Ahoj. Kamosuv notebook nereaguje na spusteni instalacnich exe souboru. Urcite tam ma nejakej rootkit nebo neco. Pomuzete? Budu u nej do zitrejsiho rana. Tady je log
Logfile of random's system information tool 1.09 (written by random/random)
Run by gfgfhg at 2012-03-17 19:19:20
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 55 GB (75%) free of 73 GB
Total RAM: 1014 MB (26% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:19:44, on 17/03/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\T-Mobile\web'n'walk Manager\WTGU.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\gfgfhg\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\gfgfhg.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com/?l=dis&o=16148
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.alot.com/web?q=&pr=auto&c ... .15000.521
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: ALOT Toolbar Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [EKAIO2StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe
O4 - HKLM\..\Run: [RegWork] C:\Program Files\RegWork\RegWork.exe
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WTGU.lnk = C:\Program Files\T-Mobile\web'n'walk Manager\WTGU.exe
O8 - Extra context menu item: &Search - ?s=100000343&p=ZKxdm194YYGB&si=161436&a=DWiWr_tJ1.BKowS3hE6nuA&n=2010052317
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4287716718
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate1c9d6427381cfb3) (gupdate1c9d6427381cfb3) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
--
End of file - 11408 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\BackupDutyLite.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for gfgfhg.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3700328013-1377106912-839385171-1005.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3700328013-1377106912-839385171-1005.job
C:\WINDOWS\tasks\Regwork.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{A077D04B-81C9-41D2-9D1B-59ABE5967100}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}]
ALOT Toolbar Helper - C:\Program Files\alot\bin\BHO\alotBHO.dll [2010-09-28 817576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
PriceGongBHO Class - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll [2010-03-28 353656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-06-02 386264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-03-07 1003704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-17 192112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-14 3843232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [2012-01-17 1003576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - ALOT Toolbar - C:\Program Files\alot\bin\alot.dll [2010-09-28 817576]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-17 192112]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-03-07 1003704]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0\bin\jusched.exe [2008-10-06 36972]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-08-26 16851456]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
""= []
"EDS"=C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe [2007-12-21 659456]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-28 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-28 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-28 137752]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-28 1044480]
"DMHotKey"=C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe [2006-12-27 466944]
"BatteryManager"=C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe [2007-10-31 2768896]
"MagicKeyboard"=C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe [2006-05-15 151552]
"DataCardMonitor"=C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe [2009-03-18 253952]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2012-03-07 4241512]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"TkBellExe"=C:\program files\real\realplayer\update\realsched.exe [2011-06-02 273544]
"EKAIO2StatusMonitor"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe [2011-12-11 2756608]
"RegWork"=C:\Program Files\RegWork\RegWork.exe []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2012-01-03 1391272]
"Conime"=C:\WINDOWS\system32\conime.exe [2008-04-14 27648]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-26 39408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
WTGU.lnk - C:\Program Files\T-Mobile\web'n'walk Manager\WTGU.exe
C:\Documents and Settings\gfgfhg\Start Menu\Programs\Startup
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2012-03-17 19:19:23 ----D---- C:\Program Files\trend micro
2012-03-17 19:19:20 ----D---- C:\rsit
2012-03-17 17:21:31 ----ASH---- C:\hiberfil.sys
2012-03-17 17:15:12 ----A---- C:\WINDOWS\ntbtlog.txt
2012-03-17 14:06:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2641653$
2012-03-17 14:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2621440$
2012-03-17 13:59:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2647518$
2012-03-04 10:36:04 ----A---- C:\WINDOWS\aio_install.exe
2012-03-04 09:27:39 ----D---- C:\Program Files\Ask.com
2012-03-04 09:27:37 ----D---- C:\Documents and Settings\All Users\Application Data\RegWork
2012-03-04 09:27:18 ----D---- C:\Program Files\BackUpDutyLite
2012-03-04 09:27:08 ----D---- C:\Program Files\RegWork
2012-03-04 09:15:18 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys
2012-03-04 09:14:34 ----D---- C:\Documents and Settings\All Users\Application Data\Kodak
2012-03-04 09:14:27 ----D---- C:\WINDOWS\system32\kodak
======List of files/folders modified in the last 1 month======
2012-03-17 19:19:23 ----RD---- C:\Program Files
2012-03-17 19:04:42 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2012-03-17 18:52:22 ----D---- C:\WINDOWS\Temp
2012-03-17 18:47:54 ----D---- C:\WINDOWS
2012-03-17 18:32:26 ----SD---- C:\WINDOWS\Tasks
2012-03-17 18:12:28 ----D---- C:\Documents and Settings\gfgfhg\Application Data\PriceGong
2012-03-17 17:52:03 ----D---- C:\Program Files\Spybot - Search & Destroy
2012-03-17 17:40:40 ----HD---- C:\WINDOWS\inf
2012-03-17 17:40:29 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-17 17:38:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-03-17 17:37:22 ----D---- C:\WINDOWS\system32
2012-03-17 17:17:09 ----D---- C:\Documents and Settings
2012-03-17 17:13:32 ----D---- C:\Documents and Settings\gfgfhg\Application Data\SoftGrid Client
2012-03-17 17:01:51 ----D---- C:\WINDOWS\Prefetch
2012-03-17 14:47:09 ----SHD---- C:\WINDOWS\Installer
2012-03-17 14:06:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-03-17 14:05:42 ----HD---- C:\WINDOWS\$hf_mig$
2012-03-17 14:00:37 ----A---- C:\WINDOWS\system32\MRT.exe
2012-03-17 14:00:28 ----A---- C:\WINDOWS\imsins.BAK
2012-03-17 14:00:25 ----D---- C:\WINDOWS\system32\drivers
2012-03-07 00:15:14 ----A---- C:\WINDOWS\system32\aswBoot.exe
2012-03-06 15:44:36 ----D---- C:\Documents and Settings\gfgfhg\Application Data\Skype
2012-03-04 10:15:34 ----SD---- C:\Documents and Settings\gfgfhg\Application Data\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-03-06 24920]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2012-03-07 35672]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-03-07 612184]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-03-07 337880]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-03-07 53848]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 RapportBuka;RapportBuka; \??\C:\WINDOWS\system32\drivers\RapportBuka.sys []
R1 RapportCerberus_34302;RapportCerberus_34302; \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys []
R1 RapportEI;RapportEI; \??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys []
R1 RapportPG;RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys []
R1 tcpipBM;Bytemobile Kernel Network Provider; C:\WINDOWS\system32\drivers\tcpipBM.sys [2008-02-11 18816]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-03-07 20696]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-03-07 95704]
R2 DOSMEMIO;MEMIO; \??\C:\WINDOWS\system32\MEMIO.SYS []
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-08-30 1318784]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-23 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-03-31 876384]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-23 67960]
R3 DNSeFilter;DNSeFilter; C:\WINDOWS\system32\drivers\SamsungEDS.sys [2008-01-15 30208]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-26 4753920]
R3 RapportIaso;RapportIaso; \??\c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys []
R3 Sftfs;Sftfs; C:\WINDOWS\system32\DRIVERS\Sftfsxp.sys [2011-10-01 584680]
R3 Sftplay;Sftplay; C:\WINDOWS\system32\DRIVERS\Sftplayxp.sys [2011-10-01 209512]
R3 Sftredir;Sftredir; C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys [2011-10-01 20584]
R3 Sftvol;Sftvol; C:\WINDOWS\system32\DRIVERS\Sftvolxp.sys [2011-10-01 18280]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-08-28 224736]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VMC326;Vimicro Camera Service VMC326; C:\WINDOWS\System32\Drivers\VMC326.sys [2008-09-04 238464]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-06-27 289024]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-05-05 101376]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RapportKELL;RapportKELL; C:\WINDOWS\System32\Drivers\RapportKELL.sys [2011-11-07 56208]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-04-16 22784]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SUEPD;SUE NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\SUE_PD.sys [2006-10-30 19840]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-03-07 44768]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-10-13 935208]
R2 RapportMgmtService;Rapport Management Service; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-07 931640]
R2 sftlist;Application Virtualization Client; C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 SNM WLAN Service;SNM WLAN Service; C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe [2006-10-30 36864]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S2 gupdate1c9d6427381cfb3;Google Update Service (gupdate1c9d6427381cfb3); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-16 133104]
S2 Samsung Update Plus;Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [2008-05-13 77480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-16 133104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-26 182768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosim o kontrolu LOGU
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu LOGU
Zdravím!
Poprosím o log ComboFix.
Poprosím o log ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu LOGU
ComboFix 12-03-17.01 - gfgfhg 17/03/2012 20:23:32.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.503 [GMT 0:00]
Running from: c:\documents and settings\gfgfhg\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\gfgfhg\Application Data\alot
c:\documents and settings\gfgfhg\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\gfgfhg\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\gfgfhg\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\gfgfhg\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\gfgfhg\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\gfgfhg\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\gfgfhg\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\gfgfhg\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\gfgfhg\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\gfgfhg\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\gfgfhg\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\gfgfhg\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\configurator\configurator.xml
c:\documents and settings\gfgfhg\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\gfgfhg\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\ErrorSearch\ErrorSearch.xml
c:\documents and settings\gfgfhg\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\hideToolbarLayout\hideToolbarLayout.xml
c:\documents and settings\gfgfhg\Application Data\alot\hideToolbarLayout\hideToolbarLayout.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\gfgfhg\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\products\products.xml
c:\documents and settings\gfgfhg\Application Data\alot\products\products.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\gfgfhg\Application Data\alot\Resources\BrowserSearch\images\favicon.ico
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_1\images\alot_image_search.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_1\images\alot_image_search.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_1\images\alot_news_search.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_1\images\alot_news_search.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_1\images\alot_shop_search.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_1\images\alot_shop_search.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_1\images\alot_videos_search.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_1\images\alot_videos_search.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_1\images\alot_web_search.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_1\images\alot_web_search.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_2\images\alot_configure.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_2\images\alot_configure.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_3\images\4678_icon.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_3\images\4678_icon.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_4\images\default_2304_default_1379_alot_cas_playgames.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_4\images\default_2304_default_1379_alot_cas_playgames.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_5\images\default_2303_default_1379_alot_cas_playgames.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_5\images\default_2303_default_1379_alot_cas_playgames.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_6\images\default_2305_default_1613_alot_online_games_tetriz.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_6\images\default_2305_default_1613_alot_online_games_tetriz.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_7\images\default_2306_default_2080_frogger_button.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_7\images\default_2306_default_2080_frogger_button.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_8\images\4675_icon.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_8\images\4675_icon.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_9\images\4680_icon.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_9\images\4680_icon.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\contextMenu\images\alot_icon.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Shared\images\discover.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Shared\images\intro_popup.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\gfgfhg\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\gfgfhg\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\toolbar.xml
c:\documents and settings\gfgfhg\Application Data\alot\toolbar.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml
c:\documents and settings\gfgfhg\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\gfgfhg\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\Updater\Updater.xml
c:\documents and settings\gfgfhg\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\gfgfhg\Application Data\PriceGong
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\1.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\a.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\b.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\c.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\d.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\e.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\f.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\g.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\h.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\i.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\J.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\k.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\l.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\m.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\n.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\o.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\p.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\q.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\r.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\s.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\t.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\u.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\v.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\w.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\x.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\y.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\z.xml
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2012-02-17 to 2012-03-17 )))))))))))))))))))))))))))))))
.
.
2012-03-17 19:19 . 2012-03-17 19:19 -------- d-----w- c:\program files\trend micro
2012-03-17 19:19 . 2012-03-17 19:19 -------- d-----w- C:\rsit
2012-03-17 17:17 . 2012-03-17 17:17 -------- d-----w- c:\documents and settings\Administrator
2012-03-04 10:36 . 2012-03-04 10:36 12529488 ----a-w- c:\windows\aio_install.exe
2012-03-04 09:27 . 2012-03-04 09:28 -------- d-----w- c:\program files\Ask.com
2012-03-04 09:27 . 2012-03-04 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\RegWork
2012-03-04 09:27 . 2012-03-06 09:31 -------- d-----w- c:\documents and settings\gfgfhg\Local Settings\Application Data\AskToolbar
2012-03-04 09:27 . 2012-03-04 09:27 -------- d-----w- c:\documents and settings\gfgfhg\Local Settings\Application Data\APN
2012-03-04 09:27 . 2012-03-04 09:27 -------- d-----w- c:\program files\BackUpDutyLite
2012-03-04 09:27 . 2012-03-06 10:56 -------- d-----w- c:\program files\RegWork
2012-03-04 09:15 . 2008-04-14 00:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2012-03-04 09:15 . 2008-04-14 00:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-03-04 09:14 . 2012-03-04 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2012-03-04 09:14 . 2012-03-04 09:14 -------- d-----w- c:\windows\system32\kodak
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:22 . 2008-10-06 16:35 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-14 20:49 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2008-10-06 21:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 16:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2008-10-06 36972]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-21 659456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2007-10-31 2768896]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]
"DataCardMonitor"="c:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe" [2009-03-18 253952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-02 273544]
"EKAIO2StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe" [2011-12-11 2756608]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\gfgfhg\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
WTGU.lnk - c:\program files\T-Mobile\web'n'walk Manager\WTGU.exe [2009-3-18 857544]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [28/02/2010 12:49 390528]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [15/12/2011 17:48 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [07/11/2011 21:28 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/11/2011 21:28 164112]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [04/01/2012 14:22 822624]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [06/10/2008 21:45 4300]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/11/2011 21:28 931640]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [01/10/2011 08:30 508776]
R2 SNM WLAN Service;SNM WLAN Service;c:\program files\Samsung\Samsung Network Manager\SNMWLANService.exe [30/10/2006 21:29 36864]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [15/01/2008 02:01 30208]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [07/08/2011 13:02 21520]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 21:23 584680]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 21:23 209512]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 21:23 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 21:23 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [01/10/2011 08:30 219496]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [06/10/2008 21:49 238464]
S2 gupdate1c9d6427381cfb3;Google Update Service (gupdate1c9d6427381cfb3);c:\program files\Google\Update\GoogleUpdate.exe [16/05/2009 16:22 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [16/05/2009 16:22 133104]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 20:37 4640000]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [07/11/2011 21:28 56208]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [30/10/2006 21:29 19840]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-04 c:\windows\Tasks\BackupDutyLite.job
- c:\program files\BackUpDutyLite\BackUpDutyLite.exe [2012-01-04 16:53]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-16 16:21]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-16 16:21]
.
2012-03-16 c:\windows\Tasks\Norton Security Scan for gfgfhg.job
- c:\progra~1\NORTON~2\Engine\312~1.9\Nss.exe [2011-06-02 07:42]
.
2012-03-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3700328013-1377106912-839385171-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2012-03-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3700328013-1377106912-839385171-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2012-03-17 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 16:31]
.
2012-03-17 c:\windows\Tasks\User_Feed_Synchronization-{A077D04B-81C9-41D2-9D1B-59ABE5967100}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.ask.com/?l=dis&o=16148
uSearchMigratedDefaultUrl = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKxdm194YYGB&ptb=DWiWr_tJ1.BKowS3hE6nuA&psa=&ind=2010052317&ptnrS=ZKxdm194YYGB&si=161436&st=sb&n=77cef6dd&searchfor={searchTerms}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=71CB063001CB8CD300019332&src_id=11649&camp_id=1500&tb_version=2.5.15000.521
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-RegWork - c:\program files\RegWork\RegWork.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-17 20:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DataCardMonitor = c:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe?rs\CancelAutoplay\CLSID?S\Syste?? ?d?????????=?????j???SOFTWARE\Microsoft\Windows\CurrentVersion\Run?ES ???????????OCUME~1\gfgfhg\LOCALS~1\Temp\DataCardPM32.tmp?el 28 Stepping 2, Genu?? ????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4796)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Java\jre1.5.0\bin\jucheck.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
.
**************************************************************************
.
Completion time: 2012-03-17 20:49:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-17 20:49
.
Pre-Run: 57,361,649,664 bytes free
Post-Run: 60,200,239,104 bytes free
.
- - End Of File - - C38782196879A298F48FBC58947319DE
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.503 [GMT 0:00]
Running from: c:\documents and settings\gfgfhg\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\gfgfhg\Application Data\alot
c:\documents and settings\gfgfhg\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\gfgfhg\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\gfgfhg\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\gfgfhg\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\gfgfhg\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\gfgfhg\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\gfgfhg\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\gfgfhg\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\gfgfhg\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\gfgfhg\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\gfgfhg\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\gfgfhg\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\configurator\configurator.xml
c:\documents and settings\gfgfhg\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\gfgfhg\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\ErrorSearch\ErrorSearch.xml
c:\documents and settings\gfgfhg\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\hideToolbarLayout\hideToolbarLayout.xml
c:\documents and settings\gfgfhg\Application Data\alot\hideToolbarLayout\hideToolbarLayout.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\gfgfhg\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\products\products.xml
c:\documents and settings\gfgfhg\Application Data\alot\products\products.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\gfgfhg\Application Data\alot\Resources\BrowserSearch\images\favicon.ico
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_1\images\alot_image_search.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_1\images\alot_image_search.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_1\images\alot_news_search.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_1\images\alot_news_search.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_1\images\alot_shop_search.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_1\images\alot_shop_search.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_1\images\alot_videos_search.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_1\images\alot_videos_search.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_1\images\alot_web_search.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_1\images\alot_web_search.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_2\images\alot_configure.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_2\images\alot_configure.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_3\images\4678_icon.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_3\images\4678_icon.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_4\images\default_2304_default_1379_alot_cas_playgames.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_4\images\default_2304_default_1379_alot_cas_playgames.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_5\images\default_2303_default_1379_alot_cas_playgames.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_5\images\default_2303_default_1379_alot_cas_playgames.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_6\images\default_2305_default_1613_alot_online_games_tetriz.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_6\images\default_2305_default_1613_alot_online_games_tetriz.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_7\images\default_2306_default_2080_frogger_button.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_7\images\default_2306_default_2080_frogger_button.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_8\images\4675_icon.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_8\images\4675_icon.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_9\images\4680_icon.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Button_9\images\4680_icon.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\contextMenu\images\alot_icon.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Shared\images\discover.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Shared\images\intro_popup.png
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\gfgfhg\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\gfgfhg\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\gfgfhg\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\toolbar.xml
c:\documents and settings\gfgfhg\Application Data\alot\toolbar.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml
c:\documents and settings\gfgfhg\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\gfgfhg\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\documents and settings\gfgfhg\Application Data\alot\Updater\Updater.xml
c:\documents and settings\gfgfhg\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\gfgfhg\Application Data\PriceGong
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\1.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\a.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\b.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\c.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\d.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\e.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\f.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\g.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\h.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\i.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\J.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\k.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\l.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\m.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\n.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\o.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\p.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\q.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\r.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\s.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\t.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\u.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\v.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\w.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\x.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\y.xml
c:\documents and settings\gfgfhg\Application Data\PriceGong\Data\z.xml
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2012-02-17 to 2012-03-17 )))))))))))))))))))))))))))))))
.
.
2012-03-17 19:19 . 2012-03-17 19:19 -------- d-----w- c:\program files\trend micro
2012-03-17 19:19 . 2012-03-17 19:19 -------- d-----w- C:\rsit
2012-03-17 17:17 . 2012-03-17 17:17 -------- d-----w- c:\documents and settings\Administrator
2012-03-04 10:36 . 2012-03-04 10:36 12529488 ----a-w- c:\windows\aio_install.exe
2012-03-04 09:27 . 2012-03-04 09:28 -------- d-----w- c:\program files\Ask.com
2012-03-04 09:27 . 2012-03-04 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\RegWork
2012-03-04 09:27 . 2012-03-06 09:31 -------- d-----w- c:\documents and settings\gfgfhg\Local Settings\Application Data\AskToolbar
2012-03-04 09:27 . 2012-03-04 09:27 -------- d-----w- c:\documents and settings\gfgfhg\Local Settings\Application Data\APN
2012-03-04 09:27 . 2012-03-04 09:27 -------- d-----w- c:\program files\BackUpDutyLite
2012-03-04 09:27 . 2012-03-06 10:56 -------- d-----w- c:\program files\RegWork
2012-03-04 09:15 . 2008-04-14 00:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2012-03-04 09:15 . 2008-04-14 00:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-03-04 09:14 . 2012-03-04 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2012-03-04 09:14 . 2012-03-04 09:14 -------- d-----w- c:\windows\system32\kodak
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:22 . 2008-10-06 16:35 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-14 20:49 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2008-10-06 21:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 16:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2008-10-06 36972]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-21 659456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2007-10-31 2768896]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]
"DataCardMonitor"="c:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe" [2009-03-18 253952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-02 273544]
"EKAIO2StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe" [2011-12-11 2756608]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\gfgfhg\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
WTGU.lnk - c:\program files\T-Mobile\web'n'walk Manager\WTGU.exe [2009-3-18 857544]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [28/02/2010 12:49 390528]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [15/12/2011 17:48 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [07/11/2011 21:28 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/11/2011 21:28 164112]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [04/01/2012 14:22 822624]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [06/10/2008 21:45 4300]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/11/2011 21:28 931640]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [01/10/2011 08:30 508776]
R2 SNM WLAN Service;SNM WLAN Service;c:\program files\Samsung\Samsung Network Manager\SNMWLANService.exe [30/10/2006 21:29 36864]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [15/01/2008 02:01 30208]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [07/08/2011 13:02 21520]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 21:23 584680]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 21:23 209512]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 21:23 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 21:23 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [01/10/2011 08:30 219496]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [06/10/2008 21:49 238464]
S2 gupdate1c9d6427381cfb3;Google Update Service (gupdate1c9d6427381cfb3);c:\program files\Google\Update\GoogleUpdate.exe [16/05/2009 16:22 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [16/05/2009 16:22 133104]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 20:37 4640000]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [07/11/2011 21:28 56208]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [30/10/2006 21:29 19840]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-04 c:\windows\Tasks\BackupDutyLite.job
- c:\program files\BackUpDutyLite\BackUpDutyLite.exe [2012-01-04 16:53]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-16 16:21]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-16 16:21]
.
2012-03-16 c:\windows\Tasks\Norton Security Scan for gfgfhg.job
- c:\progra~1\NORTON~2\Engine\312~1.9\Nss.exe [2011-06-02 07:42]
.
2012-03-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3700328013-1377106912-839385171-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2012-03-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3700328013-1377106912-839385171-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2012-03-17 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 16:31]
.
2012-03-17 c:\windows\Tasks\User_Feed_Synchronization-{A077D04B-81C9-41D2-9D1B-59ABE5967100}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.ask.com/?l=dis&o=16148
uSearchMigratedDefaultUrl = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKxdm194YYGB&ptb=DWiWr_tJ1.BKowS3hE6nuA&psa=&ind=2010052317&ptnrS=ZKxdm194YYGB&si=161436&st=sb&n=77cef6dd&searchfor={searchTerms}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=71CB063001CB8CD300019332&src_id=11649&camp_id=1500&tb_version=2.5.15000.521
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-RegWork - c:\program files\RegWork\RegWork.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-17 20:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DataCardMonitor = c:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe?rs\CancelAutoplay\CLSID?S\Syste?? ?d?????????=?????j???SOFTWARE\Microsoft\Windows\CurrentVersion\Run?ES ???????????OCUME~1\gfgfhg\LOCALS~1\Temp\DataCardPM32.tmp?el 28 Stepping 2, Genu?? ????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4796)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Java\jre1.5.0\bin\jucheck.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
.
**************************************************************************
.
Completion time: 2012-03-17 20:49:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-17 20:49
.
Pre-Run: 57,361,649,664 bytes free
Post-Run: 60,200,239,104 bytes free
.
- - End Of File - - C38782196879A298F48FBC58947319DE
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu LOGU
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
Folder::
c:\program files\Ask.com
c:\program files\Google\GoogleToolbarNotifier
c:\program files\Google\Update
Collect::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
Driver::
gupdate1c9d6427381cfb3
gupdatem
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu LOGU
diky moc. Bohuzel nektere instalacni exe stazene z netu nejde stale spustit. Resp se spusti a vypnou.
posilam zaverecny log z combofix
ComboFix 12-03-17.01 - gfgfhg 17/03/2012 21:40:55.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.349 [GMT 0:00]
Running from: c:\documents and settings\gfgfhg\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\gfgfhg\Desktop\CFScript.txt
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
file zipped: c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
file zipped: c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
file zipped: c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_5d.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Google\GoogleToolbarNotifier
c:\program files\Google\GoogleToolbarNotifier\5.7.7227.1100\gth.dll
c:\program files\Google\GoogleToolbarNotifier\5.7.7227.1100\gtn.dll
c:\program files\Google\GoogleToolbarNotifier\5.7.7227.1100\Readme.url
c:\program files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program files\Google\GoogleToolbarNotifier\swg-5.1.1309.15642\SearchWithGoogleUpdate.exe
c:\program files\Google\GoogleToolbarNotifier\swg-5.1.1309.3572\SearchWithGoogleUpdate.exe
c:\program files\Google\GoogleToolbarNotifier\swg-5.3.4501.1418\SearchWithGoogleUpdate.exe
c:\program files\Google\GoogleToolbarNotifier\swg-5.4.4525.1752\SearchWithGoogleUpdate.exe
c:\program files\Google\GoogleToolbarNotifier\swg-5.6.5612.1312\SearchWithGoogleUpdate.exe
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.99\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.99\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.99\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.99\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.99\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.99\goopdate.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.99\psmachine.dll
c:\program files\Google\Update\1.3.21.99\psuser.dll
c:\program files\Google\Update\Download\{35C5D526-FF96-45E0-AE20-8128B19001DE}\chrome_updater.exe
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.99\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\17.0.963.79\chrome_updater.exe
c:\program files\Google\Update\Download\{55E20F32-5209-4A5F-AB09-D9954089D1FA}\chrome_updater.exe
c:\program files\Google\Update\Download\{73CCF578-B66D-4345-91E9-E4EBFB05592A}\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe
c:\program files\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.3.2710.138\GoogleToolbarInstaller_updater_signed.exe
c:\program files\Google\Update\GoogleUpdate.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE1C9D6427381CFB3
-------\Service_gupdate1c9d6427381cfb3
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2012-02-17 to 2012-03-17 )))))))))))))))))))))))))))))))
.
.
2012-03-17 21:18 . 2012-03-17 21:18 -------- d-----w- C:\totalcmd
2012-03-17 21:18 . 2012-03-17 21:18 -------- d-----w- c:\documents and settings\gfgfhg\Application Data\GHISLER
2012-03-17 21:18 . 2012-03-09 07:57 545 ----a-w- c:\windows\UC.PIF
2012-03-17 21:18 . 2012-03-09 07:57 545 ----a-w- c:\windows\RAR.PIF
2012-03-17 21:18 . 2012-03-09 07:57 545 ----a-w- c:\windows\PKZIP.PIF
2012-03-17 21:18 . 2012-03-09 07:57 545 ----a-w- c:\windows\PKUNZIP.PIF
2012-03-17 21:18 . 2012-03-09 07:57 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-03-17 21:18 . 2012-03-09 07:57 545 ----a-w- c:\windows\LHA.PIF
2012-03-17 21:18 . 2012-03-09 07:57 545 ----a-w- c:\windows\ARJ.PIF
2012-03-17 19:19 . 2012-03-17 19:19 -------- d-----w- c:\program files\trend micro
2012-03-17 19:19 . 2012-03-17 19:19 -------- d-----w- C:\rsit
2012-03-17 17:17 . 2012-03-17 17:17 -------- d-----w- c:\documents and settings\Administrator
2012-03-04 10:36 . 2012-03-04 10:36 12529488 ----a-w- c:\windows\aio_install.exe
2012-03-04 09:27 . 2012-03-04 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\RegWork
2012-03-04 09:27 . 2012-03-06 09:31 -------- d-----w- c:\documents and settings\gfgfhg\Local Settings\Application Data\AskToolbar
2012-03-04 09:27 . 2012-03-04 09:27 -------- d-----w- c:\documents and settings\gfgfhg\Local Settings\Application Data\APN
2012-03-04 09:27 . 2012-03-04 09:27 -------- d-----w- c:\program files\BackUpDutyLite
2012-03-04 09:27 . 2012-03-06 10:56 -------- d-----w- c:\program files\RegWork
2012-03-04 09:15 . 2008-04-14 00:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2012-03-04 09:15 . 2008-04-14 00:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-03-04 09:14 . 2012-03-04 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2012-03-04 09:14 . 2012-03-04 09:14 -------- d-----w- c:\windows\system32\kodak
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:22 . 2008-10-06 16:35 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-14 20:49 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2008-10-06 21:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-17_20.43.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-17 21:54 . 2012-03-17 21:54 16384 c:\windows\temp\Perflib_Perfdata_f78.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2008-10-06 36972]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-21 659456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2007-10-31 2768896]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]
"DataCardMonitor"="c:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe" [2009-03-18 253952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-02 273544]
"EKAIO2StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe" [2011-12-11 2756608]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\gfgfhg\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
WTGU.lnk - c:\program files\T-Mobile\web'n'walk Manager\WTGU.exe [2009-3-18 857544]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [28/02/2010 12:49 390528]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [15/12/2011 17:48 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [07/11/2011 21:28 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/11/2011 21:28 164112]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [04/01/2012 14:22 822624]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [06/10/2008 21:45 4300]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/11/2011 21:28 931640]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [01/10/2011 08:30 508776]
R2 SNM WLAN Service;SNM WLAN Service;c:\program files\Samsung\Samsung Network Manager\SNMWLANService.exe [30/10/2006 21:29 36864]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [15/01/2008 02:01 30208]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [07/08/2011 13:02 21520]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 21:23 584680]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 21:23 209512]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 21:23 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 21:23 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [01/10/2011 08:30 219496]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [06/10/2008 21:49 238464]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\gfgfhg\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\gfgfhg\LOCALS~1\Temp\CFcatchme.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 20:37 4640000]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [07/11/2011 21:28 56208]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [30/10/2006 21:29 19840]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-04 c:\windows\Tasks\BackupDutyLite.job
- c:\program files\BackUpDutyLite\BackUpDutyLite.exe [2012-01-04 16:53]
.
2012-03-16 c:\windows\Tasks\Norton Security Scan for gfgfhg.job
- c:\progra~1\NORTON~2\Engine\312~1.9\Nss.exe [2011-06-02 07:42]
.
2012-03-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3700328013-1377106912-839385171-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2012-03-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3700328013-1377106912-839385171-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2012-03-17 c:\windows\Tasks\User_Feed_Synchronization-{A077D04B-81C9-41D2-9D1B-59ABE5967100}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.ask.com/?l=dis&o=16148
uSearchMigratedDefaultUrl = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKxdm194YYGB&ptb=DWiWr_tJ1.BKowS3hE6nuA&psa=&ind=2010052317&ptnrS=ZKxdm194YYGB&si=161436&st=sb&n=77cef6dd&searchfor={searchTerms}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=71CB063001CB8CD300019332&src_id=11649&camp_id=1500&tb_version=2.5.15000.521
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-17 21:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DataCardMonitor = c:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe?rs\CancelAutoplay\CLSID?S\Syste?? ?d?????????=?????j???SOFTWARE\Microsoft\Windows\CurrentVersion\Run?ES ???????????OCUME~1\gfgfhg\LOCALS~1\Temp\DataCardPM32.tmp?el 28 Stepping 2, Genu?? ????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(6536)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
.
**************************************************************************
.
Completion time: 2012-03-17 21:58:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-17 21:57
ComboFix2.txt 2012-03-17 20:49
.
Pre-Run: 60,141,481,984 bytes free
Post-Run: 60,067,020,800 bytes free
.
- - End Of File - - B3B5F1CA497453D9A291754A4243C93C
Upload was successful
posilam zaverecny log z combofix
ComboFix 12-03-17.01 - gfgfhg 17/03/2012 21:40:55.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.349 [GMT 0:00]
Running from: c:\documents and settings\gfgfhg\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\gfgfhg\Desktop\CFScript.txt
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
file zipped: c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
file zipped: c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
file zipped: c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_5d.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Google\GoogleToolbarNotifier
c:\program files\Google\GoogleToolbarNotifier\5.7.7227.1100\gth.dll
c:\program files\Google\GoogleToolbarNotifier\5.7.7227.1100\gtn.dll
c:\program files\Google\GoogleToolbarNotifier\5.7.7227.1100\Readme.url
c:\program files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program files\Google\GoogleToolbarNotifier\swg-5.1.1309.15642\SearchWithGoogleUpdate.exe
c:\program files\Google\GoogleToolbarNotifier\swg-5.1.1309.3572\SearchWithGoogleUpdate.exe
c:\program files\Google\GoogleToolbarNotifier\swg-5.3.4501.1418\SearchWithGoogleUpdate.exe
c:\program files\Google\GoogleToolbarNotifier\swg-5.4.4525.1752\SearchWithGoogleUpdate.exe
c:\program files\Google\GoogleToolbarNotifier\swg-5.6.5612.1312\SearchWithGoogleUpdate.exe
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.99\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.99\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.99\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.99\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.99\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.99\goopdate.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.99\psmachine.dll
c:\program files\Google\Update\1.3.21.99\psuser.dll
c:\program files\Google\Update\Download\{35C5D526-FF96-45E0-AE20-8128B19001DE}\chrome_updater.exe
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.99\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\17.0.963.79\chrome_updater.exe
c:\program files\Google\Update\Download\{55E20F32-5209-4A5F-AB09-D9954089D1FA}\chrome_updater.exe
c:\program files\Google\Update\Download\{73CCF578-B66D-4345-91E9-E4EBFB05592A}\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe
c:\program files\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.3.2710.138\GoogleToolbarInstaller_updater_signed.exe
c:\program files\Google\Update\GoogleUpdate.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE1C9D6427381CFB3
-------\Service_gupdate1c9d6427381cfb3
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2012-02-17 to 2012-03-17 )))))))))))))))))))))))))))))))
.
.
2012-03-17 21:18 . 2012-03-17 21:18 -------- d-----w- C:\totalcmd
2012-03-17 21:18 . 2012-03-17 21:18 -------- d-----w- c:\documents and settings\gfgfhg\Application Data\GHISLER
2012-03-17 21:18 . 2012-03-09 07:57 545 ----a-w- c:\windows\UC.PIF
2012-03-17 21:18 . 2012-03-09 07:57 545 ----a-w- c:\windows\RAR.PIF
2012-03-17 21:18 . 2012-03-09 07:57 545 ----a-w- c:\windows\PKZIP.PIF
2012-03-17 21:18 . 2012-03-09 07:57 545 ----a-w- c:\windows\PKUNZIP.PIF
2012-03-17 21:18 . 2012-03-09 07:57 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-03-17 21:18 . 2012-03-09 07:57 545 ----a-w- c:\windows\LHA.PIF
2012-03-17 21:18 . 2012-03-09 07:57 545 ----a-w- c:\windows\ARJ.PIF
2012-03-17 19:19 . 2012-03-17 19:19 -------- d-----w- c:\program files\trend micro
2012-03-17 19:19 . 2012-03-17 19:19 -------- d-----w- C:\rsit
2012-03-17 17:17 . 2012-03-17 17:17 -------- d-----w- c:\documents and settings\Administrator
2012-03-04 10:36 . 2012-03-04 10:36 12529488 ----a-w- c:\windows\aio_install.exe
2012-03-04 09:27 . 2012-03-04 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\RegWork
2012-03-04 09:27 . 2012-03-06 09:31 -------- d-----w- c:\documents and settings\gfgfhg\Local Settings\Application Data\AskToolbar
2012-03-04 09:27 . 2012-03-04 09:27 -------- d-----w- c:\documents and settings\gfgfhg\Local Settings\Application Data\APN
2012-03-04 09:27 . 2012-03-04 09:27 -------- d-----w- c:\program files\BackUpDutyLite
2012-03-04 09:27 . 2012-03-06 10:56 -------- d-----w- c:\program files\RegWork
2012-03-04 09:15 . 2008-04-14 00:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2012-03-04 09:15 . 2008-04-14 00:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-03-04 09:14 . 2012-03-04 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2012-03-04 09:14 . 2012-03-04 09:14 -------- d-----w- c:\windows\system32\kodak
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:22 . 2008-10-06 16:35 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-14 20:49 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2008-10-06 21:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-17_20.43.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-17 21:54 . 2012-03-17 21:54 16384 c:\windows\temp\Perflib_Perfdata_f78.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2008-10-06 36972]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-21 659456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2007-10-31 2768896]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]
"DataCardMonitor"="c:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe" [2009-03-18 253952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-02 273544]
"EKAIO2StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe" [2011-12-11 2756608]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\gfgfhg\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
WTGU.lnk - c:\program files\T-Mobile\web'n'walk Manager\WTGU.exe [2009-3-18 857544]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [28/02/2010 12:49 390528]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [15/12/2011 17:48 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [07/11/2011 21:28 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/11/2011 21:28 164112]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [04/01/2012 14:22 822624]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [06/10/2008 21:45 4300]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/11/2011 21:28 931640]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [01/10/2011 08:30 508776]
R2 SNM WLAN Service;SNM WLAN Service;c:\program files\Samsung\Samsung Network Manager\SNMWLANService.exe [30/10/2006 21:29 36864]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [15/01/2008 02:01 30208]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [07/08/2011 13:02 21520]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 21:23 584680]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 21:23 209512]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 21:23 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 21:23 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [01/10/2011 08:30 219496]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [06/10/2008 21:49 238464]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\gfgfhg\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\gfgfhg\LOCALS~1\Temp\CFcatchme.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 20:37 4640000]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [07/11/2011 21:28 56208]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [30/10/2006 21:29 19840]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-04 c:\windows\Tasks\BackupDutyLite.job
- c:\program files\BackUpDutyLite\BackUpDutyLite.exe [2012-01-04 16:53]
.
2012-03-16 c:\windows\Tasks\Norton Security Scan for gfgfhg.job
- c:\progra~1\NORTON~2\Engine\312~1.9\Nss.exe [2011-06-02 07:42]
.
2012-03-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3700328013-1377106912-839385171-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2012-03-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3700328013-1377106912-839385171-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2012-03-17 c:\windows\Tasks\User_Feed_Synchronization-{A077D04B-81C9-41D2-9D1B-59ABE5967100}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.ask.com/?l=dis&o=16148
uSearchMigratedDefaultUrl = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKxdm194YYGB&ptb=DWiWr_tJ1.BKowS3hE6nuA&psa=&ind=2010052317&ptnrS=ZKxdm194YYGB&si=161436&st=sb&n=77cef6dd&searchfor={searchTerms}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=71CB063001CB8CD300019332&src_id=11649&camp_id=1500&tb_version=2.5.15000.521
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-17 21:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DataCardMonitor = c:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe?rs\CancelAutoplay\CLSID?S\Syste?? ?d?????????=?????j???SOFTWARE\Microsoft\Windows\CurrentVersion\Run?ES ???????????OCUME~1\gfgfhg\LOCALS~1\Temp\DataCardPM32.tmp?el 28 Stepping 2, Genu?? ????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(6536)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
.
**************************************************************************
.
Completion time: 2012-03-17 21:58:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-17 21:57
ComboFix2.txt 2012-03-17 20:49
.
Pre-Run: 60,141,481,984 bytes free
Post-Run: 60,067,020,800 bytes free
.
- - End Of File - - B3B5F1CA497453D9A291754A4243C93C
Upload was successful
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu LOGU
Udělejte sken GMER: http://forum.viry.cz/viewtopic.php?f=29&t=62878 a dejte oba logy.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?