195.146.128.60,195.146.132.59) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{653C06D6-FB8B-431F-B19B-C07684838AEF} : NameServer (195.146.128.60,195.146.132.59) -> NOT REMOVED, USE DNSFIX
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
--- User ---
[MBR] b68dcf764aa5d8ae1502aabbca0fc377
[BSP] bc91bb4d7fd73b04d4cd6e98b17c659a : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 750153 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User: Phenom X4 [Admin rights]
Mode: Remove -- Date : 12/15/2011 17:26:22
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 6 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{653C06D6-FB8B-431F-B19B-C07684838AEF} : NameServer (195.146.128.60,195.146.132.59) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{653C06D6-FB8B-431F-B19B-C07684838AEF} : NameServer (195.146.128.60,195.146.132.59) -> NOT REMOVED, USE DNSFIX
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
--- User ---
[MBR] b68dcf764aa5d8ae1502aabbca0fc377
[BSP] bc91bb4d7fd73b04d4cd6e98b17c659a : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 750153 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
Re: prosim o kontrolu
log, moznost 3
RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User: Phenom X4 [Admin rights]
Mode: HOSTSFix -- Date : 12/15/2011 17:31:09
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User: Phenom X4 [Admin rights]
Mode: HOSTSFix -- Date : 12/15/2011 17:31:09
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Re: prosim o kontrolu
Pokud znate tyhle IP 195.146.128.60,195.146.132.59 tak moznost 4 nedelejte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: prosim o kontrolu
log, moznost 4
RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User: Phenom X4 [Admin rights]
Mode: ProxyFix -- Date : 12/15/2011 17:34:09
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Registry Entries: 0 ¤¤¤
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
RogueKiller V6.2.0 [12/12/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User: Phenom X4 [Admin rights]
Mode: ProxyFix -- Date : 12/15/2011 17:34:09
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Registry Entries: 0 ¤¤¤
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
Re: prosim o kontrolu
Fajn, pujdem dale tedy 
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: prosim o kontrolu
ComboFix 11-12-15.02 - Phenom X4 . 12. 2011 17:44:32.1.4 - x86 NETWORK
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1250.421.1051.18.3326.2640 [GMT 1:00]
Running from: c:\users\Phenom X4\Downloads\ComboFix.exe
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AutocompletePro
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
c:\programdata\9E8
c:\programdata\9E8\{ABB4C5C9-E500-4ED6-A8AA-F623B6E0ADD0}.swf
c:\programdata\Amazon.ico
c:\programdata\Backup.ico
c:\programdata\MercadoLivre.ico
c:\users\Phenom X4\AppData\Local\ewtcjzxv.exe
c:\users\Phenom X4\AppData\Roaming\Desktopicon
c:\users\Phenom X4\AppData\Roaming\Desktopicon\config.ini
c:\windows\system32\Startup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
.
.
2011-12-15 16:50 . 2011-12-15 16:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-15 16:25 . 2011-12-15 16:33 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-12-15 16:06 . 2011-12-15 16:06 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6553D5F5-DCD6-4537-8293-4CB7206859F6}\offreg.dll
2011-12-15 12:16 . 2011-07-11 11:06 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-12-15 12:16 . 2011-07-11 11:02 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-12-15 12:16 . 2011-03-10 08:08 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-12-15 09:22 . 2010-07-16 13:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-12-15 09:22 . 2010-07-16 13:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-12-15 09:22 . 2011-07-11 08:05 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-12-15 09:22 . 2011-07-11 08:05 107352 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-12-15 09:22 . 2011-07-11 08:07 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-12-15 09:22 . 2011-12-15 16:04 -------- d-----w- c:\program files\PC Tools Security
2011-12-15 09:22 . 2011-12-15 12:17 -------- d-----w- c:\program files\Common Files\PC Tools
2011-12-15 09:22 . 2011-12-15 12:05 -------- d-----w- c:\programdata\PC Tools
2011-12-15 09:22 . 2011-12-15 09:22 -------- d-----w- c:\users\Phenom X4\AppData\Roaming\PC Tools
2011-12-13 11:16 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6553D5F5-DCD6-4537-8293-4CB7206859F6}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-29 15:15 . 2008-12-26 17:03 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-11-29 15:15 . 2008-12-26 17:03 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-09-20 21:02 . 2011-11-11 05:41 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-07-22 21:40 . 2010-08-13 15:02 2944904 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
2011-09-18 15:17 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 11:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll" [2011-09-18 87480]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-19 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-07-07 1600984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-26 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\SEARCH~1\SEARCH~1\datamngr.dll c:\progra~1\SEARCH~1\SEARCH~1\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [2011-03-10 233976]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 135664]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Amdidiswins;Amdidiswins; [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-07-11 263888]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-04-23 717296]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
*NewlyCreated* - PXHELP20
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 18:12]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 18:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchqu.com/406
mStart Page = hxxp://home.sweetim.com
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{653C06D6-FB8B-431F-B19B-C07684838AEF}: NameServer = 195.146.128.60,195.146.132.59
FF - ProfilePath - c:\users\Phenom X4\AppData\Roaming\Mozilla\Firefox\Profiles\pmst7fui.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/resul ... EF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/resul ... 8558C1}&q=
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: Fast Browser Search (My Tattoons): {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} - %profile%\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
FF - Ext: AutocompletePro - Your handy search suggestions tool: support@predictad.com - %profile%\extensions\support@predictad.com
FF - Ext: VDownloader Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - %profile%\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
FF - Ext: SearchquToolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - %profile%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-10 - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-WinSys2 - c:\windows\system32\startup.exe
AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-15 17:50
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1733410857-608841433-3609090488-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:25,53,ee,5a,51,93,83,5b,7f,38,a1,61,ff,44,bd,3a,65,aa,a5,0c,41,54,70,
12,db,20,23,02,fa,42,d1,10,98,c0,61,07,8e,14,78,22,db,ae,5d,cc,e1,82,56,67,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-1733410857-608841433-3609090488-1000\Software\SecuROM\License information*]
"datasecu"=hex:d1,ed,1a,57,a7,be,8c,5e,a2,1f,2c,8d,89,e0,5c,02,c4,d8,b9,2d,6b,
ae,2a,1e,3f,2a,da,d6,e7,db,35,76,09,ce,52,0b,d1,0b,2b,b7,88,5d,70,58,bd,54,\
"rkeysecu"=hex:c7,62,00,04,ce,a0,87,ed,db,64,bc,09,97,40,3c,90
.
Completion time: 2011-12-15 17:53:42
ComboFix-quarantined-files.txt 2011-12-15 16:53
.
Pre-Run: 429 676 064 768 bytes free
Post-Run: 429 643 816 960 bytes free
.
- - End Of File - - 5EB015BE89BF9CC6C74CC49858FEF1D3
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1250.421.1051.18.3326.2640 [GMT 1:00]
Running from: c:\users\Phenom X4\Downloads\ComboFix.exe
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AutocompletePro
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
c:\programdata\9E8
c:\programdata\9E8\{ABB4C5C9-E500-4ED6-A8AA-F623B6E0ADD0}.swf
c:\programdata\Amazon.ico
c:\programdata\Backup.ico
c:\programdata\MercadoLivre.ico
c:\users\Phenom X4\AppData\Local\ewtcjzxv.exe
c:\users\Phenom X4\AppData\Roaming\Desktopicon
c:\users\Phenom X4\AppData\Roaming\Desktopicon\config.ini
c:\windows\system32\Startup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
.
.
2011-12-15 16:50 . 2011-12-15 16:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-15 16:25 . 2011-12-15 16:33 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-12-15 16:06 . 2011-12-15 16:06 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6553D5F5-DCD6-4537-8293-4CB7206859F6}\offreg.dll
2011-12-15 12:16 . 2011-07-11 11:06 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-12-15 12:16 . 2011-07-11 11:02 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-12-15 12:16 . 2011-03-10 08:08 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-12-15 09:22 . 2010-07-16 13:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-12-15 09:22 . 2010-07-16 13:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-12-15 09:22 . 2011-07-11 08:05 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-12-15 09:22 . 2011-07-11 08:05 107352 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-12-15 09:22 . 2011-07-11 08:07 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-12-15 09:22 . 2011-12-15 16:04 -------- d-----w- c:\program files\PC Tools Security
2011-12-15 09:22 . 2011-12-15 12:17 -------- d-----w- c:\program files\Common Files\PC Tools
2011-12-15 09:22 . 2011-12-15 12:05 -------- d-----w- c:\programdata\PC Tools
2011-12-15 09:22 . 2011-12-15 09:22 -------- d-----w- c:\users\Phenom X4\AppData\Roaming\PC Tools
2011-12-13 11:16 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6553D5F5-DCD6-4537-8293-4CB7206859F6}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-29 15:15 . 2008-12-26 17:03 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-11-29 15:15 . 2008-12-26 17:03 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-09-20 21:02 . 2011-11-11 05:41 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-07-22 21:40 . 2010-08-13 15:02 2944904 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
2011-09-18 15:17 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 11:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll" [2011-09-18 87480]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-19 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-07-07 1600984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-26 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\SEARCH~1\SEARCH~1\datamngr.dll c:\progra~1\SEARCH~1\SEARCH~1\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [2011-03-10 233976]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 135664]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Amdidiswins;Amdidiswins; [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-07-11 263888]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-04-23 717296]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
*NewlyCreated* - PXHELP20
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 18:12]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 18:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchqu.com/406
mStart Page = hxxp://home.sweetim.com
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{653C06D6-FB8B-431F-B19B-C07684838AEF}: NameServer = 195.146.128.60,195.146.132.59
FF - ProfilePath - c:\users\Phenom X4\AppData\Roaming\Mozilla\Firefox\Profiles\pmst7fui.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/resul ... EF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/resul ... 8558C1}&q=
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: Fast Browser Search (My Tattoons): {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} - %profile%\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
FF - Ext: AutocompletePro - Your handy search suggestions tool: support@predictad.com - %profile%\extensions\support@predictad.com
FF - Ext: VDownloader Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - %profile%\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
FF - Ext: SearchquToolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - %profile%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-10 - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-WinSys2 - c:\windows\system32\startup.exe
AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-15 17:50
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1733410857-608841433-3609090488-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:25,53,ee,5a,51,93,83,5b,7f,38,a1,61,ff,44,bd,3a,65,aa,a5,0c,41,54,70,
12,db,20,23,02,fa,42,d1,10,98,c0,61,07,8e,14,78,22,db,ae,5d,cc,e1,82,56,67,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-1733410857-608841433-3609090488-1000\Software\SecuROM\License information*]
"datasecu"=hex:d1,ed,1a,57,a7,be,8c,5e,a2,1f,2c,8d,89,e0,5c,02,c4,d8,b9,2d,6b,
ae,2a,1e,3f,2a,da,d6,e7,db,35,76,09,ce,52,0b,d1,0b,2b,b7,88,5d,70,58,bd,54,\
"rkeysecu"=hex:c7,62,00,04,ce,a0,87,ed,db,64,bc,09,97,40,3c,90
.
Completion time: 2011-12-15 17:53:42
ComboFix-quarantined-files.txt 2011-12-15 16:53
.
Pre-Run: 429 676 064 768 bytes free
Post-Run: 429 643 816 960 bytes free
.
- - End Of File - - 5EB015BE89BF9CC6C74CC49858FEF1D3
Re: prosim o kontrolu
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: Folder:: c:\program files\Ask.com c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar Registry:: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"=- [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"=- "{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"=- [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"=- [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=- "swg"=- "DAEMON Tools Lite"=- "WMPNSCFG"=- "Skype"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"=- "WinampAgent"=- "Adobe Reader Speed Launcher"=- "QuickTime Task"=- "iTunesHelper"=- "ApnUpdater"=- "Malwarebytes' Anti-Malware (reboot)"=- [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"="" Driver:: gupdate gupdatem Amdidiswins File:: c:\windows\Tasks\GoogleUpdateTaskMachineCore.job c:\windows\Tasks\GoogleUpdateTaskMachineUA.job DDS:: uStart Page = hxxp://www.searchqu.com/406 mStart Page = hxxp://home.sweetim.com Firefox:: FF - ProfilePath - c:\users\Phenom X4\AppData\Roaming\Mozilla\Firefox\Profiles\pmst7fui.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/result ... EF&v=19&q= FF - prefs.js: browser.search.selectedEngine - Fast Browser Search FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/result ... &v=19&tid={15AE9953-BDEC-3167-EAEC-1FCAB48558C1}&q= FF - prefs.js: network.proxy.type - 2 FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} FF - Ext: Fast Browser Search (My Tattoons): {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} - %profile%\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} FF - Ext: VDownloader Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com FF - Ext: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - %profile%\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} FF - Ext: SearchquToolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - %profile%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} RegNull:: [HKEY_USERS\S-1-5-21-1733410857-608841433-3609090488-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] [HKEY_USERS\S-1-5-21-1733410857-608841433-3609090488-1000\Software\SecuROM\License information*] Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: prosim o kontrolu
ComboFix 11-12-19.01 - Phenom X4 . 12. 2011 18:42:14.1.4 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1250.421.1051.18.3326.1684 [GMT 1:00]
Running from: c:\users\Phenom X4\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))))
.
.
2011-12-19 17:47 . 2011-12-19 17:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-19 17:36 . 2011-12-19 17:36 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E2A726C-1DE5-4529-B0AB-224A0430B193}\offreg.dll
2011-12-19 17:36 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E2A726C-1DE5-4529-B0AB-224A0430B193}\mpengine.dll
2011-12-15 18:03 . 2011-12-15 18:03 -------- d-----w- c:\program files\ESET
2011-12-15 16:25 . 2011-12-15 16:33 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-12-15 09:22 . 2011-12-15 18:17 -------- d-----w- c:\program files\PC Tools Security
2011-12-15 09:22 . 2011-12-15 18:17 -------- d-----w- c:\program files\Common Files\PC Tools
2011-12-15 09:22 . 2011-12-15 12:05 -------- d-----w- c:\programdata\PC Tools
2011-12-15 09:22 . 2011-12-15 09:22 -------- d-----w- c:\users\Phenom X4\AppData\Roaming\PC Tools
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-29 15:15 . 2008-12-26 17:03 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-11-29 15:15 . 2008-12-26 17:03 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-09-20 21:02 . 2011-11-11 05:41 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-07-22 21:40 . 2010-08-13 15:02 2944904 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
2011-09-18 15:17 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 11:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll" [2011-09-18 87480]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-26 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\SEARCH~1\SEARCH~1\datamngr.dll c:\progra~1\SEARCH~1\SEARCH~1\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 135664]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Amdidiswins;Amdidiswins; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-04-23 717296]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 103112]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 18:12]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 18:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchqu.com/406
mStart Page = hxxp://home.sweetim.com
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{653C06D6-FB8B-431F-B19B-C07684838AEF}: NameServer = 195.146.128.60,195.146.132.59
FF - ProfilePath - c:\users\Phenom X4\AppData\Roaming\Mozilla\Firefox\Profiles\pmst7fui.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/resul ... EF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/resul ... 8558C1}&q=
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: Fast Browser Search (My Tattoons): {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} - %profile%\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
FF - Ext: AutocompletePro - Your handy search suggestions tool: support@predictad.com - %profile%\extensions\support@predictad.com
FF - Ext: VDownloader Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - %profile%\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
FF - Ext: SearchquToolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - %profile%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-19 18:48
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1733410857-608841433-3609090488-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:25,53,ee,5a,51,93,83,5b,7f,38,a1,61,ff,44,bd,3a,65,aa,a5,0c,41,54,70,
12,db,20,23,02,fa,42,d1,10,98,c0,61,07,8e,14,78,22,db,ae,5d,cc,e1,82,56,67,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-1733410857-608841433-3609090488-1000\Software\SecuROM\License information*]
"datasecu"=hex:d1,ed,1a,57,a7,be,8c,5e,a2,1f,2c,8d,89,e0,5c,02,c4,d8,b9,2d,6b,
ae,2a,1e,3f,2a,da,d6,e7,db,35,76,09,ce,52,0b,d1,0b,2b,b7,88,5d,70,58,bd,54,\
"rkeysecu"=hex:c7,62,00,04,ce,a0,87,ed,db,64,bc,09,97,40,3c,90
.
Completion time: 2011-12-19 18:49:46
ComboFix-quarantined-files.txt 2011-12-19 17:49
ComboFix2.txt 2011-12-15 16:53
.
Pre-Run: 425 749 463 040 bytes free
Post-Run: 425 724 272 640 bytes free
.
- - End Of File - - F333EEF59413548CC4BF011777967DC5
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1250.421.1051.18.3326.1684 [GMT 1:00]
Running from: c:\users\Phenom X4\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))))
.
.
2011-12-19 17:47 . 2011-12-19 17:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-19 17:36 . 2011-12-19 17:36 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E2A726C-1DE5-4529-B0AB-224A0430B193}\offreg.dll
2011-12-19 17:36 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E2A726C-1DE5-4529-B0AB-224A0430B193}\mpengine.dll
2011-12-15 18:03 . 2011-12-15 18:03 -------- d-----w- c:\program files\ESET
2011-12-15 16:25 . 2011-12-15 16:33 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-12-15 09:22 . 2011-12-15 18:17 -------- d-----w- c:\program files\PC Tools Security
2011-12-15 09:22 . 2011-12-15 18:17 -------- d-----w- c:\program files\Common Files\PC Tools
2011-12-15 09:22 . 2011-12-15 12:05 -------- d-----w- c:\programdata\PC Tools
2011-12-15 09:22 . 2011-12-15 09:22 -------- d-----w- c:\users\Phenom X4\AppData\Roaming\PC Tools
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-29 15:15 . 2008-12-26 17:03 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-11-29 15:15 . 2008-12-26 17:03 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-09-20 21:02 . 2011-11-11 05:41 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-07-22 21:40 . 2010-08-13 15:02 2944904 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
2011-09-18 15:17 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 11:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll" [2011-09-18 87480]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-26 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\SEARCH~1\SEARCH~1\datamngr.dll c:\progra~1\SEARCH~1\SEARCH~1\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 135664]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Amdidiswins;Amdidiswins; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-04-23 717296]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 103112]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 18:12]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 18:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchqu.com/406
mStart Page = hxxp://home.sweetim.com
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{653C06D6-FB8B-431F-B19B-C07684838AEF}: NameServer = 195.146.128.60,195.146.132.59
FF - ProfilePath - c:\users\Phenom X4\AppData\Roaming\Mozilla\Firefox\Profiles\pmst7fui.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/resul ... EF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/resul ... 8558C1}&q=
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: Fast Browser Search (My Tattoons): {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} - %profile%\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
FF - Ext: AutocompletePro - Your handy search suggestions tool: support@predictad.com - %profile%\extensions\support@predictad.com
FF - Ext: VDownloader Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - %profile%\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
FF - Ext: SearchquToolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - %profile%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-19 18:48
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1733410857-608841433-3609090488-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:25,53,ee,5a,51,93,83,5b,7f,38,a1,61,ff,44,bd,3a,65,aa,a5,0c,41,54,70,
12,db,20,23,02,fa,42,d1,10,98,c0,61,07,8e,14,78,22,db,ae,5d,cc,e1,82,56,67,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-1733410857-608841433-3609090488-1000\Software\SecuROM\License information*]
"datasecu"=hex:d1,ed,1a,57,a7,be,8c,5e,a2,1f,2c,8d,89,e0,5c,02,c4,d8,b9,2d,6b,
ae,2a,1e,3f,2a,da,d6,e7,db,35,76,09,ce,52,0b,d1,0b,2b,b7,88,5d,70,58,bd,54,\
"rkeysecu"=hex:c7,62,00,04,ce,a0,87,ed,db,64,bc,09,97,40,3c,90
.
Completion time: 2011-12-19 18:49:46
ComboFix-quarantined-files.txt 2011-12-19 17:49
ComboFix2.txt 2011-12-15 16:53
.
Pre-Run: 425 749 463 040 bytes free
Post-Run: 425 724 272 640 bytes free
.
- - End Of File - - F333EEF59413548CC4BF011777967DC5
Re: prosim o kontrolu
A jeje, CFku vadi mezera v nazvu uctu, takze jinak 
ComboFix presunte primo na disk c:\ aby nebyl v zadne slozce
Primo na disku c:\ vytvorte znovu skript jak jste jiz delal a stejnym zpusobem jej i aplikujte
Na vysledny log si opet pockam
ComboFix presunte primo na disk c:\ aby nebyl v zadne slozce
Primo na disku c:\ vytvorte znovu skript jak jste jiz delal a stejnym zpusobem jej i aplikujte
Na vysledny log si opet pockam
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?