zdravim,
mam problem s tym ze sa mi websearch.searchmainia.info zobrazuje ako domovska stranka v IE a FF
prosim o pomoc
dakujem
Logfile of random's system information tool 1.09 (written by random/random)
Run by YozefB at 2013-05-24 22:10:29
Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (7%) free of 128 GB
Total RAM: 3070 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:10:30, on 24. 5. 2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PicPick\picpick.exe
C:\Program Files\PC Remote\PC Remote\PCRemote.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Dokan\DokanLibrary\mounter.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Games\World_of_Tanks\xvm-stat.exe
C:\Games\World_of_Tanks\WorldOfTanks.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\YozefB\Desktop\RSIT.exe
C:\Program Files\trend micro\YozefB.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchmainia.info/?unqvl=15
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchmainia.info/?unqvl=15
R3 - URLSearchHook: (no name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PicPick Start] C:\Program Files\PicPick\picpick.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\YozefB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PC Remote Server] C:\Program Files\PC Remote\PC Remote\PCRemote.exe /silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-343818398-448539723-682003330-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %SystemRoot%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %SystemRoot%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - https://labs.usa.hp.com/vdesk/terminal/ ... ,1204,1610
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\YozefB\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1182253468
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://labs.usa.hp.com/vdesk/terminal/ ... ,1204,1604
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\simple~1\sprote~1.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Crypkey License - Unknown owner - crypserv.exe (file missing)
O23 - Service: DokanMounter - Unknown owner - C:\Program Files\Dokan\DokanLibrary\mounter.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
--
End of file - 10489 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\ContinueToSaveUpdaterTask{60FBCE43-CFDC-4056-BE8C-BB6C04A4B7AD}.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-448539723-682003330-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-448539723-682003330-1003UA.job
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
C:\WINDOWS\tasks\Pics-Backup.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\YozefB\Application Data\Mozilla\Firefox\Profiles\l4hig8dk.default
prefs.js - "browser.startup.homepage" - "http://websearch.searchmainia.info/?unqvl=15"
prefs.js - "extensions.enabledItems" - "{B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, bkmrksync@nokia.com:1.0.0.732, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://websearch.searchmainia.info/?unqvl=15&l=1&q="
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}"=C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.202 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{B13721C7-F507-4982-B2E5-502A71474FED}
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
npwachk.dll
QuickTimePlugin.class
C:\Documents and Settings\YozefB\Application Data\Mozilla\Firefox\Profiles\l4hig8dk.default\extensions\
50e803249daa6@50e803249dae0.com
firefox@ghostery.com
jid1-yZwVFzbsyfMrqQ@jetpack
{20a82645-c095-46ed-80e3-08825760534b}
C:\Documents and Settings\YozefB\Application Data\Mozilla\Firefox\Profiles\l4hig8dk.default\searchplugins\
WebSearch.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-04-04 462752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-04-04 171424]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-11-15 151552]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"P17Helper"=Rundll32 P17.dll,P17Helper []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2012-04-24 20065896]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2013-01-31 15517472]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2013-01-31 108832]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
"nwiz"=nwiz.exe /install []
"Ad-Aware Browsing Protection"=C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe [2013-01-31 542632]
"Ad-Aware Antivirus"=C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher --windows-run []
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2013-01-27 947152]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"PicPick Start"=C:\Program Files\PicPick\picpick.exe [2011-04-09 10804224]
""= []
"Google Update"=C:\Documents and Settings\YozefB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-03 136176]
"PC Remote Server"=C:\Program Files\PC Remote\PC Remote\PCRemote.exe [2012-09-09 606720]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2009-09-15 479232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2010-12-20 697856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe /Background []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~1\simple~1\sprote~1.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\temp\utorrent\utorrent.exe"="C:\temp\utorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"="C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Disabled:Microsoft Flight Simulator"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe"="C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe:*:Enabled:Microsoft Flight Simulator®"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\WINDOWS\Downloaded Program Files\TunnelServer.exe"="C:\WINDOWS\Downloaded Program Files\TunnelServer.exe:*:Enabled:TunnelServer"
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe"="C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2"
"C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe"="C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Documents and Settings\YozefB\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\YozefB\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\hp_CLJ_2600n_Full_Solution\ProdInst.exe"="C:\hp_CLJ_2600n_Full_Solution\ProdInst.exe:*:Enabled:Advanced TCP/IP Port Installer"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:Spooler SubSystem App"
"C:\Documents and Settings\YozefB\Local Settings\Application Data\AntikVirtualSTB\AntikVirtualSTB.exe"="C:\Documents and Settings\YozefB\Local Settings\Application Data\AntikVirtualSTB\AntikVirtualSTB.exe:*:Enabled:AntikVirtualSTB"
"C:\Program Files\Antik Phone\AntikSIPsoftPhone.atk"="C:\Program Files\Antik Phone\AntikSIPsoftPhone.atk:*:Enabled:AntikSIPsoftPhone"
"C:\Program Files\Antik Phone\AntikSIPsoftPhone.exe"="C:\Program Files\Antik Phone\AntikSIPsoftPhone.exe:*:Enabled:AntikSIPsoftPhone"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Games\World_of_Tanks\WoTLauncher.exe"="C:\Games\World_of_Tanks\WoTLauncher.exe:*:Enabled:World of Tanks Launcher"
"C:\Games\World_of_Tanks\WorldOfTanks.exe"="C:\Games\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks"
"C:\Program Files\Java\jre7\bin\javaw.exe"="C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\World_of_Tanks_CT\WoTLauncher.exe"="C:\World_of_Tanks_CT\WoTLauncher.exe:*:Enabled:World of Tanks Launcher"
"C:\World_of_Tanks_CT\WorldOfTanks.exe"="C:\World_of_Tanks_CT\WorldOfTanks.exe:*:Enabled:World of Tanks"
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=C:\WINDOWS\system32\ir32_32.dll
"vidc.iv32"=C:\WINDOWS\system32\ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.FFDS"=ff_vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2013-05-24 10:47:29 ----D---- C:\WINDOWS\LastGood
2013-05-18 21:21:20 ----D---- C:\Program Files\Mozilla Firefox
2013-05-17 22:09:27 ----D---- C:\Documents and Settings\YozefB\Application Data\LavasoftStatistics
2013-05-17 22:09:26 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Antivirus
2013-05-17 21:43:14 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2013-05-17 21:43:12 ----D---- C:\Program Files\Ad-Aware Antivirus
2013-05-17 21:42:43 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations
2013-05-17 21:42:41 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\blekko toolbars
2013-05-17 21:42:40 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection
2013-05-17 21:42:33 ----D---- C:\Program Files\adawaretb
2013-05-17 21:42:33 ----D---- C:\Documents and Settings\YozefB\Application Data\adawaretb
2013-05-17 21:42:30 ----D---- C:\Program Files\Toolbar Cleaner
2013-05-17 21:41:17 ----A---- C:\WINDOWS\system32\sbbd.exe
2013-05-17 21:41:17 ----A---- C:\WINDOWS\system32\drivers\gfibto.sys
2013-05-17 21:41:15 ----D---- C:\Documents and Settings\YozefB\Application Data\Ad-Aware Antivirus
2013-05-16 03:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2820197$
2013-05-16 03:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2829361$
2013-05-14 22:08:08 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\StarApp
2013-05-14 22:08:07 ----D---- C:\Program Files\SimpleSpeedy
2013-05-14 22:07:38 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate
======List of files/folders modified in the last 1 month======
2013-05-24 22:10:30 ----D---- C:\Program Files\trend micro
2013-05-24 20:57:14 ----SHD---- C:\WINDOWS\Installer
2013-05-24 10:59:51 ----D---- C:\WINDOWS\Temp
2013-05-24 10:59:51 ----D---- C:\WINDOWS\Prefetch
2013-05-24 10:58:37 ----SD---- C:\WINDOWS\Tasks
2013-05-24 10:56:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-05-24 10:48:37 ----D---- C:\Config.Msi
2013-05-24 10:48:36 ----D---- C:\WINDOWS\system32\drivers
2013-05-24 10:47:30 ----D---- C:\WINDOWS
2013-05-24 10:45:55 ----D---- C:\WINDOWS\system32\CatRoot2
2013-05-23 21:37:56 ----D---- C:\Program Files\Microsoft Security Client
2013-05-22 20:17:49 ----D---- C:\Program Files\JDownloader
2013-05-20 20:32:12 ----D---- C:\Documents and Settings\YozefB\Application Data\vlc
2013-05-19 09:29:26 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-05-19 09:29:26 ----D---- C:\Program Files
2013-05-17 22:05:42 ----D---- C:\WINDOWS\system32
2013-05-17 21:43:16 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-05-17 21:30:15 ----HD---- C:\WINDOWS\inf
2013-05-16 03:07:56 ----RSD---- C:\WINDOWS\assembly
2013-05-16 03:06:59 ----D---- C:\WINDOWS\Microsoft.NET
2013-05-16 03:05:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-05-16 03:05:39 ----D---- C:\Program Files\Internet Explorer
2013-05-16 03:05:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-05-16 03:04:53 ----D---- C:\WINDOWS\WinSxS
2013-05-16 03:00:32 ----HD---- C:\WINDOWS\$hf_mig$
2013-05-16 01:10:25 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-05-09 23:47:33 ----D---- C:\Documents and Settings\YozefB\Application Data\Mp3tag
2013-05-07 22:50:19 ----D---- C:\World_of_Tanks_CT
2013-05-07 06:27:31 ----A---- C:\WINDOWS\system32\mshtml.dll
2013-05-03 15:57:46 ----A---- C:\WINDOWS\system32\MRT.exe
2013-05-02 17:28:50 ----N---- C:\WINDOWS\system32\MpSigStub.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 gfibto;gfibto; C:\WINDOWS\system32\drivers\gfibto.sys [2013-05-17 13560]
R0 iaStor;Intel RAID Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2006-10-31 250368]
R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2013-01-20 195296]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-08-07 721904]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 Dokan;Dokan; \??\C:\WINDOWS\system32\drivers\dokan.sys []
R2 MarxDev1;MarxDev1; C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 8864]
R2 MarxDev2;MarxDev2; C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 8864]
R2 MarxDev3;MarxDev3; C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 8864]
R2 Tdlpt;Tdlpt; \??\C:\WINDOWS\system32\drivers\Tdlpt.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MMRTKRNL;MMRTKRNL; C:\WINDOWS\system32\drivers\mmrtkrnl.sys [2001-11-05 32960]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2013-01-31 12648960]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-06-15 1127936]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-09-05 47360]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-11-22 250496]
S1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys []
S1 SBRE;SBRE; C:\WINDOWS\system32\drivers\SBREDrv.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ahjy0rtf;ahjy0rtf; C:\WINDOWS\system32\drivers\ahjy0rtf.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 esihdrv;esihdrv; \??\C:\DOCUME~1\YozefB\LOCALS~1\Temp\esihdrv.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2011-01-06 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2011-01-06 25512]
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 HTCAND32;HTC Device Driver; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\htcnprot.sys [2010-06-22 21248]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2012-05-22 6118544]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2012-07-02 25088]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 Ad-Aware Service;Ad-Aware Service; C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [2013-03-18 1236336]
R2 DokanMounter;DokanMounter; C:\Program Files\Dokan\DokanLibrary\mounter.exe [2011-01-10 25088]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-11-15 81920]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-04-04 181664]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-01-27 20456]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2013-01-31 156448]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-01-31 1259296]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2012-12-28 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2012-12-28 189472]
R2 SBAMSvc;Ad-Aware; C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]
R2 TeamViewer7;TeamViewer 7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Crypkey License;Crypkey License; crypserv.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-14 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-11-09 160944]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-16 256904]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-14 136176]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MatSvc;Microsoft Automated Troubleshooting Service; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2011-06-13 267568]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-05-18 117144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
problem s websearch.searchmainia.info
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119526
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: problem s websearch.searchmainia.info
Zdravím!
Dejte log ComboFix:
Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: problem s websearch.searchmainia.info
paci sa
ComboFix 13-05-24.01 - YozefB . 05. 2013 0:53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3070.2484 [GMT 2:00]
Running from: c:\documents and settings\YozefB\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Lavasoft Ad-Aware *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\continuetosave
c:\documents and settings\All Users.WINDOWS\Application Data\continuetosave\50e803249dc38.dll
c:\documents and settings\All Users.WINDOWS\Application Data\continuetosave\50e803249dc38.tlb
c:\documents and settings\All Users.WINDOWS\Application Data\continuetosave\data\continuetosave.dat
c:\documents and settings\All Users.WINDOWS\Application Data\continuetosave\settings.ini
c:\documents and settings\All Users.WINDOWS\Application Data\continuetosave\uninstall.exe
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\continuetosave
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\continuetosave\continuetosave.lnk
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\continuetosave\Uninstall.lnk
c:\documents and settings\yozef\Application Data\inst.exe
c:\documents and settings\yozef\Application Data\vso_ts_preview.xml
c:\documents and settings\yozef\WINDOWS
c:\documents and settings\YozefB\Application Data\inst.exe
c:\documents and settings\YozefB\Application Data\vso_ts_preview.xml
c:\documents and settings\YozefB\Desktop\Setup.exe
c:\documents and settings\YozefB\WINDOWS
C:\test.txt
c:\windows\iun6002.exe
c:\windows\settings.reg
c:\windows\slrundll.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-04-24 to 2013-05-24 )))))))))))))))))))))))))))))))
.
.
2013-05-24 22:49 . 2013-05-24 22:49 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\PCHealth
2013-05-24 08:59 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D52845C9-537A-4E2B-A732-4014D8052E22}\mpengine.dll
2013-05-24 08:47 . 2013-05-24 08:47 -------- d-----w- c:\windows\LastGood
2013-05-22 22:11 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-17 20:09 . 2013-05-17 20:09 -------- d-----w- c:\documents and settings\YozefB\Application Data\LavasoftStatistics
2013-05-17 20:09 . 2013-05-17 20:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Ad-Aware Antivirus
2013-05-17 19:43 . 2013-05-17 19:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2013-05-17 19:43 . 2013-05-17 20:09 -------- d-----w- c:\program files\Ad-Aware Antivirus
2013-05-17 19:42 . 2013-05-17 19:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Downloaded Installations
2013-05-17 19:42 . 2013-05-17 19:42 -------- d-----w- c:\documents and settings\YozefB\Local Settings\Application Data\adawarebp
2013-05-17 19:42 . 2013-05-17 19:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\blekko toolbars
2013-05-17 19:42 . 2013-05-17 19:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection
2013-05-17 19:42 . 2013-05-17 19:42 -------- d-----w- c:\program files\adawaretb
2013-05-17 19:42 . 2013-05-17 19:42 -------- d-----w- c:\documents and settings\YozefB\Application Data\adawaretb
2013-05-17 19:42 . 2013-05-17 19:42 -------- d-----w- c:\program files\Toolbar Cleaner
2013-05-17 19:41 . 2013-05-17 19:41 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-05-17 19:41 . 2013-05-17 19:41 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-05-17 19:41 . 2013-05-17 22:36 -------- d-----w- c:\documents and settings\YozefB\Application Data\Ad-Aware Antivirus
2013-05-14 20:08 . 2013-05-14 20:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\StarApp
2013-05-14 20:08 . 2013-05-18 18:17 -------- d-----w- c:\program files\SimpleSpeedy
2013-05-14 20:07 . 2013-05-14 20:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\InstallMate
2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 23:10 . 2012-05-24 06:06 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 23:10 . 2011-05-24 06:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 15:28 . 2011-12-30 09:41 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-16 22:17 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31 . 2004-08-04 12:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 03:35 . 2013-04-19 17:13 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-09 17:08 . 2012-07-01 18:43 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-09 17:08 . 2010-08-10 21:52 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 08:36 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2004-08-04 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-27 07:56 . 2010-08-07 11:22 2067456 ----a-w- c:\windows\system32\mstscax.dll
2010-07-05 19:27 . 2010-07-05 13:47 122238 ----a-w- c:\program files\Uninstal.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PicPick Start"="c:\program files\PicPick\picpick.exe" [2011-04-09 10804224]
"PC Remote Server"="c:\program files\PC Remote\PC Remote\PCRemote.exe" [2012-09-09 606720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-15 151552]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"P17Helper"="P17.dll" [2005-05-03 64512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"RTHDCPL"="RTHDCPL.EXE" [2012-04-24 20065896]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-01-31 15517472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2013-01-31 108832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:21 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2009-09-15 16:47 479232 ----a-w- c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-12-20 11:03 697856 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 12:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NokiaOviSuite2"=c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\temp\\utorrent\\utorrent.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\TunnelServer.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Documents and Settings\\YozefB\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Documents and Settings\\YozefB\\Local Settings\\Application Data\\AntikVirtualSTB\\AntikVirtualSTB.exe"=
"c:\\Program Files\\Antik Phone\\AntikSIPsoftPhone.atk"=
"c:\\Program Files\\Antik Phone\\AntikSIPsoftPhone.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Games\\World_of_Tanks\\WoTLauncher.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\World_of_Tanks_CT\\WoTLauncher.exe"=
"c:\\World_of_Tanks_CT\\WorldOfTanks.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9100:TCP"= 9100:TCP:Advanced TCP/IP Printer Port
"427:TCP"= 427:TCP:Advanced TCP/IP SLP Port
"161:TCP"= 161:TCP:Advanced TCP/IP SNMP Port
"427:UDP"= 427:UDP:SLP
"61314:TCP"= 61314:TCP:PC Remote Server XP
"61314:UDP"= 61314:UDP:PC Remote Server XP
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [17. 5. 2013 21:41 13560]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7. 8. 2010 18:18 721904]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6. 12. 2007 22:03 660768]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [18. 3. 2013 3:25 1236336]
R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [10. 1. 2011 14:50 91904]
R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [8. 10. 2012 20:43 8864]
R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [8. 10. 2012 20:43 8864]
R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [8. 10. 2012 20:43 8864]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [12. 8. 2011 18:13 87040]
R2 Tdlpt;Tdlpt;c:\windows\system32\drivers\TDLPT.SYS [8. 10. 2012 20:43 8012]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [16. 7. 2012 16:31 2673064]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5. 9. 2010 23:17 47360]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S2 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [10. 1. 2011 14:50 25088]
S2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [20. 9. 2012 5:39 3677000]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9. 11. 2012 12:21 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8. 10. 2012 20:09 1691480]
S3 esihdrv;esihdrv;\??\c:\docume~1\YozefB\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\YozefB\LOCALS~1\Temp\esihdrv.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [6. 1. 2011 0:14 13224]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [4. 1. 2011 23:15 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22. 6. 2010 19:01 21248]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13. 6. 2011 23:09 267568]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [14. 1. 2011 0:48 155320]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [9. 7. 2012 23:28 25088]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPFILTER
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-17 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2013-03-18 01:25]
.
2013-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 23:10]
.
2013-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-14 21:20]
.
2013-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-14 21:20]
.
2013-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-448539723-682003330-1003Core.job
- c:\documents and settings\YozefB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-06 16:36]
.
2013-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-448539723-682003330-1003UA.job
- c:\documents and settings\YozefB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-06 16:36]
.
2013-04-07 c:\windows\Tasks\Pics-Backup.job
- c:\windows\system32\ntbackup.exe [2004-08-04 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://websearch.searchmainia.info/?unqvl=15
mStart Page = hxxp://websearch.searchmainia.info/?unqvl=15
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\YozefB\Application Data\Mozilla\Firefox\Profiles\l4hig8dk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.searchmainia.info/?unqvl=15&l=1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://websearch.searchmainia.info/?unqvl=15
FF - prefs.js: keyword.URL - hxxp://websearch.searchmainia.info/?unqvl=15&l=1&q=
FF - ExtSQL: 2013-05-17 21:42; jid1-yZwVFzbsyfMrqQ@jetpack; c:\documents and settings\YozefB\Application Data\Mozilla\Firefox\Profiles\l4hig8dk.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - ExtSQL: !HIDDEN! 2013-01-24 22:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
HKLM-Run-nwiz - nwiz.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Sony Ericsson PC Companion - c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
AddRemove-172Skyhawkfsx - c:\windows\iun6002.exe
AddRemove-441_conquestfsx - c:\windows\iun6002.exe
AddRemove-ContinueToSave - c:\docume~1\ALLUSE~1.WIN\APPLIC~1\INSTAL~2\CONTIN~1\Setup.exe
AddRemove-{BE019FAB-AB80-4AE3-A808-E3A265E2BD5D} - c:\docume~1\ALLUSE~1.WIN\APPLIC~1\INSTAL~2\{BE019~1\Setup.exe
AddRemove-{C1C6816E-CBB3-A748-85F9-A8B47B68985B} - c:\documents and settings\All Users.WINDOWS\Application Data\continuetosave\uninstall.exe
AddRemove-FsxAdventures KLM Missions v1.00 - c:\program files\Microsoft Games\Microsoft Flight Simulator X\Uninstal.exe
AddRemove-jlGui 3.0 - c:\windows\system32\javaws.exe
AddRemove-jlGui 3.1 - c:\windows\system32\javaws.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-25 00:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Intel___ rev.1.0. -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
error: Read The request could not be performed because of an I/O device error.
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-05-25 01:00:23
ComboFix-quarantined-files.txt 2013-05-24 23:00
.
Pre-Run: 12 834 979 840 bytes free
Post-Run: 15 283 372 032 bytes free
.
- - End Of File - - 0165C437E04E5E01DDD8F9CCEE4F6824
ComboFix 13-05-24.01 - YozefB . 05. 2013 0:53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3070.2484 [GMT 2:00]
Running from: c:\documents and settings\YozefB\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Lavasoft Ad-Aware *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\continuetosave
c:\documents and settings\All Users.WINDOWS\Application Data\continuetosave\50e803249dc38.dll
c:\documents and settings\All Users.WINDOWS\Application Data\continuetosave\50e803249dc38.tlb
c:\documents and settings\All Users.WINDOWS\Application Data\continuetosave\data\continuetosave.dat
c:\documents and settings\All Users.WINDOWS\Application Data\continuetosave\settings.ini
c:\documents and settings\All Users.WINDOWS\Application Data\continuetosave\uninstall.exe
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\continuetosave
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\continuetosave\continuetosave.lnk
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\continuetosave\Uninstall.lnk
c:\documents and settings\yozef\Application Data\inst.exe
c:\documents and settings\yozef\Application Data\vso_ts_preview.xml
c:\documents and settings\yozef\WINDOWS
c:\documents and settings\YozefB\Application Data\inst.exe
c:\documents and settings\YozefB\Application Data\vso_ts_preview.xml
c:\documents and settings\YozefB\Desktop\Setup.exe
c:\documents and settings\YozefB\WINDOWS
C:\test.txt
c:\windows\iun6002.exe
c:\windows\settings.reg
c:\windows\slrundll.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-04-24 to 2013-05-24 )))))))))))))))))))))))))))))))
.
.
2013-05-24 22:49 . 2013-05-24 22:49 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\PCHealth
2013-05-24 08:59 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D52845C9-537A-4E2B-A732-4014D8052E22}\mpengine.dll
2013-05-24 08:47 . 2013-05-24 08:47 -------- d-----w- c:\windows\LastGood
2013-05-22 22:11 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-17 20:09 . 2013-05-17 20:09 -------- d-----w- c:\documents and settings\YozefB\Application Data\LavasoftStatistics
2013-05-17 20:09 . 2013-05-17 20:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Ad-Aware Antivirus
2013-05-17 19:43 . 2013-05-17 19:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2013-05-17 19:43 . 2013-05-17 20:09 -------- d-----w- c:\program files\Ad-Aware Antivirus
2013-05-17 19:42 . 2013-05-17 19:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Downloaded Installations
2013-05-17 19:42 . 2013-05-17 19:42 -------- d-----w- c:\documents and settings\YozefB\Local Settings\Application Data\adawarebp
2013-05-17 19:42 . 2013-05-17 19:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\blekko toolbars
2013-05-17 19:42 . 2013-05-17 19:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection
2013-05-17 19:42 . 2013-05-17 19:42 -------- d-----w- c:\program files\adawaretb
2013-05-17 19:42 . 2013-05-17 19:42 -------- d-----w- c:\documents and settings\YozefB\Application Data\adawaretb
2013-05-17 19:42 . 2013-05-17 19:42 -------- d-----w- c:\program files\Toolbar Cleaner
2013-05-17 19:41 . 2013-05-17 19:41 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-05-17 19:41 . 2013-05-17 19:41 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-05-17 19:41 . 2013-05-17 22:36 -------- d-----w- c:\documents and settings\YozefB\Application Data\Ad-Aware Antivirus
2013-05-14 20:08 . 2013-05-14 20:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\StarApp
2013-05-14 20:08 . 2013-05-18 18:17 -------- d-----w- c:\program files\SimpleSpeedy
2013-05-14 20:07 . 2013-05-14 20:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\InstallMate
2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 23:10 . 2012-05-24 06:06 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 23:10 . 2011-05-24 06:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 15:28 . 2011-12-30 09:41 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-16 22:17 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31 . 2004-08-04 12:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 03:35 . 2013-04-19 17:13 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-09 17:08 . 2012-07-01 18:43 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-09 17:08 . 2010-08-10 21:52 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 08:36 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2004-08-04 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-27 07:56 . 2010-08-07 11:22 2067456 ----a-w- c:\windows\system32\mstscax.dll
2010-07-05 19:27 . 2010-07-05 13:47 122238 ----a-w- c:\program files\Uninstal.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PicPick Start"="c:\program files\PicPick\picpick.exe" [2011-04-09 10804224]
"PC Remote Server"="c:\program files\PC Remote\PC Remote\PCRemote.exe" [2012-09-09 606720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-15 151552]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"P17Helper"="P17.dll" [2005-05-03 64512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"RTHDCPL"="RTHDCPL.EXE" [2012-04-24 20065896]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-01-31 15517472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2013-01-31 108832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:21 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2009-09-15 16:47 479232 ----a-w- c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-12-20 11:03 697856 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 12:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NokiaOviSuite2"=c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\temp\\utorrent\\utorrent.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\TunnelServer.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Documents and Settings\\YozefB\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Documents and Settings\\YozefB\\Local Settings\\Application Data\\AntikVirtualSTB\\AntikVirtualSTB.exe"=
"c:\\Program Files\\Antik Phone\\AntikSIPsoftPhone.atk"=
"c:\\Program Files\\Antik Phone\\AntikSIPsoftPhone.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Games\\World_of_Tanks\\WoTLauncher.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\World_of_Tanks_CT\\WoTLauncher.exe"=
"c:\\World_of_Tanks_CT\\WorldOfTanks.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9100:TCP"= 9100:TCP:Advanced TCP/IP Printer Port
"427:TCP"= 427:TCP:Advanced TCP/IP SLP Port
"161:TCP"= 161:TCP:Advanced TCP/IP SNMP Port
"427:UDP"= 427:UDP:SLP
"61314:TCP"= 61314:TCP:PC Remote Server XP
"61314:UDP"= 61314:UDP:PC Remote Server XP
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [17. 5. 2013 21:41 13560]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7. 8. 2010 18:18 721904]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6. 12. 2007 22:03 660768]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [18. 3. 2013 3:25 1236336]
R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [10. 1. 2011 14:50 91904]
R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [8. 10. 2012 20:43 8864]
R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [8. 10. 2012 20:43 8864]
R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [8. 10. 2012 20:43 8864]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [12. 8. 2011 18:13 87040]
R2 Tdlpt;Tdlpt;c:\windows\system32\drivers\TDLPT.SYS [8. 10. 2012 20:43 8012]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [16. 7. 2012 16:31 2673064]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5. 9. 2010 23:17 47360]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S2 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [10. 1. 2011 14:50 25088]
S2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [20. 9. 2012 5:39 3677000]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9. 11. 2012 12:21 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8. 10. 2012 20:09 1691480]
S3 esihdrv;esihdrv;\??\c:\docume~1\YozefB\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\YozefB\LOCALS~1\Temp\esihdrv.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [6. 1. 2011 0:14 13224]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [4. 1. 2011 23:15 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22. 6. 2010 19:01 21248]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13. 6. 2011 23:09 267568]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [14. 1. 2011 0:48 155320]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [9. 7. 2012 23:28 25088]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPFILTER
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-17 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2013-03-18 01:25]
.
2013-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 23:10]
.
2013-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-14 21:20]
.
2013-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-14 21:20]
.
2013-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-448539723-682003330-1003Core.job
- c:\documents and settings\YozefB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-06 16:36]
.
2013-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-448539723-682003330-1003UA.job
- c:\documents and settings\YozefB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-06 16:36]
.
2013-04-07 c:\windows\Tasks\Pics-Backup.job
- c:\windows\system32\ntbackup.exe [2004-08-04 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://websearch.searchmainia.info/?unqvl=15
mStart Page = hxxp://websearch.searchmainia.info/?unqvl=15
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\YozefB\Application Data\Mozilla\Firefox\Profiles\l4hig8dk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.searchmainia.info/?unqvl=15&l=1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://websearch.searchmainia.info/?unqvl=15
FF - prefs.js: keyword.URL - hxxp://websearch.searchmainia.info/?unqvl=15&l=1&q=
FF - ExtSQL: 2013-05-17 21:42; jid1-yZwVFzbsyfMrqQ@jetpack; c:\documents and settings\YozefB\Application Data\Mozilla\Firefox\Profiles\l4hig8dk.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - ExtSQL: !HIDDEN! 2013-01-24 22:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
HKLM-Run-nwiz - nwiz.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Sony Ericsson PC Companion - c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
AddRemove-172Skyhawkfsx - c:\windows\iun6002.exe
AddRemove-441_conquestfsx - c:\windows\iun6002.exe
AddRemove-ContinueToSave - c:\docume~1\ALLUSE~1.WIN\APPLIC~1\INSTAL~2\CONTIN~1\Setup.exe
AddRemove-{BE019FAB-AB80-4AE3-A808-E3A265E2BD5D} - c:\docume~1\ALLUSE~1.WIN\APPLIC~1\INSTAL~2\{BE019~1\Setup.exe
AddRemove-{C1C6816E-CBB3-A748-85F9-A8B47B68985B} - c:\documents and settings\All Users.WINDOWS\Application Data\continuetosave\uninstall.exe
AddRemove-FsxAdventures KLM Missions v1.00 - c:\program files\Microsoft Games\Microsoft Flight Simulator X\Uninstal.exe
AddRemove-jlGui 3.0 - c:\windows\system32\javaws.exe
AddRemove-jlGui 3.1 - c:\windows\system32\javaws.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-25 00:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Intel___ rev.1.0. -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
error: Read The request could not be performed because of an I/O device error.
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-05-25 01:00:23
ComboFix-quarantined-files.txt 2013-05-24 23:00
.
Pre-Run: 12 834 979 840 bytes free
Post-Run: 15 283 372 032 bytes free
.
- - End Of File - - 0165C437E04E5E01DDD8F9CCEE4F6824
-
Rudy
- Site Admin
- Příspěvky: 119526
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: problem s websearch.searchmainia.info
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
Folder::
c:\program files\adawaretb
c:\documents and settings\All Users.WINDOWS\Application Data\blekko toolbars
c:\documents and settings\YozefB\Application Data\adawaretb
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-448539723-682003330-1003Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-448539723-682003330-1003UA.job
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9100:TCP"=-
"427:TCP"=-
"161:TCP"=-
"427:UDP"=-
Firefox::
FF - ProfilePath - c:\documents and settings\YozefB\Application Data\Mozilla\Firefox\Profiles\l4hig8dk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.searchmainia.info/?unqvl=15&l=1&q=
FF - prefs.js: browser.startup.homepage - hxxp://websearch.searchmainia.info/?unqvl=15
FF - prefs.js: keyword.URL - hxxp://websearch.searchmainia.info/?unqvl=15&l=1&q=
FF - ExtSQL: 2013-05-17 21:42; jid1-yZwVFzbsyfMrqQ@jetpack; c:\documents and settings\YozefB\Application Data\Mozilla\Firefox\Profiles\l4hig8dk.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - ExtSQL: !HIDDEN! 2013-01-24 22:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: problem s websearch.searchmainia.info
dakujem za pomoc 
ComboFix 13-05-25.02 - YozefB . 05. 2013 14:49:40.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3070.2471 [GMT 2:00]
Running from: c:\documents and settings\YozefB\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\YozefB\Desktop\cfscript.txt
AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Lavasoft Ad-Aware *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-448539723-682003330-1003Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-448539723-682003330-1003UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\blekko toolbars
c:\documents and settings\All Users.WINDOWS\Application Data\blekko toolbars\toolbar.txt
c:\documents and settings\YozefB\Application Data\adawaretb
c:\documents and settings\YozefB\Application Data\adawaretb\toolbarcleaner.ini
c:\program files\adawaretb
c:\program files\adawaretb\ieUtils.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-448539723-682003330-1003Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-448539723-682003330-1003UA.job
.
.
((((((((((((((((((((((((( Files Created from 2013-04-25 to 2013-05-25 )))))))))))))))))))))))))))))))
.
.
2013-05-25 12:47 . 2013-05-25 12:47 29904 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B0EB6534-B368-4A15-AE95-343132257F51}\MpKsl36d4a794.sys
2013-05-25 10:08 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B0EB6534-B368-4A15-AE95-343132257F51}\mpengine.dll
2013-05-24 23:00 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-24 22:49 . 2013-05-24 22:49 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\PCHealth
2013-05-17 20:09 . 2013-05-17 20:09 -------- d-----w- c:\documents and settings\YozefB\Application Data\LavasoftStatistics
2013-05-17 20:09 . 2013-05-17 20:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Ad-Aware Antivirus
2013-05-17 19:43 . 2013-05-17 19:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2013-05-17 19:43 . 2013-05-17 20:09 -------- d-----w- c:\program files\Ad-Aware Antivirus
2013-05-17 19:42 . 2013-05-17 19:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Downloaded Installations
2013-05-17 19:42 . 2013-05-17 19:42 -------- d-----w- c:\documents and settings\YozefB\Local Settings\Application Data\adawarebp
2013-05-17 19:42 . 2013-05-17 19:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection
2013-05-17 19:42 . 2013-05-17 19:42 -------- d-----w- c:\program files\Toolbar Cleaner
2013-05-17 19:41 . 2013-05-17 19:41 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-05-17 19:41 . 2013-05-17 19:41 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-05-17 19:41 . 2013-05-17 22:36 -------- d-----w- c:\documents and settings\YozefB\Application Data\Ad-Aware Antivirus
2013-05-14 20:08 . 2013-05-14 20:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\StarApp
2013-05-14 20:08 . 2013-05-18 18:17 -------- d-----w- c:\program files\SimpleSpeedy
2013-05-14 20:07 . 2013-05-14 20:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\InstallMate
2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 23:10 . 2012-05-24 06:06 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 23:10 . 2011-05-24 06:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 15:28 . 2011-12-30 09:41 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-16 22:17 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31 . 2004-08-04 12:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 03:35 . 2013-04-19 17:13 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-09 17:08 . 2012-07-01 18:43 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-09 17:08 . 2010-08-10 21:52 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 08:36 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2004-08-04 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-27 07:56 . 2010-08-07 11:22 2067456 ----a-w- c:\windows\system32\mstscax.dll
2010-07-05 19:27 . 2010-07-05 13:47 122238 ----a-w- c:\program files\Uninstal.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PicPick Start"="c:\program files\PicPick\picpick.exe" [2011-04-09 10804224]
"PC Remote Server"="c:\program files\PC Remote\PC Remote\PCRemote.exe" [2012-09-09 606720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-15 151552]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"P17Helper"="P17.dll" [2005-05-03 64512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"RTHDCPL"="RTHDCPL.EXE" [2012-04-24 20065896]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-01-31 15517472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2013-01-31 108832]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:21 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2009-09-15 16:47 479232 ----a-w- c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-12-20 11:03 697856 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 12:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NokiaOviSuite2"=c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\temp\\utorrent\\utorrent.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\TunnelServer.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Documents and Settings\\YozefB\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Documents and Settings\\YozefB\\Local Settings\\Application Data\\AntikVirtualSTB\\AntikVirtualSTB.exe"=
"c:\\Program Files\\Antik Phone\\AntikSIPsoftPhone.atk"=
"c:\\Program Files\\Antik Phone\\AntikSIPsoftPhone.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Games\\World_of_Tanks\\WoTLauncher.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\World_of_Tanks_CT\\WoTLauncher.exe"=
"c:\\World_of_Tanks_CT\\WorldOfTanks.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"61314:TCP"= 61314:TCP:PC Remote Server XP
"61314:UDP"= 61314:UDP:PC Remote Server XP
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [17. 5. 2013 21:41 13560]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7. 8. 2010 18:18 721904]
R1 MpKsl36d4a794;MpKsl36d4a794;c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B0EB6534-B368-4A15-AE95-343132257F51}\MpKsl36d4a794.sys [25. 5. 2013 14:47 29904]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6. 12. 2007 22:03 660768]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [18. 3. 2013 3:25 1236336]
R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [10. 1. 2011 14:50 91904]
R2 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [10. 1. 2011 14:50 25088]
R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [8. 10. 2012 20:43 8864]
R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [8. 10. 2012 20:43 8864]
R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [8. 10. 2012 20:43 8864]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [12. 8. 2011 18:13 87040]
R2 Tdlpt;Tdlpt;c:\windows\system32\drivers\TDLPT.SYS [8. 10. 2012 20:43 8012]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [16. 7. 2012 16:31 2673064]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5. 9. 2010 23:17 47360]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [20. 9. 2012 5:39 3677000]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9. 11. 2012 12:21 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8. 10. 2012 20:09 1691480]
S3 esihdrv;esihdrv;\??\c:\docume~1\YozefB\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\YozefB\LOCALS~1\Temp\esihdrv.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [6. 1. 2011 0:14 13224]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [4. 1. 2011 23:15 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22. 6. 2010 19:01 21248]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13. 6. 2011 23:09 267568]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [14. 1. 2011 0:48 155320]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [9. 7. 2012 23:28 25088]
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-17 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2013-03-18 01:25]
.
2013-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 23:10]
.
2013-05-25 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 09:11]
.
2013-04-07 c:\windows\Tasks\Pics-Backup.job
- c:\windows\system32\ntbackup.exe [2004-08-04 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://websearch.searchmainia.info/?unqvl=15
mStart Page = hxxp://websearch.searchmainia.info/?unqvl=15
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\YozefB\Application Data\Mozilla\Firefox\Profiles\l4hig8dk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2013-05-17 21:42; jid1-yZwVFzbsyfMrqQ@jetpack; c:\documents and settings\YozefB\Application Data\Mozilla\Firefox\Profiles\l4hig8dk.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - ExtSQL: !HIDDEN! 2013-01-24 22:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-25 14:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Intel___ rev.1.0. -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
error: Read The request could not be performed because of an I/O device error.
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3448)
c:\windows\system32\WININET.dll
c:\documents and settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2013-05-25 15:02:24 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-25 13:02
ComboFix2.txt 2013-05-24 23:00
.
Pre-Run: 14 898 696 192 bytes free
Post-Run: 14 962 212 864 bytes free
.
- - End Of File - - 71E1D1DA44E76F983840D8C71EF03AB8
ComboFix 13-05-25.02 - YozefB . 05. 2013 14:49:40.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3070.2471 [GMT 2:00]
Running from: c:\documents and settings\YozefB\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\YozefB\Desktop\cfscript.txt
AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Lavasoft Ad-Aware *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-448539723-682003330-1003Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-448539723-682003330-1003UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\blekko toolbars
c:\documents and settings\All Users.WINDOWS\Application Data\blekko toolbars\toolbar.txt
c:\documents and settings\YozefB\Application Data\adawaretb
c:\documents and settings\YozefB\Application Data\adawaretb\toolbarcleaner.ini
c:\program files\adawaretb
c:\program files\adawaretb\ieUtils.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-448539723-682003330-1003Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-448539723-682003330-1003UA.job
.
.
((((((((((((((((((((((((( Files Created from 2013-04-25 to 2013-05-25 )))))))))))))))))))))))))))))))
.
.
2013-05-25 12:47 . 2013-05-25 12:47 29904 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B0EB6534-B368-4A15-AE95-343132257F51}\MpKsl36d4a794.sys
2013-05-25 10:08 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B0EB6534-B368-4A15-AE95-343132257F51}\mpengine.dll
2013-05-24 23:00 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-24 22:49 . 2013-05-24 22:49 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\PCHealth
2013-05-17 20:09 . 2013-05-17 20:09 -------- d-----w- c:\documents and settings\YozefB\Application Data\LavasoftStatistics
2013-05-17 20:09 . 2013-05-17 20:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Ad-Aware Antivirus
2013-05-17 19:43 . 2013-05-17 19:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2013-05-17 19:43 . 2013-05-17 20:09 -------- d-----w- c:\program files\Ad-Aware Antivirus
2013-05-17 19:42 . 2013-05-17 19:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Downloaded Installations
2013-05-17 19:42 . 2013-05-17 19:42 -------- d-----w- c:\documents and settings\YozefB\Local Settings\Application Data\adawarebp
2013-05-17 19:42 . 2013-05-17 19:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection
2013-05-17 19:42 . 2013-05-17 19:42 -------- d-----w- c:\program files\Toolbar Cleaner
2013-05-17 19:41 . 2013-05-17 19:41 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-05-17 19:41 . 2013-05-17 19:41 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-05-17 19:41 . 2013-05-17 22:36 -------- d-----w- c:\documents and settings\YozefB\Application Data\Ad-Aware Antivirus
2013-05-14 20:08 . 2013-05-14 20:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\StarApp
2013-05-14 20:08 . 2013-05-18 18:17 -------- d-----w- c:\program files\SimpleSpeedy
2013-05-14 20:07 . 2013-05-14 20:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\InstallMate
2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 23:10 . 2012-05-24 06:06 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 23:10 . 2011-05-24 06:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 15:28 . 2011-12-30 09:41 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-16 22:17 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31 . 2004-08-04 12:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 03:35 . 2013-04-19 17:13 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-09 17:08 . 2012-07-01 18:43 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-09 17:08 . 2010-08-10 21:52 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 08:36 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2004-08-04 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-27 07:56 . 2010-08-07 11:22 2067456 ----a-w- c:\windows\system32\mstscax.dll
2010-07-05 19:27 . 2010-07-05 13:47 122238 ----a-w- c:\program files\Uninstal.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PicPick Start"="c:\program files\PicPick\picpick.exe" [2011-04-09 10804224]
"PC Remote Server"="c:\program files\PC Remote\PC Remote\PCRemote.exe" [2012-09-09 606720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-15 151552]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"P17Helper"="P17.dll" [2005-05-03 64512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"RTHDCPL"="RTHDCPL.EXE" [2012-04-24 20065896]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-01-31 15517472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2013-01-31 108832]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:21 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2009-09-15 16:47 479232 ----a-w- c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-12-20 11:03 697856 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 12:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NokiaOviSuite2"=c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\temp\\utorrent\\utorrent.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\TunnelServer.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Documents and Settings\\YozefB\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Documents and Settings\\YozefB\\Local Settings\\Application Data\\AntikVirtualSTB\\AntikVirtualSTB.exe"=
"c:\\Program Files\\Antik Phone\\AntikSIPsoftPhone.atk"=
"c:\\Program Files\\Antik Phone\\AntikSIPsoftPhone.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Games\\World_of_Tanks\\WoTLauncher.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\World_of_Tanks_CT\\WoTLauncher.exe"=
"c:\\World_of_Tanks_CT\\WorldOfTanks.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"61314:TCP"= 61314:TCP:PC Remote Server XP
"61314:UDP"= 61314:UDP:PC Remote Server XP
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [17. 5. 2013 21:41 13560]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7. 8. 2010 18:18 721904]
R1 MpKsl36d4a794;MpKsl36d4a794;c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B0EB6534-B368-4A15-AE95-343132257F51}\MpKsl36d4a794.sys [25. 5. 2013 14:47 29904]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6. 12. 2007 22:03 660768]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [18. 3. 2013 3:25 1236336]
R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [10. 1. 2011 14:50 91904]
R2 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [10. 1. 2011 14:50 25088]
R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [8. 10. 2012 20:43 8864]
R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [8. 10. 2012 20:43 8864]
R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [8. 10. 2012 20:43 8864]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [12. 8. 2011 18:13 87040]
R2 Tdlpt;Tdlpt;c:\windows\system32\drivers\TDLPT.SYS [8. 10. 2012 20:43 8012]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [16. 7. 2012 16:31 2673064]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5. 9. 2010 23:17 47360]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [20. 9. 2012 5:39 3677000]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9. 11. 2012 12:21 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8. 10. 2012 20:09 1691480]
S3 esihdrv;esihdrv;\??\c:\docume~1\YozefB\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\YozefB\LOCALS~1\Temp\esihdrv.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [6. 1. 2011 0:14 13224]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [4. 1. 2011 23:15 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22. 6. 2010 19:01 21248]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13. 6. 2011 23:09 267568]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [14. 1. 2011 0:48 155320]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [9. 7. 2012 23:28 25088]
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-17 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2013-03-18 01:25]
.
2013-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 23:10]
.
2013-05-25 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 09:11]
.
2013-04-07 c:\windows\Tasks\Pics-Backup.job
- c:\windows\system32\ntbackup.exe [2004-08-04 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://websearch.searchmainia.info/?unqvl=15
mStart Page = hxxp://websearch.searchmainia.info/?unqvl=15
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\YozefB\Application Data\Mozilla\Firefox\Profiles\l4hig8dk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2013-05-17 21:42; jid1-yZwVFzbsyfMrqQ@jetpack; c:\documents and settings\YozefB\Application Data\Mozilla\Firefox\Profiles\l4hig8dk.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - ExtSQL: !HIDDEN! 2013-01-24 22:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-25 14:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Intel___ rev.1.0. -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
error: Read The request could not be performed because of an I/O device error.
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3448)
c:\windows\system32\WININET.dll
c:\documents and settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2013-05-25 15:02:24 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-25 13:02
ComboFix2.txt 2013-05-24 23:00
.
Pre-Run: 14 898 696 192 bytes free
Post-Run: 14 962 212 864 bytes free
.
- - End Of File - - 71E1D1DA44E76F983840D8C71EF03AB8
-
Rudy
- Site Admin
- Příspěvky: 119526
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: problem s websearch.searchmainia.info
Smazáno. Ještě může být problém v MBR. Stáhněte a spusťte TDSSKiller: http://www.stahuj.centrum.cz/utility_a_ ... dsskiller/ . Nechte pracovat a po skončení akce sem dejte log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: problem s websearch.searchmainia.info
19:35:10.0765 1604 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
19:35:10.0890 1604 ============================================================
19:35:10.0890 1604 Current date / time: 2013/05/25 19:35:10.0890
19:35:10.0890 1604 SystemInfo:
19:35:10.0890 1604
19:35:10.0890 1604 OS Version: 5.1.2600 ServicePack: 3.0
19:35:10.0890 1604 Product type: Workstation
19:35:10.0890 1604 ComputerName: YOZEF
19:35:10.0890 1604 UserName: YozefB
19:35:10.0890 1604 Windows directory: C:\WINDOWS
19:35:10.0890 1604 System windows directory: C:\WINDOWS
19:35:10.0890 1604 Processor architecture: Intel x86
19:35:10.0890 1604 Number of processors: 2
19:35:10.0890 1604 Page size: 0x1000
19:35:10.0890 1604 Boot type: Normal boot
19:35:10.0890 1604 ============================================================
19:35:11.0375 1604 Drive \Device\Harddisk0\DR0 - Size: 0xE8E1100000 (931.52 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:35:11.0390 1604 Drive \Device\Harddisk1\DR1 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:35:11.0406 1604 \Device\Harddisk0\DR0:
19:35:11.0406 1604 MBR used
19:35:11.0406 1604 \Device\Harddisk1\DR1:
19:35:11.0406 1604 MBR used
19:35:11.0406 1604 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
19:35:11.0421 1604 Initialize success
19:35:11.0421 1604 ============================================================
19:35:14.0375 0732 ============================================================
19:35:14.0375 0732 Scan started
19:35:14.0375 0732 Mode: Manual;
19:35:14.0375 0732 ============================================================
19:35:14.0390 0732 61883 - ok
19:35:14.0406 0732 Abiosdsk - ok
19:35:14.0406 0732 abp480n5 - ok
19:35:14.0406 0732 ACPI - ok
19:35:14.0406 0732 ACPIEC - ok
19:35:14.0421 0732 adpu160m - ok
19:35:14.0421 0732 aec - ok
19:35:14.0421 0732 AFD - ok
19:35:14.0421 0732 Aha154x - ok
19:35:14.0421 0732 aic78u2 - ok
19:35:14.0437 0732 aic78xx - ok
19:35:14.0437 0732 AliIde - ok
19:35:14.0437 0732 Ambfilt - ok
19:35:14.0437 0732 amsint - ok
19:35:14.0453 0732 Arp1394 - ok
19:35:14.0453 0732 asc - ok
19:35:14.0453 0732 asc3350p - ok
19:35:14.0453 0732 asc3550 - ok
19:35:14.0468 0732 Aspi32 - ok
19:35:14.0468 0732 AsyncMac - ok
19:35:14.0468 0732 atapi - ok
19:35:14.0468 0732 Atdisk - ok
19:35:14.0484 0732 Atmarpc - ok
19:35:14.0484 0732 audstub - ok
19:35:14.0500 0732 Avc - ok
19:35:14.0500 0732 Beep - ok
19:35:14.0500 0732 catchme - ok
19:35:14.0500 0732 cbidf2k - ok
19:35:14.0515 0732 CCDECODE - ok
19:35:14.0515 0732 cd20xrnt - ok
19:35:14.0515 0732 Cdaudio - ok
19:35:14.0515 0732 Cdfs - ok
19:35:14.0515 0732 Cdrom - ok
19:35:14.0531 0732 Changer - ok
19:35:14.0531 0732 CmdIde - ok
19:35:14.0546 0732 Cpqarray - ok
19:35:14.0546 0732 ctsfm2k - ok
19:35:14.0546 0732 dac2w2k - ok
19:35:14.0546 0732 dac960nt - ok
19:35:14.0562 0732 Disk - ok
19:35:14.0562 0732 dmboot - ok
19:35:14.0562 0732 dmio - ok
19:35:14.0562 0732 dmload - ok
19:35:14.0578 0732 DMusic - ok
19:35:14.0578 0732 Dokan - ok
19:35:14.0593 0732 dpti2o - ok
19:35:14.0593 0732 drmkaud - ok
19:35:14.0609 0732 esihdrv - ok
19:35:14.0609 0732 Fastfat - ok
19:35:14.0609 0732 Fdc - ok
19:35:14.0625 0732 Fips - ok
19:35:14.0625 0732 Flpydisk - ok
19:35:14.0625 0732 FltMgr - ok
19:35:14.0625 0732 Fs_Rec - ok
19:35:14.0640 0732 Ftdisk - ok
19:35:14.0640 0732 gfibto - ok
19:35:14.0640 0732 ggflt - ok
19:35:14.0640 0732 ggsemc - ok
19:35:14.0640 0732 Gpc - ok
19:35:14.0656 0732 HDAudBus - ok
19:35:14.0656 0732 hidusb - ok
19:35:14.0656 0732 hpn - ok
19:35:14.0671 0732 HTCAND32 - ok
19:35:14.0671 0732 htcnprot - ok
19:35:14.0671 0732 HTTP - ok
19:35:14.0671 0732 i2omgmt - ok
19:35:14.0687 0732 i2omp - ok
19:35:14.0687 0732 i8042prt - ok
19:35:14.0687 0732 iaStor - ok
19:35:14.0687 0732 Imapi - ok
19:35:14.0703 0732 ini910u - ok
19:35:14.0718 0732 IntcAzAudAddService - ok
19:35:14.0718 0732 IntelIde - ok
19:35:14.0718 0732 intelppm - ok
19:35:14.0718 0732 Ip6Fw - ok
19:35:14.0718 0732 IpFilterDriver - ok
19:35:14.0734 0732 IpInIp - ok
19:35:14.0734 0732 IpNat - ok
19:35:14.0734 0732 IPSec - ok
19:35:14.0734 0732 IRENUM - ok
19:35:14.0734 0732 isapnp - ok
19:35:14.0750 0732 Kbdclass - ok
19:35:14.0750 0732 kbdhid - ok
19:35:14.0750 0732 kmixer - ok
19:35:14.0750 0732 KSecDD - ok
19:35:14.0765 0732 lbrtfdc - ok
19:35:14.0765 0732 MarxDev1 - ok
19:35:14.0765 0732 MarxDev2 - ok
19:35:14.0765 0732 MarxDev3 - ok
19:35:14.0781 0732 MMRTKRNL - ok
19:35:14.0781 0732 mnmdd - ok
19:35:14.0796 0732 Modem - ok
19:35:14.0796 0732 Monfilt - ok
19:35:14.0796 0732 Mouclass - ok
19:35:14.0796 0732 mouhid - ok
19:35:14.0796 0732 MountMgr - ok
19:35:14.0812 0732 MpFilter - ok
19:35:14.0812 0732 MpKsl9d91f371 - ok
19:35:14.0812 0732 mraid35x - ok
19:35:14.0812 0732 MRxDAV - ok
19:35:14.0812 0732 MRxSmb - ok
19:35:14.0843 0732 MSDV - ok
19:35:14.0843 0732 Msfs - ok
19:35:14.0843 0732 MSKSSRV - ok
19:35:14.0859 0732 MSPCLOCK - ok
19:35:14.0859 0732 MSPQM - ok
19:35:14.0859 0732 mssmbios - ok
19:35:14.0859 0732 MSTEE - ok
19:35:14.0875 0732 Mup - ok
19:35:14.0875 0732 NABTSFEC - ok
19:35:14.0875 0732 NDIS - ok
19:35:14.0875 0732 NdisIP - ok
19:35:14.0875 0732 NdisTapi - ok
19:35:14.0890 0732 Ndisuio - ok
19:35:14.0890 0732 NdisWan - ok
19:35:14.0890 0732 NDProxy - ok
19:35:14.0890 0732 NetBIOS - ok
19:35:14.0890 0732 NetBT - ok
19:35:14.0906 0732 NetworkX - ok
19:35:14.0906 0732 NIC1394 - ok
19:35:14.0921 0732 nmwcd - ok
19:35:14.0921 0732 nmwcdc - ok
19:35:14.0921 0732 Npfs - ok
19:35:14.0921 0732 Ntfs - ok
19:35:14.0937 0732 Null - ok
19:35:14.0937 0732 nv - ok
19:35:14.0937 0732 NwlnkFlt - ok
19:35:14.0953 0732 NwlnkFwd - ok
19:35:14.0953 0732 ohci1394 - ok
19:35:14.0953 0732 ossrv - ok
19:35:14.0968 0732 P17 - ok
19:35:14.0968 0732 Parport - ok
19:35:14.0968 0732 PartMgr - ok
19:35:14.0968 0732 ParVdm - ok
19:35:14.0968 0732 pccsmcfd - ok
19:35:14.0984 0732 PCI - ok
19:35:14.0984 0732 PCIDump - ok
19:35:14.0984 0732 PCIIde - ok
19:35:14.0984 0732 Pcmcia - ok
19:35:14.0984 0732 pcouffin - ok
19:35:15.0000 0732 PDCOMP - ok
19:35:15.0000 0732 PDFRAME - ok
19:35:15.0000 0732 PDRELI - ok
19:35:15.0000 0732 PDRFRAME - ok
19:35:15.0000 0732 perc2 - ok
19:35:15.0015 0732 perc2hib - ok
19:35:15.0015 0732 PnkBstrK - ok
19:35:15.0031 0732 PptpMiniport - ok
19:35:15.0031 0732 PSched - ok
19:35:15.0031 0732 Ptilink - ok
19:35:15.0031 0732 PxHelp20 - ok
19:35:15.0046 0732 ql1080 - ok
19:35:15.0046 0732 Ql10wnt - ok
19:35:15.0046 0732 ql12160 - ok
19:35:15.0046 0732 ql1240 - ok
19:35:15.0062 0732 ql1280 - ok
19:35:15.0062 0732 RasAcd - ok
19:35:15.0062 0732 Rasl2tp - ok
19:35:15.0078 0732 RasPppoe - ok
19:35:15.0078 0732 Raspti - ok
19:35:15.0078 0732 Rdbss - ok
19:35:15.0078 0732 RDPCDD - ok
19:35:15.0078 0732 rdpdr - ok
19:35:15.0093 0732 RDPWD - ok
19:35:15.0093 0732 redbook - ok
19:35:15.0109 0732 SBRE - ok
19:35:15.0109 0732 Secdrv - ok
19:35:15.0125 0732 serenum - ok
19:35:15.0125 0732 Serial - ok
19:35:15.0140 0732 Sfloppy - ok
19:35:15.0140 0732 Simbad - ok
19:35:15.0140 0732 SLIP - ok
19:35:15.0156 0732 Sparrow - ok
19:35:15.0156 0732 splitter - ok
19:35:15.0171 0732 sptd - ok
19:35:15.0171 0732 sr - ok
19:35:15.0171 0732 Srv - ok
19:35:15.0187 0732 streamip - ok
19:35:15.0187 0732 swenum - ok
19:35:15.0187 0732 swmidi - ok
19:35:15.0187 0732 symc810 - ok
19:35:15.0203 0732 symc8xx - ok
19:35:15.0203 0732 sym_hi - ok
19:35:15.0203 0732 sym_u3 - ok
19:35:15.0203 0732 sysaudio - ok
19:35:15.0203 0732 Tcpip - ok
19:35:15.0218 0732 Tdlpt - ok
19:35:15.0218 0732 TDPIPE - ok
19:35:15.0218 0732 TDTCP - ok
19:35:15.0218 0732 teamviewervpn - ok
19:35:15.0234 0732 TermDD - ok
19:35:15.0234 0732 TosIde - ok
19:35:15.0234 0732 Udfs - ok
19:35:15.0250 0732 ultra - ok
19:35:15.0250 0732 Update - ok
19:35:15.0250 0732 upperdev - ok
19:35:15.0250 0732 usbccgp - ok
19:35:15.0265 0732 usbehci - ok
19:35:15.0265 0732 usbhub - ok
19:35:15.0265 0732 usbscan - ok
19:35:15.0265 0732 usbser - ok
19:35:15.0281 0732 UsbserFilt - ok
19:35:15.0281 0732 USBSTOR - ok
19:35:15.0281 0732 usbuhci - ok
19:35:15.0281 0732 VgaSave - ok
19:35:15.0296 0732 ViaIde - ok
19:35:15.0296 0732 VolSnap - ok
19:35:15.0296 0732 Wanarp - ok
19:35:15.0296 0732 Wdf01000 - ok
19:35:15.0312 0732 WDICA - ok
19:35:15.0312 0732 wdmaud - ok
19:35:15.0328 0732 WpdUsb - ok
19:35:15.0328 0732 WS2IFSL - ok
19:35:15.0328 0732 WSTCODEC - ok
19:35:15.0343 0732 WudfPf - ok
19:35:15.0343 0732 WudfRd - ok
19:35:15.0343 0732 yukonwxp - ok
19:35:15.0375 0732 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:35:15.0531 0732 \Device\Harddisk0\DR0 - ok
19:35:15.0531 0732 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:35:15.0531 0732 \Device\Harddisk1\DR1 - ok
19:35:15.0531 0732 Boot (0x1200) (4b2e45896b9320e46a5e1ff2cd466ee6) \Device\Harddisk1\DR1\Partition0
19:35:15.0531 0732 \Device\Harddisk1\DR1\Partition0 - ok
19:35:15.0531 0732 ============================================================
19:35:15.0531 0732 Scan finished
19:35:15.0531 0732 ============================================================
19:35:15.0546 0464 Detected object count: 0
19:35:15.0546 0464 Actual detected object count: 0
19:35:26.0109 2704 ============================================================
19:35:26.0109 2704 Scan started
19:35:26.0109 2704 Mode: Manual;
19:35:26.0109 2704 ============================================================
19:35:26.0125 2704 61883 - ok
19:35:26.0125 2704 Abiosdsk - ok
19:35:26.0125 2704 abp480n5 - ok
19:35:26.0125 2704 ACPI - ok
19:35:26.0140 2704 ACPIEC - ok
19:35:26.0140 2704 adpu160m - ok
19:35:26.0140 2704 aec - ok
19:35:26.0140 2704 AFD - ok
19:35:26.0156 2704 Aha154x - ok
19:35:26.0156 2704 aic78u2 - ok
19:35:26.0156 2704 aic78xx - ok
19:35:26.0156 2704 AliIde - ok
19:35:26.0171 2704 Ambfilt - ok
19:35:26.0171 2704 amsint - ok
19:35:26.0171 2704 Arp1394 - ok
19:35:26.0171 2704 asc - ok
19:35:26.0171 2704 asc3350p - ok
19:35:26.0187 2704 asc3550 - ok
19:35:26.0187 2704 Aspi32 - ok
19:35:26.0187 2704 AsyncMac - ok
19:35:26.0203 2704 atapi - ok
19:35:26.0203 2704 Atdisk - ok
19:35:26.0203 2704 Atmarpc - ok
19:35:26.0218 2704 audstub - ok
19:35:26.0218 2704 Avc - ok
19:35:26.0218 2704 Beep - ok
19:35:26.0218 2704 catchme - ok
19:35:26.0234 2704 cbidf2k - ok
19:35:26.0234 2704 CCDECODE - ok
19:35:26.0234 2704 cd20xrnt - ok
19:35:26.0234 2704 Cdaudio - ok
19:35:26.0234 2704 Cdfs - ok
19:35:26.0250 2704 Cdrom - ok
19:35:26.0250 2704 Changer - ok
19:35:26.0250 2704 CmdIde - ok
19:35:26.0265 2704 Cpqarray - ok
19:35:26.0265 2704 ctsfm2k - ok
19:35:26.0265 2704 dac2w2k - ok
19:35:26.0281 2704 dac960nt - ok
19:35:26.0281 2704 Disk - ok
19:35:26.0281 2704 dmboot - ok
19:35:26.0281 2704 dmio - ok
19:35:26.0296 2704 dmload - ok
19:35:26.0296 2704 DMusic - ok
19:35:26.0296 2704 Dokan - ok
19:35:26.0296 2704 dpti2o - ok
19:35:26.0312 2704 drmkaud - ok
19:35:26.0312 2704 esihdrv - ok
19:35:26.0328 2704 Fastfat - ok
19:35:26.0328 2704 Fdc - ok
19:35:26.0328 2704 Fips - ok
19:35:26.0343 2704 Flpydisk - ok
19:35:26.0343 2704 FltMgr - ok
19:35:26.0343 2704 Fs_Rec - ok
19:35:26.0343 2704 Ftdisk - ok
19:35:26.0343 2704 gfibto - ok
19:35:26.0359 2704 ggflt - ok
19:35:26.0359 2704 ggsemc - ok
19:35:26.0359 2704 Gpc - ok
19:35:26.0359 2704 HDAudBus - ok
19:35:26.0375 2704 hidusb - ok
19:35:26.0375 2704 hpn - ok
19:35:26.0375 2704 HTCAND32 - ok
19:35:26.0390 2704 htcnprot - ok
19:35:26.0390 2704 HTTP - ok
19:35:26.0390 2704 i2omgmt - ok
19:35:26.0390 2704 i2omp - ok
19:35:26.0390 2704 i8042prt - ok
19:35:26.0406 2704 iaStor - ok
19:35:26.0406 2704 Imapi - ok
19:35:26.0406 2704 ini910u - ok
19:35:26.0421 2704 IntcAzAudAddService - ok
19:35:26.0421 2704 IntelIde - ok
19:35:26.0421 2704 intelppm - ok
19:35:26.0437 2704 Ip6Fw - ok
19:35:26.0437 2704 IpFilterDriver - ok
19:35:26.0437 2704 IpInIp - ok
19:35:26.0437 2704 IpNat - ok
19:35:26.0437 2704 IPSec - ok
19:35:26.0453 2704 IRENUM - ok
19:35:26.0453 2704 isapnp - ok
19:35:26.0453 2704 Kbdclass - ok
19:35:26.0453 2704 kbdhid - ok
19:35:26.0468 2704 kmixer - ok
19:35:26.0468 2704 KSecDD - ok
19:35:26.0484 2704 lbrtfdc - ok
19:35:26.0484 2704 MarxDev1 - ok
19:35:26.0500 2704 MarxDev2 - ok
19:35:26.0500 2704 MarxDev3 - ok
19:35:26.0500 2704 MMRTKRNL - ok
19:35:26.0500 2704 mnmdd - ok
19:35:26.0515 2704 Modem - ok
19:35:26.0515 2704 Monfilt - ok
19:35:26.0515 2704 Mouclass - ok
19:35:26.0515 2704 mouhid - ok
19:35:26.0515 2704 MountMgr - ok
19:35:26.0531 2704 MpFilter - ok
19:35:26.0531 2704 MpKsl9d91f371 - ok
19:35:26.0531 2704 mraid35x - ok
19:35:26.0546 2704 MRxDAV - ok
19:35:26.0546 2704 MRxSmb - ok
19:35:26.0546 2704 MSDV - ok
19:35:26.0562 2704 Msfs - ok
19:35:26.0562 2704 MSKSSRV - ok
19:35:26.0562 2704 MSPCLOCK - ok
19:35:26.0562 2704 MSPQM - ok
19:35:26.0562 2704 mssmbios - ok
19:35:26.0578 2704 MSTEE - ok
19:35:26.0578 2704 Mup - ok
19:35:26.0578 2704 NABTSFEC - ok
19:35:26.0578 2704 NDIS - ok
19:35:26.0593 2704 NdisIP - ok
19:35:26.0593 2704 NdisTapi - ok
19:35:26.0593 2704 Ndisuio - ok
19:35:26.0609 2704 NdisWan - ok
19:35:26.0609 2704 NDProxy - ok
19:35:26.0609 2704 NetBIOS - ok
19:35:26.0625 2704 NetBT - ok
19:35:26.0625 2704 NetworkX - ok
19:35:26.0640 2704 NIC1394 - ok
19:35:26.0640 2704 nmwcd - ok
19:35:26.0640 2704 nmwcdc - ok
19:35:26.0656 2704 Npfs - ok
19:35:26.0656 2704 Ntfs - ok
19:35:26.0656 2704 Null - ok
19:35:26.0671 2704 nv - ok
19:35:26.0671 2704 NwlnkFlt - ok
19:35:26.0671 2704 NwlnkFwd - ok
19:35:26.0671 2704 ohci1394 - ok
19:35:26.0687 2704 ossrv - ok
19:35:26.0687 2704 P17 - ok
19:35:26.0687 2704 Parport - ok
19:35:26.0687 2704 PartMgr - ok
19:35:26.0703 2704 ParVdm - ok
19:35:26.0703 2704 pccsmcfd - ok
19:35:26.0703 2704 PCI - ok
19:35:26.0703 2704 PCIDump - ok
19:35:26.0703 2704 PCIIde - ok
19:35:26.0718 2704 Pcmcia - ok
19:35:26.0718 2704 pcouffin - ok
19:35:26.0718 2704 PDCOMP - ok
19:35:26.0718 2704 PDFRAME - ok
19:35:26.0718 2704 PDRELI - ok
19:35:26.0734 2704 PDRFRAME - ok
19:35:26.0734 2704 perc2 - ok
19:35:26.0734 2704 perc2hib - ok
19:35:26.0781 2704 PnkBstrK - ok
19:35:26.0781 2704 PptpMiniport - ok
19:35:26.0781 2704 PSched - ok
19:35:26.0796 2704 Ptilink - ok
19:35:26.0796 2704 PxHelp20 - ok
19:35:26.0796 2704 ql1080 - ok
19:35:26.0796 2704 Ql10wnt - ok
19:35:26.0796 2704 ql12160 - ok
19:35:26.0812 2704 ql1240 - ok
19:35:26.0812 2704 ql1280 - ok
19:35:26.0812 2704 RasAcd - ok
19:35:26.0812 2704 Rasl2tp - ok
19:35:26.0812 2704 RasPppoe - ok
19:35:26.0828 2704 Raspti - ok
19:35:26.0828 2704 Rdbss - ok
19:35:26.0828 2704 RDPCDD - ok
19:35:26.0828 2704 rdpdr - ok
19:35:26.0843 2704 RDPWD - ok
19:35:26.0843 2704 redbook - ok
19:35:26.0859 2704 SBRE - ok
19:35:26.0859 2704 Secdrv - ok
19:35:26.0875 2704 serenum - ok
19:35:26.0875 2704 Serial - ok
19:35:26.0906 2704 Sfloppy - ok
19:35:26.0906 2704 Simbad - ok
19:35:26.0906 2704 SLIP - ok
19:35:26.0921 2704 Sparrow - ok
19:35:26.0921 2704 splitter - ok
19:35:26.0921 2704 sptd - ok
19:35:26.0921 2704 sr - ok
19:35:26.0937 2704 Srv - ok
19:35:26.0937 2704 streamip - ok
19:35:26.0937 2704 swenum - ok
19:35:26.0953 2704 swmidi - ok
19:35:26.0953 2704 symc810 - ok
19:35:26.0953 2704 symc8xx - ok
19:35:26.0953 2704 sym_hi - ok
19:35:26.0968 2704 sym_u3 - ok
19:35:26.0968 2704 sysaudio - ok
19:35:26.0968 2704 Tcpip - ok
19:35:26.0968 2704 Tdlpt - ok
19:35:26.0984 2704 TDPIPE - ok
19:35:26.0984 2704 TDTCP - ok
19:35:27.0000 2704 teamviewervpn - ok
19:35:27.0000 2704 TermDD - ok
19:35:27.0015 2704 TosIde - ok
19:35:27.0031 2704 Udfs - ok
19:35:27.0031 2704 ultra - ok
19:35:27.0031 2704 Update - ok
19:35:27.0046 2704 upperdev - ok
19:35:27.0046 2704 usbccgp - ok
19:35:27.0046 2704 usbehci - ok
19:35:27.0046 2704 usbhub - ok
19:35:27.0062 2704 usbscan - ok
19:35:27.0062 2704 usbser - ok
19:35:27.0062 2704 UsbserFilt - ok
19:35:27.0062 2704 USBSTOR - ok
19:35:27.0062 2704 usbuhci - ok
19:35:27.0078 2704 VgaSave - ok
19:35:27.0078 2704 ViaIde - ok
19:35:27.0078 2704 VolSnap - ok
19:35:27.0078 2704 Wanarp - ok
19:35:27.0093 2704 Wdf01000 - ok
19:35:27.0093 2704 WDICA - ok
19:35:27.0093 2704 wdmaud - ok
19:35:27.0109 2704 WpdUsb - ok
19:35:27.0109 2704 WS2IFSL - ok
19:35:27.0125 2704 WSTCODEC - ok
19:35:27.0125 2704 WudfPf - ok
19:35:27.0125 2704 WudfRd - ok
19:35:27.0140 2704 yukonwxp - ok
19:35:27.0171 2704 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:35:27.0250 2704 \Device\Harddisk0\DR0 - ok
19:35:27.0250 2704 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:35:27.0250 2704 \Device\Harddisk1\DR1 - ok
19:35:27.0265 2704 Boot (0x1200) (4b2e45896b9320e46a5e1ff2cd466ee6) \Device\Harddisk1\DR1\Partition0
19:35:27.0265 2704 \Device\Harddisk1\DR1\Partition0 - ok
19:35:27.0265 2704 ============================================================
19:35:27.0265 2704 Scan finished
19:35:27.0265 2704 ============================================================
19:35:27.0265 3908 Detected object count: 0
19:35:27.0265 3908 Actual detected object count: 0
19:35:10.0890 1604 ============================================================
19:35:10.0890 1604 Current date / time: 2013/05/25 19:35:10.0890
19:35:10.0890 1604 SystemInfo:
19:35:10.0890 1604
19:35:10.0890 1604 OS Version: 5.1.2600 ServicePack: 3.0
19:35:10.0890 1604 Product type: Workstation
19:35:10.0890 1604 ComputerName: YOZEF
19:35:10.0890 1604 UserName: YozefB
19:35:10.0890 1604 Windows directory: C:\WINDOWS
19:35:10.0890 1604 System windows directory: C:\WINDOWS
19:35:10.0890 1604 Processor architecture: Intel x86
19:35:10.0890 1604 Number of processors: 2
19:35:10.0890 1604 Page size: 0x1000
19:35:10.0890 1604 Boot type: Normal boot
19:35:10.0890 1604 ============================================================
19:35:11.0375 1604 Drive \Device\Harddisk0\DR0 - Size: 0xE8E1100000 (931.52 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:35:11.0390 1604 Drive \Device\Harddisk1\DR1 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:35:11.0406 1604 \Device\Harddisk0\DR0:
19:35:11.0406 1604 MBR used
19:35:11.0406 1604 \Device\Harddisk1\DR1:
19:35:11.0406 1604 MBR used
19:35:11.0406 1604 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
19:35:11.0421 1604 Initialize success
19:35:11.0421 1604 ============================================================
19:35:14.0375 0732 ============================================================
19:35:14.0375 0732 Scan started
19:35:14.0375 0732 Mode: Manual;
19:35:14.0375 0732 ============================================================
19:35:14.0390 0732 61883 - ok
19:35:14.0406 0732 Abiosdsk - ok
19:35:14.0406 0732 abp480n5 - ok
19:35:14.0406 0732 ACPI - ok
19:35:14.0406 0732 ACPIEC - ok
19:35:14.0421 0732 adpu160m - ok
19:35:14.0421 0732 aec - ok
19:35:14.0421 0732 AFD - ok
19:35:14.0421 0732 Aha154x - ok
19:35:14.0421 0732 aic78u2 - ok
19:35:14.0437 0732 aic78xx - ok
19:35:14.0437 0732 AliIde - ok
19:35:14.0437 0732 Ambfilt - ok
19:35:14.0437 0732 amsint - ok
19:35:14.0453 0732 Arp1394 - ok
19:35:14.0453 0732 asc - ok
19:35:14.0453 0732 asc3350p - ok
19:35:14.0453 0732 asc3550 - ok
19:35:14.0468 0732 Aspi32 - ok
19:35:14.0468 0732 AsyncMac - ok
19:35:14.0468 0732 atapi - ok
19:35:14.0468 0732 Atdisk - ok
19:35:14.0484 0732 Atmarpc - ok
19:35:14.0484 0732 audstub - ok
19:35:14.0500 0732 Avc - ok
19:35:14.0500 0732 Beep - ok
19:35:14.0500 0732 catchme - ok
19:35:14.0500 0732 cbidf2k - ok
19:35:14.0515 0732 CCDECODE - ok
19:35:14.0515 0732 cd20xrnt - ok
19:35:14.0515 0732 Cdaudio - ok
19:35:14.0515 0732 Cdfs - ok
19:35:14.0515 0732 Cdrom - ok
19:35:14.0531 0732 Changer - ok
19:35:14.0531 0732 CmdIde - ok
19:35:14.0546 0732 Cpqarray - ok
19:35:14.0546 0732 ctsfm2k - ok
19:35:14.0546 0732 dac2w2k - ok
19:35:14.0546 0732 dac960nt - ok
19:35:14.0562 0732 Disk - ok
19:35:14.0562 0732 dmboot - ok
19:35:14.0562 0732 dmio - ok
19:35:14.0562 0732 dmload - ok
19:35:14.0578 0732 DMusic - ok
19:35:14.0578 0732 Dokan - ok
19:35:14.0593 0732 dpti2o - ok
19:35:14.0593 0732 drmkaud - ok
19:35:14.0609 0732 esihdrv - ok
19:35:14.0609 0732 Fastfat - ok
19:35:14.0609 0732 Fdc - ok
19:35:14.0625 0732 Fips - ok
19:35:14.0625 0732 Flpydisk - ok
19:35:14.0625 0732 FltMgr - ok
19:35:14.0625 0732 Fs_Rec - ok
19:35:14.0640 0732 Ftdisk - ok
19:35:14.0640 0732 gfibto - ok
19:35:14.0640 0732 ggflt - ok
19:35:14.0640 0732 ggsemc - ok
19:35:14.0640 0732 Gpc - ok
19:35:14.0656 0732 HDAudBus - ok
19:35:14.0656 0732 hidusb - ok
19:35:14.0656 0732 hpn - ok
19:35:14.0671 0732 HTCAND32 - ok
19:35:14.0671 0732 htcnprot - ok
19:35:14.0671 0732 HTTP - ok
19:35:14.0671 0732 i2omgmt - ok
19:35:14.0687 0732 i2omp - ok
19:35:14.0687 0732 i8042prt - ok
19:35:14.0687 0732 iaStor - ok
19:35:14.0687 0732 Imapi - ok
19:35:14.0703 0732 ini910u - ok
19:35:14.0718 0732 IntcAzAudAddService - ok
19:35:14.0718 0732 IntelIde - ok
19:35:14.0718 0732 intelppm - ok
19:35:14.0718 0732 Ip6Fw - ok
19:35:14.0718 0732 IpFilterDriver - ok
19:35:14.0734 0732 IpInIp - ok
19:35:14.0734 0732 IpNat - ok
19:35:14.0734 0732 IPSec - ok
19:35:14.0734 0732 IRENUM - ok
19:35:14.0734 0732 isapnp - ok
19:35:14.0750 0732 Kbdclass - ok
19:35:14.0750 0732 kbdhid - ok
19:35:14.0750 0732 kmixer - ok
19:35:14.0750 0732 KSecDD - ok
19:35:14.0765 0732 lbrtfdc - ok
19:35:14.0765 0732 MarxDev1 - ok
19:35:14.0765 0732 MarxDev2 - ok
19:35:14.0765 0732 MarxDev3 - ok
19:35:14.0781 0732 MMRTKRNL - ok
19:35:14.0781 0732 mnmdd - ok
19:35:14.0796 0732 Modem - ok
19:35:14.0796 0732 Monfilt - ok
19:35:14.0796 0732 Mouclass - ok
19:35:14.0796 0732 mouhid - ok
19:35:14.0796 0732 MountMgr - ok
19:35:14.0812 0732 MpFilter - ok
19:35:14.0812 0732 MpKsl9d91f371 - ok
19:35:14.0812 0732 mraid35x - ok
19:35:14.0812 0732 MRxDAV - ok
19:35:14.0812 0732 MRxSmb - ok
19:35:14.0843 0732 MSDV - ok
19:35:14.0843 0732 Msfs - ok
19:35:14.0843 0732 MSKSSRV - ok
19:35:14.0859 0732 MSPCLOCK - ok
19:35:14.0859 0732 MSPQM - ok
19:35:14.0859 0732 mssmbios - ok
19:35:14.0859 0732 MSTEE - ok
19:35:14.0875 0732 Mup - ok
19:35:14.0875 0732 NABTSFEC - ok
19:35:14.0875 0732 NDIS - ok
19:35:14.0875 0732 NdisIP - ok
19:35:14.0875 0732 NdisTapi - ok
19:35:14.0890 0732 Ndisuio - ok
19:35:14.0890 0732 NdisWan - ok
19:35:14.0890 0732 NDProxy - ok
19:35:14.0890 0732 NetBIOS - ok
19:35:14.0890 0732 NetBT - ok
19:35:14.0906 0732 NetworkX - ok
19:35:14.0906 0732 NIC1394 - ok
19:35:14.0921 0732 nmwcd - ok
19:35:14.0921 0732 nmwcdc - ok
19:35:14.0921 0732 Npfs - ok
19:35:14.0921 0732 Ntfs - ok
19:35:14.0937 0732 Null - ok
19:35:14.0937 0732 nv - ok
19:35:14.0937 0732 NwlnkFlt - ok
19:35:14.0953 0732 NwlnkFwd - ok
19:35:14.0953 0732 ohci1394 - ok
19:35:14.0953 0732 ossrv - ok
19:35:14.0968 0732 P17 - ok
19:35:14.0968 0732 Parport - ok
19:35:14.0968 0732 PartMgr - ok
19:35:14.0968 0732 ParVdm - ok
19:35:14.0968 0732 pccsmcfd - ok
19:35:14.0984 0732 PCI - ok
19:35:14.0984 0732 PCIDump - ok
19:35:14.0984 0732 PCIIde - ok
19:35:14.0984 0732 Pcmcia - ok
19:35:14.0984 0732 pcouffin - ok
19:35:15.0000 0732 PDCOMP - ok
19:35:15.0000 0732 PDFRAME - ok
19:35:15.0000 0732 PDRELI - ok
19:35:15.0000 0732 PDRFRAME - ok
19:35:15.0000 0732 perc2 - ok
19:35:15.0015 0732 perc2hib - ok
19:35:15.0015 0732 PnkBstrK - ok
19:35:15.0031 0732 PptpMiniport - ok
19:35:15.0031 0732 PSched - ok
19:35:15.0031 0732 Ptilink - ok
19:35:15.0031 0732 PxHelp20 - ok
19:35:15.0046 0732 ql1080 - ok
19:35:15.0046 0732 Ql10wnt - ok
19:35:15.0046 0732 ql12160 - ok
19:35:15.0046 0732 ql1240 - ok
19:35:15.0062 0732 ql1280 - ok
19:35:15.0062 0732 RasAcd - ok
19:35:15.0062 0732 Rasl2tp - ok
19:35:15.0078 0732 RasPppoe - ok
19:35:15.0078 0732 Raspti - ok
19:35:15.0078 0732 Rdbss - ok
19:35:15.0078 0732 RDPCDD - ok
19:35:15.0078 0732 rdpdr - ok
19:35:15.0093 0732 RDPWD - ok
19:35:15.0093 0732 redbook - ok
19:35:15.0109 0732 SBRE - ok
19:35:15.0109 0732 Secdrv - ok
19:35:15.0125 0732 serenum - ok
19:35:15.0125 0732 Serial - ok
19:35:15.0140 0732 Sfloppy - ok
19:35:15.0140 0732 Simbad - ok
19:35:15.0140 0732 SLIP - ok
19:35:15.0156 0732 Sparrow - ok
19:35:15.0156 0732 splitter - ok
19:35:15.0171 0732 sptd - ok
19:35:15.0171 0732 sr - ok
19:35:15.0171 0732 Srv - ok
19:35:15.0187 0732 streamip - ok
19:35:15.0187 0732 swenum - ok
19:35:15.0187 0732 swmidi - ok
19:35:15.0187 0732 symc810 - ok
19:35:15.0203 0732 symc8xx - ok
19:35:15.0203 0732 sym_hi - ok
19:35:15.0203 0732 sym_u3 - ok
19:35:15.0203 0732 sysaudio - ok
19:35:15.0203 0732 Tcpip - ok
19:35:15.0218 0732 Tdlpt - ok
19:35:15.0218 0732 TDPIPE - ok
19:35:15.0218 0732 TDTCP - ok
19:35:15.0218 0732 teamviewervpn - ok
19:35:15.0234 0732 TermDD - ok
19:35:15.0234 0732 TosIde - ok
19:35:15.0234 0732 Udfs - ok
19:35:15.0250 0732 ultra - ok
19:35:15.0250 0732 Update - ok
19:35:15.0250 0732 upperdev - ok
19:35:15.0250 0732 usbccgp - ok
19:35:15.0265 0732 usbehci - ok
19:35:15.0265 0732 usbhub - ok
19:35:15.0265 0732 usbscan - ok
19:35:15.0265 0732 usbser - ok
19:35:15.0281 0732 UsbserFilt - ok
19:35:15.0281 0732 USBSTOR - ok
19:35:15.0281 0732 usbuhci - ok
19:35:15.0281 0732 VgaSave - ok
19:35:15.0296 0732 ViaIde - ok
19:35:15.0296 0732 VolSnap - ok
19:35:15.0296 0732 Wanarp - ok
19:35:15.0296 0732 Wdf01000 - ok
19:35:15.0312 0732 WDICA - ok
19:35:15.0312 0732 wdmaud - ok
19:35:15.0328 0732 WpdUsb - ok
19:35:15.0328 0732 WS2IFSL - ok
19:35:15.0328 0732 WSTCODEC - ok
19:35:15.0343 0732 WudfPf - ok
19:35:15.0343 0732 WudfRd - ok
19:35:15.0343 0732 yukonwxp - ok
19:35:15.0375 0732 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:35:15.0531 0732 \Device\Harddisk0\DR0 - ok
19:35:15.0531 0732 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:35:15.0531 0732 \Device\Harddisk1\DR1 - ok
19:35:15.0531 0732 Boot (0x1200) (4b2e45896b9320e46a5e1ff2cd466ee6) \Device\Harddisk1\DR1\Partition0
19:35:15.0531 0732 \Device\Harddisk1\DR1\Partition0 - ok
19:35:15.0531 0732 ============================================================
19:35:15.0531 0732 Scan finished
19:35:15.0531 0732 ============================================================
19:35:15.0546 0464 Detected object count: 0
19:35:15.0546 0464 Actual detected object count: 0
19:35:26.0109 2704 ============================================================
19:35:26.0109 2704 Scan started
19:35:26.0109 2704 Mode: Manual;
19:35:26.0109 2704 ============================================================
19:35:26.0125 2704 61883 - ok
19:35:26.0125 2704 Abiosdsk - ok
19:35:26.0125 2704 abp480n5 - ok
19:35:26.0125 2704 ACPI - ok
19:35:26.0140 2704 ACPIEC - ok
19:35:26.0140 2704 adpu160m - ok
19:35:26.0140 2704 aec - ok
19:35:26.0140 2704 AFD - ok
19:35:26.0156 2704 Aha154x - ok
19:35:26.0156 2704 aic78u2 - ok
19:35:26.0156 2704 aic78xx - ok
19:35:26.0156 2704 AliIde - ok
19:35:26.0171 2704 Ambfilt - ok
19:35:26.0171 2704 amsint - ok
19:35:26.0171 2704 Arp1394 - ok
19:35:26.0171 2704 asc - ok
19:35:26.0171 2704 asc3350p - ok
19:35:26.0187 2704 asc3550 - ok
19:35:26.0187 2704 Aspi32 - ok
19:35:26.0187 2704 AsyncMac - ok
19:35:26.0203 2704 atapi - ok
19:35:26.0203 2704 Atdisk - ok
19:35:26.0203 2704 Atmarpc - ok
19:35:26.0218 2704 audstub - ok
19:35:26.0218 2704 Avc - ok
19:35:26.0218 2704 Beep - ok
19:35:26.0218 2704 catchme - ok
19:35:26.0234 2704 cbidf2k - ok
19:35:26.0234 2704 CCDECODE - ok
19:35:26.0234 2704 cd20xrnt - ok
19:35:26.0234 2704 Cdaudio - ok
19:35:26.0234 2704 Cdfs - ok
19:35:26.0250 2704 Cdrom - ok
19:35:26.0250 2704 Changer - ok
19:35:26.0250 2704 CmdIde - ok
19:35:26.0265 2704 Cpqarray - ok
19:35:26.0265 2704 ctsfm2k - ok
19:35:26.0265 2704 dac2w2k - ok
19:35:26.0281 2704 dac960nt - ok
19:35:26.0281 2704 Disk - ok
19:35:26.0281 2704 dmboot - ok
19:35:26.0281 2704 dmio - ok
19:35:26.0296 2704 dmload - ok
19:35:26.0296 2704 DMusic - ok
19:35:26.0296 2704 Dokan - ok
19:35:26.0296 2704 dpti2o - ok
19:35:26.0312 2704 drmkaud - ok
19:35:26.0312 2704 esihdrv - ok
19:35:26.0328 2704 Fastfat - ok
19:35:26.0328 2704 Fdc - ok
19:35:26.0328 2704 Fips - ok
19:35:26.0343 2704 Flpydisk - ok
19:35:26.0343 2704 FltMgr - ok
19:35:26.0343 2704 Fs_Rec - ok
19:35:26.0343 2704 Ftdisk - ok
19:35:26.0343 2704 gfibto - ok
19:35:26.0359 2704 ggflt - ok
19:35:26.0359 2704 ggsemc - ok
19:35:26.0359 2704 Gpc - ok
19:35:26.0359 2704 HDAudBus - ok
19:35:26.0375 2704 hidusb - ok
19:35:26.0375 2704 hpn - ok
19:35:26.0375 2704 HTCAND32 - ok
19:35:26.0390 2704 htcnprot - ok
19:35:26.0390 2704 HTTP - ok
19:35:26.0390 2704 i2omgmt - ok
19:35:26.0390 2704 i2omp - ok
19:35:26.0390 2704 i8042prt - ok
19:35:26.0406 2704 iaStor - ok
19:35:26.0406 2704 Imapi - ok
19:35:26.0406 2704 ini910u - ok
19:35:26.0421 2704 IntcAzAudAddService - ok
19:35:26.0421 2704 IntelIde - ok
19:35:26.0421 2704 intelppm - ok
19:35:26.0437 2704 Ip6Fw - ok
19:35:26.0437 2704 IpFilterDriver - ok
19:35:26.0437 2704 IpInIp - ok
19:35:26.0437 2704 IpNat - ok
19:35:26.0437 2704 IPSec - ok
19:35:26.0453 2704 IRENUM - ok
19:35:26.0453 2704 isapnp - ok
19:35:26.0453 2704 Kbdclass - ok
19:35:26.0453 2704 kbdhid - ok
19:35:26.0468 2704 kmixer - ok
19:35:26.0468 2704 KSecDD - ok
19:35:26.0484 2704 lbrtfdc - ok
19:35:26.0484 2704 MarxDev1 - ok
19:35:26.0500 2704 MarxDev2 - ok
19:35:26.0500 2704 MarxDev3 - ok
19:35:26.0500 2704 MMRTKRNL - ok
19:35:26.0500 2704 mnmdd - ok
19:35:26.0515 2704 Modem - ok
19:35:26.0515 2704 Monfilt - ok
19:35:26.0515 2704 Mouclass - ok
19:35:26.0515 2704 mouhid - ok
19:35:26.0515 2704 MountMgr - ok
19:35:26.0531 2704 MpFilter - ok
19:35:26.0531 2704 MpKsl9d91f371 - ok
19:35:26.0531 2704 mraid35x - ok
19:35:26.0546 2704 MRxDAV - ok
19:35:26.0546 2704 MRxSmb - ok
19:35:26.0546 2704 MSDV - ok
19:35:26.0562 2704 Msfs - ok
19:35:26.0562 2704 MSKSSRV - ok
19:35:26.0562 2704 MSPCLOCK - ok
19:35:26.0562 2704 MSPQM - ok
19:35:26.0562 2704 mssmbios - ok
19:35:26.0578 2704 MSTEE - ok
19:35:26.0578 2704 Mup - ok
19:35:26.0578 2704 NABTSFEC - ok
19:35:26.0578 2704 NDIS - ok
19:35:26.0593 2704 NdisIP - ok
19:35:26.0593 2704 NdisTapi - ok
19:35:26.0593 2704 Ndisuio - ok
19:35:26.0609 2704 NdisWan - ok
19:35:26.0609 2704 NDProxy - ok
19:35:26.0609 2704 NetBIOS - ok
19:35:26.0625 2704 NetBT - ok
19:35:26.0625 2704 NetworkX - ok
19:35:26.0640 2704 NIC1394 - ok
19:35:26.0640 2704 nmwcd - ok
19:35:26.0640 2704 nmwcdc - ok
19:35:26.0656 2704 Npfs - ok
19:35:26.0656 2704 Ntfs - ok
19:35:26.0656 2704 Null - ok
19:35:26.0671 2704 nv - ok
19:35:26.0671 2704 NwlnkFlt - ok
19:35:26.0671 2704 NwlnkFwd - ok
19:35:26.0671 2704 ohci1394 - ok
19:35:26.0687 2704 ossrv - ok
19:35:26.0687 2704 P17 - ok
19:35:26.0687 2704 Parport - ok
19:35:26.0687 2704 PartMgr - ok
19:35:26.0703 2704 ParVdm - ok
19:35:26.0703 2704 pccsmcfd - ok
19:35:26.0703 2704 PCI - ok
19:35:26.0703 2704 PCIDump - ok
19:35:26.0703 2704 PCIIde - ok
19:35:26.0718 2704 Pcmcia - ok
19:35:26.0718 2704 pcouffin - ok
19:35:26.0718 2704 PDCOMP - ok
19:35:26.0718 2704 PDFRAME - ok
19:35:26.0718 2704 PDRELI - ok
19:35:26.0734 2704 PDRFRAME - ok
19:35:26.0734 2704 perc2 - ok
19:35:26.0734 2704 perc2hib - ok
19:35:26.0781 2704 PnkBstrK - ok
19:35:26.0781 2704 PptpMiniport - ok
19:35:26.0781 2704 PSched - ok
19:35:26.0796 2704 Ptilink - ok
19:35:26.0796 2704 PxHelp20 - ok
19:35:26.0796 2704 ql1080 - ok
19:35:26.0796 2704 Ql10wnt - ok
19:35:26.0796 2704 ql12160 - ok
19:35:26.0812 2704 ql1240 - ok
19:35:26.0812 2704 ql1280 - ok
19:35:26.0812 2704 RasAcd - ok
19:35:26.0812 2704 Rasl2tp - ok
19:35:26.0812 2704 RasPppoe - ok
19:35:26.0828 2704 Raspti - ok
19:35:26.0828 2704 Rdbss - ok
19:35:26.0828 2704 RDPCDD - ok
19:35:26.0828 2704 rdpdr - ok
19:35:26.0843 2704 RDPWD - ok
19:35:26.0843 2704 redbook - ok
19:35:26.0859 2704 SBRE - ok
19:35:26.0859 2704 Secdrv - ok
19:35:26.0875 2704 serenum - ok
19:35:26.0875 2704 Serial - ok
19:35:26.0906 2704 Sfloppy - ok
19:35:26.0906 2704 Simbad - ok
19:35:26.0906 2704 SLIP - ok
19:35:26.0921 2704 Sparrow - ok
19:35:26.0921 2704 splitter - ok
19:35:26.0921 2704 sptd - ok
19:35:26.0921 2704 sr - ok
19:35:26.0937 2704 Srv - ok
19:35:26.0937 2704 streamip - ok
19:35:26.0937 2704 swenum - ok
19:35:26.0953 2704 swmidi - ok
19:35:26.0953 2704 symc810 - ok
19:35:26.0953 2704 symc8xx - ok
19:35:26.0953 2704 sym_hi - ok
19:35:26.0968 2704 sym_u3 - ok
19:35:26.0968 2704 sysaudio - ok
19:35:26.0968 2704 Tcpip - ok
19:35:26.0968 2704 Tdlpt - ok
19:35:26.0984 2704 TDPIPE - ok
19:35:26.0984 2704 TDTCP - ok
19:35:27.0000 2704 teamviewervpn - ok
19:35:27.0000 2704 TermDD - ok
19:35:27.0015 2704 TosIde - ok
19:35:27.0031 2704 Udfs - ok
19:35:27.0031 2704 ultra - ok
19:35:27.0031 2704 Update - ok
19:35:27.0046 2704 upperdev - ok
19:35:27.0046 2704 usbccgp - ok
19:35:27.0046 2704 usbehci - ok
19:35:27.0046 2704 usbhub - ok
19:35:27.0062 2704 usbscan - ok
19:35:27.0062 2704 usbser - ok
19:35:27.0062 2704 UsbserFilt - ok
19:35:27.0062 2704 USBSTOR - ok
19:35:27.0062 2704 usbuhci - ok
19:35:27.0078 2704 VgaSave - ok
19:35:27.0078 2704 ViaIde - ok
19:35:27.0078 2704 VolSnap - ok
19:35:27.0078 2704 Wanarp - ok
19:35:27.0093 2704 Wdf01000 - ok
19:35:27.0093 2704 WDICA - ok
19:35:27.0093 2704 wdmaud - ok
19:35:27.0109 2704 WpdUsb - ok
19:35:27.0109 2704 WS2IFSL - ok
19:35:27.0125 2704 WSTCODEC - ok
19:35:27.0125 2704 WudfPf - ok
19:35:27.0125 2704 WudfRd - ok
19:35:27.0140 2704 yukonwxp - ok
19:35:27.0171 2704 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:35:27.0250 2704 \Device\Harddisk0\DR0 - ok
19:35:27.0250 2704 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:35:27.0250 2704 \Device\Harddisk1\DR1 - ok
19:35:27.0265 2704 Boot (0x1200) (4b2e45896b9320e46a5e1ff2cd466ee6) \Device\Harddisk1\DR1\Partition0
19:35:27.0265 2704 \Device\Harddisk1\DR1\Partition0 - ok
19:35:27.0265 2704 ============================================================
19:35:27.0265 2704 Scan finished
19:35:27.0265 2704 ============================================================
19:35:27.0265 3908 Detected object count: 0
19:35:27.0265 3908 Actual detected object count: 0
-
Rudy
- Site Admin
- Příspěvky: 119526
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: problem s websearch.searchmainia.info
Toto je OK. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: problem s websearch.searchmainia.info
dakujem, ano, na FF to zmizlo hned na IE som musel nastavit domovsku stranku manualne, no otvtedy to funguje 
-
Rudy
- Site Admin
- Příspěvky: 119526
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: problem s websearch.searchmainia.info
Nemáte zač! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?