Dobry den,
objavuje sa mi aplikacia XP Smart Security, neda sa nic ine spustit (pri spusteni hocijakej aplikacie sa objavi tabulka XP smart security).
V task manageri som ukoncil proces "ave.exe",
potom som vymazal subory
C:\Documents and Settings\Zuzana Kazmerova\Local Settings\Application Data\av.exe
C:\Documents and Settings\Zuzana Kazmerova\Local Settings\Application Data\ave.exe
a nakoniec vo folder options -> file types som priradil koncovke exe aby sa spustala ako aplikacia
po tychto krokoch zmiznu problemy na par minut (10 - 20) ale potom sa znova objavi subor ave.exe. Rovnako sa spusti aj po restarte.
Skusal som pocitac prebehnut ad aware-om ale nic nenasiel
log (ked bol ave.exe killnuty):
Logfile of random's system information tool 1.06 (written by random/random)
Run by Zuzana Kazmerova at 2010-03-20 08:34:11
Microsoft Windows XP Professional Service Pack 2
System drive C: has 323 MB (0%) free of 81 GB
Total RAM: 1022 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:20, on 20. 3. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Zuzana Kazmerova\Desktop\RSIT.exe
C:\Program Files\trend micro\Zuzana Kazmerova.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... channel=us
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: ihaupd32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4032048046
O17 - HKLM\System\CCS\Services\Tcpip\..\{180C94CC-DDE3-4DD1-9500-8DE8C5C98AE7}: NameServer = 213.151.208.162,192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{180C94CC-DDE3-4DD1-9500-8DE8C5C98AE7}: NameServer = 213.151.208.162,192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Plugin Manager\Skype4COM.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 10388 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2006-11-06 722472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}]
McAfee AntiPhishing Filter - c:\program files\mcafee\spamkiller\mcapfbho.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-12 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-03 762864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-12 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mcafee.com\vso\mcvsshl.dll []
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-12 256112]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-05-01 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-05-01 602182]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2006-04-06 1032192]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-10 49152]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"FinePrint Dispatcher v5"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe [2004-11-10 442368]
"pdfFactory Pro Dispatcher v2"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe [2004-11-19 442368]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2005-09-27 169984]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-10-28 94208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe [2007-11-13 135168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-09-12 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Zuzana Kazmerova^Start Menu^Programs^Startup^ihaupd32.exe]
C:\Documents and Settings\Zuzana Kazmerova\Start Menu\Programs\Startup\ihaupd32.exe [2004-08-10 34816]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NwSapAgent"=2
"MSSQLServerADHelper"=3
"MSSQL$MICROSOFTSMLBIZ"=2
C:\Documents and Settings\Zuzana Kazmerova\Start Menu\Programs\Startup
ihaupd32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f83d83c7-0640-11dd-853d-0016cffdf248}]
shell\AutoRun\command - F:\ZNOJE///misejaja.exe
shell\open\command - F:\ZNOJE///misejaja.exe
======List of files/folders created in the last 1 months======
2010-03-14 09:18:08 ----D---- C:\Program Files\Avira
2010-03-14 09:18:08 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
======List of files/folders modified in the last 1 months======
2010-03-20 08:34:12 ----D---- C:\Program Files\trend micro
2010-03-20 08:31:37 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-20 08:31:25 ----D---- C:\WINDOWS
2010-03-20 08:31:08 ----AD---- C:\Qoobox
2010-03-20 08:30:33 ----D---- C:\WINDOWS\Prefetch
2010-03-20 08:17:44 ----RASH---- C:\boot.ini
2010-03-20 08:17:44 ----A---- C:\WINDOWS\win.ini
2010-03-20 08:17:44 ----A---- C:\WINDOWS\system.ini
2010-03-20 08:16:55 ----D---- C:\Program Files\Mozilla Firefox
2010-03-20 08:14:50 ----RSHD---- C:\RECYCLER
2010-03-20 08:14:33 ----D---- C:\WINDOWS\Temp
2010-03-20 08:13:31 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-20 08:13:27 ----D---- C:\WINDOWS\Registration
2010-03-20 08:13:26 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2010-03-19 23:39:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-19 21:56:10 ----SD---- C:\WINDOWS\Tasks
2010-03-19 21:24:20 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-19 21:22:58 ----D---- C:\WINDOWS\pss
2010-03-19 21:12:40 ----D---- C:\Program Files\ICQToolbar
2010-03-19 20:56:55 ----SHD---- C:\WINDOWS\system32\dllcache
2010-03-19 20:56:47 ----D---- C:\WINDOWS\system32\drivers
2010-03-19 20:47:27 ----SHD---- C:\WINDOWS\CSC
2010-03-19 20:47:26 ----D---- C:\WINDOWS\Minidump
2010-03-19 20:43:00 ----D---- C:\Documents and Settings\Zuzana Kazmerova\Application Data\uTorrent
2010-03-16 22:36:04 ----A---- C:\WINDOWS\wdict32.INI
2010-03-15 11:53:37 ----HD---- C:\WINDOWS\inf
2010-03-14 17:51:43 ----D---- C:\Program Files\Digsby
2010-03-14 09:18:08 ----D---- C:\Program Files
2010-03-14 09:12:53 ----SHD---- C:\WINDOWS\Installer
2010-03-14 09:12:51 ----D---- C:\WINDOWS\WinSxS
2010-03-14 09:12:51 ----D---- C:\Program Files\Common Files\Microsoft Shared
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2005-11-11 80640]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-10 223616]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-08-31 21275]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-08-31 8552]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-10 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-05-01 13568]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-25 328237]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-25 851434]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-25 66488]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-10 163584]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-10 67584]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-10 12416]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-26 27264]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-26 1429632]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner; C:\WINDOWS\system32\drivers\AVerFx2hbtv.sys [2008-01-15 257024]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-25 30427]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-24 148900]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-05-24 45683]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-25 30285]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cglptnt;cglptnt; \??\C:\Program Files\totalcmd\cglptnt.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-04 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-08-10 114464]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-10 11136]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-10 10240]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-08-17 26624]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 TridVid;TM6000 TV Service; C:\WINDOWS\system32\DRIVERS\TridVid.sys [2007-12-24 230528]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-25 266295]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-10-01 96341]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-05-01 114753]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-05-01 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-05-01 540745]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2006-05-01 262217]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-10 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 dlcg_device;dlcg_device; C:\WINDOWS\system32\dlcgcoms.exe [2005-10-28 491520]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-12 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-08 1181328]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S3 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [2005-05-04 323584]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
S4 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [2005-05-04 9150464]
S4 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-04 73728]
S4 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
xp smart security
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119390
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: xp smart security
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: xp smart security
ComboFix 10-03-19.08 - Zuzana Kazmerova . 03. 2010 12:33:22.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1022.507 [GMT 1:00]
Running from: c:\documents and settings\Zuzana Kazmerova\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users.\documents\settings
c:\documents and settings\All Users.\documents\settings\cbss.dll
c:\documents and settings\All Users\Documents\Settings\cbss.dll
c:\documents and settings\Zuzana Kazmerova\Application Data\wiaservg.log
c:\documents and settings\Zuzana Kazmerova\csrss.exe
c:\documents and settings\Zuzana Kazmerova\Start Menu\Programs\Startup\ihaupd32.exe
c:\recycler\S-1-5-21-2833181697-9057709901-108171553-1477
c:\recycler\S-1-5-21-2932109431-8312586887-997241072-3212
c:\recycler\S-1-5-21-3018891650-5490887162-595749567-5620
c:\recycler\S-1-5-21-4619103987-4418980180-099705210-5585
c:\recycler\S-1-5-21-5468337266-0906472253-998362274-8993
c:\recycler\S-1-5-21-5913938585-4813212243-637642234-9192
c:\recycler\S-1-5-21-7266768562-0481533756-305914128-2920
c:\recycler\S-1-5-21-9075476801-7654599740-974757112-7899
c:\recycler\S-1-5-21-9767446758-6014106671-344461572-1204
c:\recycler\S-1-5-21-9767446758-6014106671-344461572-1204\Desktop.ini
c:\recycler\S-1-5-21-9767446758-6014106671-344461572-1204\vhg32.exe
c:\windows\system32\drivers\uyxxuf.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_uyxxuf
-------\Service_uyxxuf
((((((((((((((((((((((((( Files Created from 2010-02-20 to 2010-03-20 )))))))))))))))))))))))))))))))
.
2010-03-20 09:59 . 2010-03-20 09:59 -------- d--h--w- c:\windows\PIF
2010-03-19 19:56 . 2010-03-19 22:39 206336 --sha-w- c:\documents and settings\Zuzana Kazmerova\Local Settings\Application Data\3098567375.dll
2010-03-14 08:18 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-14 08:18 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-14 08:18 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-14 08:18 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-14 08:18 . 2010-03-14 08:18 -------- d-----w- c:\program files\Avira
2010-03-14 08:18 . 2010-03-14 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-20 07:34 . 2010-01-09 09:38 -------- d-----w- c:\program files\trend micro
2010-03-19 20:12 . 2008-11-09 08:56 -------- d-----w- c:\program files\ICQToolbar
2010-03-19 19:43 . 2008-10-13 12:22 -------- d-----w- c:\documents and settings\Zuzana Kazmerova\Application Data\uTorrent
2010-03-14 16:51 . 2009-09-12 12:06 -------- d-----w- c:\program files\Digsby
2010-03-06 10:16 . 2010-01-24 22:16 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-20 08:32 . 2008-10-13 12:22 -------- d-----w- c:\program files\uTorrent
2010-02-08 22:19 . 2010-01-16 10:20 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-08 22:19 . 2010-01-16 10:18 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-08 22:19 . 2010-01-16 10:18 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-25 17:39 . 2006-09-11 02:56 77240 ----a-w- c:\documents and settings\Zuzana Kazmerova\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-13 16:24 . 2006-09-11 02:56 3818 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-01-14_19.09.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- 2009-06-02 16:20 . 2009-09-12 06:29 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-06-02 16:20 . 2010-02-13 21:54 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2010-03-14 08:18 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2006-09-09 02:34 . 2010-03-19 22:27 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-09-09 02:34 . 2010-01-10 09:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-09-09 02:34 . 2010-01-10 09:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-09-09 02:34 . 2010-03-19 22:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-01-16 10:21 . 2010-03-19 22:27 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-09-09 02:34 . 2010-01-10 09:48 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2010-03-14 08:12 . 2010-03-14 08:12 228352 c:\windows\Installer\7fc93.msi
+ 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2004-11-10 442368]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-11-19 442368]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Zuzana Kazmerova^Start Menu^Programs^Startup^ihaupd32.exe]
path=c:\documents and settings\Zuzana Kazmerova\Start Menu\Programs\Startup\ihaupd32.exe
backup=c:\windows\pss\ihaupd32.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
2007-11-13 21:46 135168 ----a-w- c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-09-12 13:34 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 21:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NwSapAgent"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9. 1. 2010 11:16 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14. 3. 2010 9:18 108289]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [22. 12. 2008 0:28 257024]
S3 cglptnt;cglptnt;c:\program files\totalcmd\CGLPTNT.SYS [17. 3. 2008 15:40 7888]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2. 12. 2009 14:19 1181328]
S3 TridVid;TM6000 TV Service;c:\windows\system32\drivers\TridVid.sys [27. 12. 2008 16:25 230528]
.
Contents of the 'Scheduled Tasks' folder
2010-03-20 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-19 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-19 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-19 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.dell.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {180C94CC-DDE3-4DD1-9500-8DE8C5C98AE7} = 213.151.208.162,192.168.0.1
FF - ProfilePath - c:\documents and settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-20 12:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1128)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1160)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2010-03-20 12:51:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-20 11:51
ComboFix2.txt 2010-01-14 20:07
ComboFix3.txt 2010-01-14 19:16
Pre-Run: 2 964 480 000 bytes free
Post-Run: 2 927 644 672 bytes free
- - End Of File - - 3F97E42EFCFB5EA1675CA830292C2B66
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1022.507 [GMT 1:00]
Running from: c:\documents and settings\Zuzana Kazmerova\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users.\documents\settings
c:\documents and settings\All Users.\documents\settings\cbss.dll
c:\documents and settings\All Users\Documents\Settings\cbss.dll
c:\documents and settings\Zuzana Kazmerova\Application Data\wiaservg.log
c:\documents and settings\Zuzana Kazmerova\csrss.exe
c:\documents and settings\Zuzana Kazmerova\Start Menu\Programs\Startup\ihaupd32.exe
c:\recycler\S-1-5-21-2833181697-9057709901-108171553-1477
c:\recycler\S-1-5-21-2932109431-8312586887-997241072-3212
c:\recycler\S-1-5-21-3018891650-5490887162-595749567-5620
c:\recycler\S-1-5-21-4619103987-4418980180-099705210-5585
c:\recycler\S-1-5-21-5468337266-0906472253-998362274-8993
c:\recycler\S-1-5-21-5913938585-4813212243-637642234-9192
c:\recycler\S-1-5-21-7266768562-0481533756-305914128-2920
c:\recycler\S-1-5-21-9075476801-7654599740-974757112-7899
c:\recycler\S-1-5-21-9767446758-6014106671-344461572-1204
c:\recycler\S-1-5-21-9767446758-6014106671-344461572-1204\Desktop.ini
c:\recycler\S-1-5-21-9767446758-6014106671-344461572-1204\vhg32.exe
c:\windows\system32\drivers\uyxxuf.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_uyxxuf
-------\Service_uyxxuf
((((((((((((((((((((((((( Files Created from 2010-02-20 to 2010-03-20 )))))))))))))))))))))))))))))))
.
2010-03-20 09:59 . 2010-03-20 09:59 -------- d--h--w- c:\windows\PIF
2010-03-19 19:56 . 2010-03-19 22:39 206336 --sha-w- c:\documents and settings\Zuzana Kazmerova\Local Settings\Application Data\3098567375.dll
2010-03-14 08:18 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-14 08:18 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-14 08:18 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-14 08:18 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-14 08:18 . 2010-03-14 08:18 -------- d-----w- c:\program files\Avira
2010-03-14 08:18 . 2010-03-14 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-20 07:34 . 2010-01-09 09:38 -------- d-----w- c:\program files\trend micro
2010-03-19 20:12 . 2008-11-09 08:56 -------- d-----w- c:\program files\ICQToolbar
2010-03-19 19:43 . 2008-10-13 12:22 -------- d-----w- c:\documents and settings\Zuzana Kazmerova\Application Data\uTorrent
2010-03-14 16:51 . 2009-09-12 12:06 -------- d-----w- c:\program files\Digsby
2010-03-06 10:16 . 2010-01-24 22:16 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-20 08:32 . 2008-10-13 12:22 -------- d-----w- c:\program files\uTorrent
2010-02-08 22:19 . 2010-01-16 10:20 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-08 22:19 . 2010-01-16 10:18 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-08 22:19 . 2010-01-16 10:18 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-25 17:39 . 2006-09-11 02:56 77240 ----a-w- c:\documents and settings\Zuzana Kazmerova\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-13 16:24 . 2006-09-11 02:56 3818 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-01-14_19.09.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- 2009-06-02 16:20 . 2009-09-12 06:29 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-06-02 16:20 . 2010-02-13 21:54 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2010-03-14 08:18 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2006-09-09 02:34 . 2010-03-19 22:27 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-09-09 02:34 . 2010-01-10 09:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-09-09 02:34 . 2010-01-10 09:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-09-09 02:34 . 2010-03-19 22:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-01-16 10:21 . 2010-03-19 22:27 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-09-09 02:34 . 2010-01-10 09:48 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2010-03-14 08:12 . 2010-03-14 08:12 228352 c:\windows\Installer\7fc93.msi
+ 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2004-11-10 442368]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-11-19 442368]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Zuzana Kazmerova^Start Menu^Programs^Startup^ihaupd32.exe]
path=c:\documents and settings\Zuzana Kazmerova\Start Menu\Programs\Startup\ihaupd32.exe
backup=c:\windows\pss\ihaupd32.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
2007-11-13 21:46 135168 ----a-w- c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-09-12 13:34 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 21:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NwSapAgent"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9. 1. 2010 11:16 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14. 3. 2010 9:18 108289]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [22. 12. 2008 0:28 257024]
S3 cglptnt;cglptnt;c:\program files\totalcmd\CGLPTNT.SYS [17. 3. 2008 15:40 7888]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2. 12. 2009 14:19 1181328]
S3 TridVid;TM6000 TV Service;c:\windows\system32\drivers\TridVid.sys [27. 12. 2008 16:25 230528]
.
Contents of the 'Scheduled Tasks' folder
2010-03-20 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-19 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-19 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-19 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.dell.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {180C94CC-DDE3-4DD1-9500-8DE8C5C98AE7} = 213.151.208.162,192.168.0.1
FF - ProfilePath - c:\documents and settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-20 12:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1128)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1160)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2010-03-20 12:51:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-20 11:51
ComboFix2.txt 2010-01-14 20:07
ComboFix3.txt 2010-01-14 19:16
Pre-Run: 2 964 480 000 bytes free
Post-Run: 2 927 644 672 bytes free
- - End Of File - - 3F97E42EFCFB5EA1675CA830292C2B66
-
Rudy
- Site Admin
- Příspěvky: 119390
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: xp smart security
Ještě dočistíme. Otevřtze poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Collect::
c:\documents and settings\Zuzana Kazmerova\Local Settings\Application Data\3098567375.dll
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: xp smart security
ComboFix 10-03-19.08 - Zuzana Kazmerova . 03. 2010 11:04:19.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1022.596 [GMT 1:00]
Running from: c:\documents and settings\Zuzana Kazmerova\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Zuzana Kazmerova\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
file zipped: c:\documents and settings\Zuzana Kazmerova\Local Settings\Application Data\3098567375.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Zuzana Kazmerova\Local Settings\Application Data\3098567375.dll
.
((((((((((((((((((((((((( Files Created from 2010-02-21 to 2010-03-21 )))))))))))))))))))))))))))))))
.
2010-03-20 09:59 . 2010-03-20 09:59 -------- d--h--w- c:\windows\PIF
2010-03-14 08:18 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-14 08:18 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-14 08:18 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-14 08:18 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-14 08:18 . 2010-03-14 08:18 -------- d-----w- c:\program files\Avira
2010-03-14 08:18 . 2010-03-14 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-20 07:34 . 2010-01-09 09:38 -------- d-----w- c:\program files\trend micro
2010-03-19 20:12 . 2008-11-09 08:56 -------- d-----w- c:\program files\ICQToolbar
2010-03-19 19:43 . 2008-10-13 12:22 -------- d-----w- c:\documents and settings\Zuzana Kazmerova\Application Data\uTorrent
2010-03-14 16:51 . 2009-09-12 12:06 -------- d-----w- c:\program files\Digsby
2010-03-06 10:16 . 2010-01-24 22:16 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-20 08:32 . 2008-10-13 12:22 -------- d-----w- c:\program files\uTorrent
2010-02-08 22:19 . 2010-01-16 10:20 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-08 22:19 . 2010-01-16 10:18 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-08 22:19 . 2010-01-16 10:18 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-25 17:39 . 2006-09-11 02:56 77240 ----a-w- c:\documents and settings\Zuzana Kazmerova\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-13 16:24 . 2006-09-11 02:56 3818 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-01-14_19.09.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- 2009-06-02 16:20 . 2009-09-12 06:29 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-06-02 16:20 . 2010-02-13 21:54 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2010-03-14 08:18 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2006-09-09 02:34 . 2010-03-19 22:27 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-09-09 02:34 . 2010-01-10 09:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-09-09 02:34 . 2010-01-10 09:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-09-09 02:34 . 2010-03-19 22:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2010-03-14 08:12 . 2010-03-14 08:12 228352 c:\windows\Installer\7fc93.msi
+ 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2004-11-10 442368]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-11-19 442368]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Zuzana Kazmerova^Start Menu^Programs^Startup^ihaupd32.exe]
path=c:\documents and settings\Zuzana Kazmerova\Start Menu\Programs\Startup\ihaupd32.exe
backup=c:\windows\pss\ihaupd32.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
2007-11-13 21:46 135168 ----a-w- c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-09-12 13:34 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 21:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NwSapAgent"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9. 1. 2010 11:16 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14. 3. 2010 9:18 108289]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [22. 12. 2008 0:28 257024]
S3 cglptnt;cglptnt;c:\program files\totalcmd\CGLPTNT.SYS [17. 3. 2008 15:40 7888]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2. 12. 2009 14:19 1181328]
S3 TridVid;TM6000 TV Service;c:\windows\system32\drivers\TridVid.sys [27. 12. 2008 16:25 230528]
.
Contents of the 'Scheduled Tasks' folder
2010-03-20 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-20 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-20 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-19 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.dell.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {180C94CC-DDE3-4DD1-9500-8DE8C5C98AE7} = 213.151.208.162,192.168.0.1
FF - ProfilePath - c:\documents and settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-21 11:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1136)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-21 11:13:09
ComboFix-quarantined-files.txt 2010-03-21 10:13
ComboFix2.txt 2010-03-20 11:51
ComboFix3.txt 2010-01-14 20:07
ComboFix4.txt 2010-01-14 19:16
Pre-Run: 2 897 838 080 bytes free
Post-Run: 2 858 315 776 bytes free
- - End Of File - - BD8A09A1F21882BE032BBB7C70E8B9F4
Upload was successful
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1022.596 [GMT 1:00]
Running from: c:\documents and settings\Zuzana Kazmerova\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Zuzana Kazmerova\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
file zipped: c:\documents and settings\Zuzana Kazmerova\Local Settings\Application Data\3098567375.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Zuzana Kazmerova\Local Settings\Application Data\3098567375.dll
.
((((((((((((((((((((((((( Files Created from 2010-02-21 to 2010-03-21 )))))))))))))))))))))))))))))))
.
2010-03-20 09:59 . 2010-03-20 09:59 -------- d--h--w- c:\windows\PIF
2010-03-14 08:18 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-14 08:18 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-14 08:18 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-14 08:18 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-14 08:18 . 2010-03-14 08:18 -------- d-----w- c:\program files\Avira
2010-03-14 08:18 . 2010-03-14 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-20 07:34 . 2010-01-09 09:38 -------- d-----w- c:\program files\trend micro
2010-03-19 20:12 . 2008-11-09 08:56 -------- d-----w- c:\program files\ICQToolbar
2010-03-19 19:43 . 2008-10-13 12:22 -------- d-----w- c:\documents and settings\Zuzana Kazmerova\Application Data\uTorrent
2010-03-14 16:51 . 2009-09-12 12:06 -------- d-----w- c:\program files\Digsby
2010-03-06 10:16 . 2010-01-24 22:16 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-20 08:32 . 2008-10-13 12:22 -------- d-----w- c:\program files\uTorrent
2010-02-08 22:19 . 2010-01-16 10:20 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-08 22:19 . 2010-01-16 10:18 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-08 22:19 . 2010-01-16 10:18 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-25 17:39 . 2006-09-11 02:56 77240 ----a-w- c:\documents and settings\Zuzana Kazmerova\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-13 16:24 . 2006-09-11 02:56 3818 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-01-14_19.09.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- 2009-06-02 16:20 . 2009-09-12 06:29 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-06-02 16:20 . 2010-02-13 21:54 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2010-03-14 08:18 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2006-09-09 02:34 . 2010-03-19 22:27 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-09-09 02:34 . 2010-01-10 09:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-09-09 02:34 . 2010-01-10 09:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-09-09 02:34 . 2010-03-19 22:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2010-03-14 08:12 . 2010-03-14 08:12 228352 c:\windows\Installer\7fc93.msi
+ 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2004-11-10 442368]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-11-19 442368]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Zuzana Kazmerova^Start Menu^Programs^Startup^ihaupd32.exe]
path=c:\documents and settings\Zuzana Kazmerova\Start Menu\Programs\Startup\ihaupd32.exe
backup=c:\windows\pss\ihaupd32.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
2007-11-13 21:46 135168 ----a-w- c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-09-12 13:34 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 21:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NwSapAgent"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9. 1. 2010 11:16 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14. 3. 2010 9:18 108289]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [22. 12. 2008 0:28 257024]
S3 cglptnt;cglptnt;c:\program files\totalcmd\CGLPTNT.SYS [17. 3. 2008 15:40 7888]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2. 12. 2009 14:19 1181328]
S3 TridVid;TM6000 TV Service;c:\windows\system32\drivers\TridVid.sys [27. 12. 2008 16:25 230528]
.
Contents of the 'Scheduled Tasks' folder
2010-03-20 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-20 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-20 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-19 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.dell.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {180C94CC-DDE3-4DD1-9500-8DE8C5C98AE7} = 213.151.208.162,192.168.0.1
FF - ProfilePath - c:\documents and settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-21 11:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1136)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-21 11:13:09
ComboFix-quarantined-files.txt 2010-03-21 10:13
ComboFix2.txt 2010-03-20 11:51
ComboFix3.txt 2010-01-14 20:07
ComboFix4.txt 2010-01-14 19:16
Pre-Run: 2 897 838 080 bytes free
Post-Run: 2 858 315 776 bytes free
- - End Of File - - BD8A09A1F21882BE032BBB7C70E8B9F4
Upload was successful
-
Rudy
- Site Admin
- Příspěvky: 119390
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: xp smart security
Ještě jednou spusťte CF tímto skriptem:
Collect::
c:\documents and settings\Zuzana Kazmerova\Start Menu\Programs\Startup\ihaupd32.exe
c:\windows\pss\ihaupd32.exe
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: xp smart security
ComboFix 10-03-19.08 - Zuzana Kazmerova . 03. 2010 15:09:55.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1022.541 [GMT 1:00]
Running from: c:\documents and settings\Zuzana Kazmerova\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Zuzana Kazmerova\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2010-02-21 to 2010-03-21 )))))))))))))))))))))))))))))))
.
2010-03-20 09:59 . 2010-03-20 09:59 -------- d--h--w- c:\windows\PIF
2010-03-14 08:18 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-14 08:18 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-14 08:18 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-14 08:18 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-14 08:18 . 2010-03-14 08:18 -------- d-----w- c:\program files\Avira
2010-03-14 08:18 . 2010-03-14 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-20 07:34 . 2010-01-09 09:38 -------- d-----w- c:\program files\trend micro
2010-03-19 20:12 . 2008-11-09 08:56 -------- d-----w- c:\program files\ICQToolbar
2010-03-19 19:43 . 2008-10-13 12:22 -------- d-----w- c:\documents and settings\Zuzana Kazmerova\Application Data\uTorrent
2010-03-14 16:51 . 2009-09-12 12:06 -------- d-----w- c:\program files\Digsby
2010-03-06 10:16 . 2010-01-24 22:16 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-20 08:32 . 2008-10-13 12:22 -------- d-----w- c:\program files\uTorrent
2010-02-08 22:19 . 2010-01-16 10:20 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-08 22:19 . 2010-01-16 10:18 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-08 22:19 . 2010-01-16 10:18 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-25 17:39 . 2006-09-11 02:56 77240 ----a-w- c:\documents and settings\Zuzana Kazmerova\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-13 16:24 . 2006-09-11 02:56 3818 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-01-14_19.09.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- 2009-06-02 16:20 . 2009-09-12 06:29 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-06-02 16:20 . 2010-02-13 21:54 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2010-03-14 08:18 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2006-09-09 02:34 . 2010-03-19 22:27 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-09-09 02:34 . 2010-01-10 09:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-09-09 02:34 . 2010-01-10 09:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-09-09 02:34 . 2010-03-19 22:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2010-03-14 08:12 . 2010-03-14 08:12 228352 c:\windows\Installer\7fc93.msi
+ 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2004-11-10 442368]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-11-19 442368]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Zuzana Kazmerova^Start Menu^Programs^Startup^ihaupd32.exe]
path=c:\documents and settings\Zuzana Kazmerova\Start Menu\Programs\Startup\ihaupd32.exe
backup=c:\windows\pss\ihaupd32.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
2007-11-13 21:46 135168 ----a-w- c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-09-12 13:34 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 21:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NwSapAgent"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9. 1. 2010 11:16 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14. 3. 2010 9:18 108289]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [22. 12. 2008 0:28 257024]
S3 cglptnt;cglptnt;c:\program files\totalcmd\CGLPTNT.SYS [17. 3. 2008 15:40 7888]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2. 12. 2009 14:19 1181328]
S3 TridVid;TM6000 TV Service;c:\windows\system32\drivers\TridVid.sys [27. 12. 2008 16:25 230528]
.
Contents of the 'Scheduled Tasks' folder
2010-03-21 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-20 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-20 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-19 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.dell.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {180C94CC-DDE3-4DD1-9500-8DE8C5C98AE7} = 213.151.208.162,192.168.0.1
FF - ProfilePath - c:\documents and settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1136)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2288)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-03-21 15:16:52
ComboFix-quarantined-files.txt 2010-03-21 14:16
ComboFix2.txt 2010-03-21 10:14
ComboFix3.txt 2010-03-20 11:51
ComboFix4.txt 2010-01-14 20:07
ComboFix5.txt 2010-03-21 14:08
Pre-Run: 2 802 520 064 bytes free
Post-Run: 2 764 177 408 bytes free
- - End Of File - - DBC74CF84B1FECC9B9FFBC0A395339A0
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1022.541 [GMT 1:00]
Running from: c:\documents and settings\Zuzana Kazmerova\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Zuzana Kazmerova\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2010-02-21 to 2010-03-21 )))))))))))))))))))))))))))))))
.
2010-03-20 09:59 . 2010-03-20 09:59 -------- d--h--w- c:\windows\PIF
2010-03-14 08:18 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-14 08:18 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-14 08:18 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-14 08:18 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-14 08:18 . 2010-03-14 08:18 -------- d-----w- c:\program files\Avira
2010-03-14 08:18 . 2010-03-14 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-20 07:34 . 2010-01-09 09:38 -------- d-----w- c:\program files\trend micro
2010-03-19 20:12 . 2008-11-09 08:56 -------- d-----w- c:\program files\ICQToolbar
2010-03-19 19:43 . 2008-10-13 12:22 -------- d-----w- c:\documents and settings\Zuzana Kazmerova\Application Data\uTorrent
2010-03-14 16:51 . 2009-09-12 12:06 -------- d-----w- c:\program files\Digsby
2010-03-06 10:16 . 2010-01-24 22:16 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-20 08:32 . 2008-10-13 12:22 -------- d-----w- c:\program files\uTorrent
2010-02-08 22:19 . 2010-01-16 10:20 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-08 22:19 . 2010-01-16 10:18 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-08 22:19 . 2010-01-16 10:18 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-25 17:39 . 2006-09-11 02:56 77240 ----a-w- c:\documents and settings\Zuzana Kazmerova\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-13 16:24 . 2006-09-11 02:56 3818 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-01-14_19.09.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- 2009-06-02 16:20 . 2009-09-12 06:29 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-06-02 16:20 . 2010-02-13 21:54 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2010-03-14 08:18 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2006-09-09 02:34 . 2010-03-19 22:27 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-09-09 02:34 . 2010-01-10 09:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-09-09 02:34 . 2010-01-10 09:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-09-09 02:34 . 2010-03-19 22:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2010-03-14 08:12 . 2010-03-14 08:12 228352 c:\windows\Installer\7fc93.msi
+ 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2004-11-10 442368]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-11-19 442368]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Zuzana Kazmerova^Start Menu^Programs^Startup^ihaupd32.exe]
path=c:\documents and settings\Zuzana Kazmerova\Start Menu\Programs\Startup\ihaupd32.exe
backup=c:\windows\pss\ihaupd32.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
2007-11-13 21:46 135168 ----a-w- c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-09-12 13:34 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 21:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NwSapAgent"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9. 1. 2010 11:16 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14. 3. 2010 9:18 108289]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [22. 12. 2008 0:28 257024]
S3 cglptnt;cglptnt;c:\program files\totalcmd\CGLPTNT.SYS [17. 3. 2008 15:40 7888]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2. 12. 2009 14:19 1181328]
S3 TridVid;TM6000 TV Service;c:\windows\system32\drivers\TridVid.sys [27. 12. 2008 16:25 230528]
.
Contents of the 'Scheduled Tasks' folder
2010-03-21 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-20 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-20 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-19 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.dell.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {180C94CC-DDE3-4DD1-9500-8DE8C5C98AE7} = 213.151.208.162,192.168.0.1
FF - ProfilePath - c:\documents and settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1136)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2288)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-03-21 15:16:52
ComboFix-quarantined-files.txt 2010-03-21 14:16
ComboFix2.txt 2010-03-21 10:14
ComboFix3.txt 2010-03-20 11:51
ComboFix4.txt 2010-01-14 20:07
ComboFix5.txt 2010-03-21 14:08
Pre-Run: 2 802 520 064 bytes free
Post-Run: 2 764 177 408 bytes free
- - End Of File - - DBC74CF84B1FECC9B9FFBC0A395339A0
-
Rudy
- Site Admin
- Příspěvky: 119390
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: xp smart security
Nezdařilo se. Zkuste to ještě jednou, ale v nouz. režimu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: xp smart security
ComboFix 10-03-19.08 - Zuzana Kazmerova . 03. 2010 18:35:54.6.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1022.805 [GMT 1:00]
Running from: c:\documents and settings\Zuzana Kazmerova\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Zuzana Kazmerova\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2010-02-22 to 2010-03-22 )))))))))))))))))))))))))))))))
.
2010-03-20 09:59 . 2010-03-20 09:59 -------- d--h--w- c:\windows\PIF
2010-03-14 08:18 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-14 08:18 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-14 08:18 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-14 08:18 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-14 08:18 . 2010-03-14 08:18 -------- d-----w- c:\program files\Avira
2010-03-14 08:18 . 2010-03-14 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-20 07:34 . 2010-01-09 09:38 -------- d-----w- c:\program files\trend micro
2010-03-19 20:12 . 2008-11-09 08:56 -------- d-----w- c:\program files\ICQToolbar
2010-03-19 19:43 . 2008-10-13 12:22 -------- d-----w- c:\documents and settings\Zuzana Kazmerova\Application Data\uTorrent
2010-03-14 16:51 . 2009-09-12 12:06 -------- d-----w- c:\program files\Digsby
2010-03-06 10:16 . 2010-01-24 22:16 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-20 08:32 . 2008-10-13 12:22 -------- d-----w- c:\program files\uTorrent
2010-02-08 22:19 . 2010-01-16 10:20 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-08 22:19 . 2010-01-16 10:18 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-08 22:19 . 2010-01-16 10:18 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-25 17:39 . 2006-09-11 02:56 77240 ----a-w- c:\documents and settings\Zuzana Kazmerova\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-13 16:24 . 2006-09-11 02:56 3818 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-01-14_19.09.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- 2009-06-02 16:20 . 2009-09-12 06:29 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-06-02 16:20 . 2010-02-13 21:54 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2010-03-14 08:18 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2006-09-09 02:34 . 2010-03-19 22:27 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-09-09 02:34 . 2010-01-10 09:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-09-09 02:34 . 2010-01-10 09:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-09-09 02:34 . 2010-03-19 22:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2010-03-14 08:12 . 2010-03-14 08:12 228352 c:\windows\Installer\7fc93.msi
+ 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2004-11-10 442368]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-11-19 442368]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Zuzana Kazmerova^Start Menu^Programs^Startup^ihaupd32.exe]
path=c:\documents and settings\Zuzana Kazmerova\Start Menu\Programs\Startup\ihaupd32.exe
backup=c:\windows\pss\ihaupd32.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
2007-11-13 21:46 135168 ----a-w- c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-09-12 13:34 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 21:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NwSapAgent"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9. 1. 2010 11:16 64288]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14. 3. 2010 9:18 108289]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [22. 12. 2008 0:28 257024]
S3 cglptnt;cglptnt;c:\program files\totalcmd\CGLPTNT.SYS [17. 3. 2008 15:40 7888]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2. 12. 2009 14:19 1181328]
S3 TridVid;TM6000 TV Service;c:\windows\system32\drivers\TridVid.sys [27. 12. 2008 16:25 230528]
.
Contents of the 'Scheduled Tasks' folder
2010-03-21 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-21 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-21 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-19 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.dell.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {180C94CC-DDE3-4DD1-9500-8DE8C5C98AE7} = 213.151.208.162,192.168.0.1
FF - ProfilePath - c:\documents and settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-22 18:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(280)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1836)
c:\windows\system32\msi.dll
.
Completion time: 2010-03-22 18:48:20
ComboFix-quarantined-files.txt 2010-03-22 17:48
ComboFix2.txt 2010-03-21 14:16
ComboFix3.txt 2010-03-21 10:14
ComboFix4.txt 2010-03-20 11:51
ComboFix5.txt 2010-03-22 17:34
Pre-Run: 3 876 270 080 bytes free
Post-Run: 3 838 644 224 bytes free
- - End Of File - - 8AC2E9182F8F64A91571E29E07A47D34
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1022.805 [GMT 1:00]
Running from: c:\documents and settings\Zuzana Kazmerova\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Zuzana Kazmerova\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2010-02-22 to 2010-03-22 )))))))))))))))))))))))))))))))
.
2010-03-20 09:59 . 2010-03-20 09:59 -------- d--h--w- c:\windows\PIF
2010-03-14 08:18 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-14 08:18 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-14 08:18 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-14 08:18 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-14 08:18 . 2010-03-14 08:18 -------- d-----w- c:\program files\Avira
2010-03-14 08:18 . 2010-03-14 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-20 07:34 . 2010-01-09 09:38 -------- d-----w- c:\program files\trend micro
2010-03-19 20:12 . 2008-11-09 08:56 -------- d-----w- c:\program files\ICQToolbar
2010-03-19 19:43 . 2008-10-13 12:22 -------- d-----w- c:\documents and settings\Zuzana Kazmerova\Application Data\uTorrent
2010-03-14 16:51 . 2009-09-12 12:06 -------- d-----w- c:\program files\Digsby
2010-03-06 10:16 . 2010-01-24 22:16 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-20 08:32 . 2008-10-13 12:22 -------- d-----w- c:\program files\uTorrent
2010-02-08 22:19 . 2010-01-16 10:20 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-08 22:19 . 2010-01-16 10:18 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-08 22:19 . 2010-01-16 10:18 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-25 17:39 . 2006-09-11 02:56 77240 ----a-w- c:\documents and settings\Zuzana Kazmerova\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-13 16:24 . 2006-09-11 02:56 3818 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-01-14_19.09.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- 2009-06-02 16:20 . 2009-09-12 06:29 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-06-02 16:20 . 2010-02-13 21:54 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2010-03-14 08:18 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2006-09-09 02:34 . 2010-03-19 22:27 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-09-09 02:34 . 2010-01-10 09:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-09-09 02:34 . 2010-01-10 09:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-09-09 02:34 . 2010-03-19 22:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2010-03-14 08:12 . 2010-03-14 08:12 228352 c:\windows\Installer\7fc93.msi
+ 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2004-11-10 442368]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-11-19 442368]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Zuzana Kazmerova^Start Menu^Programs^Startup^ihaupd32.exe]
path=c:\documents and settings\Zuzana Kazmerova\Start Menu\Programs\Startup\ihaupd32.exe
backup=c:\windows\pss\ihaupd32.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
2007-11-13 21:46 135168 ----a-w- c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-09-12 13:34 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 21:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NwSapAgent"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9. 1. 2010 11:16 64288]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14. 3. 2010 9:18 108289]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [22. 12. 2008 0:28 257024]
S3 cglptnt;cglptnt;c:\program files\totalcmd\CGLPTNT.SYS [17. 3. 2008 15:40 7888]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2. 12. 2009 14:19 1181328]
S3 TridVid;TM6000 TV Service;c:\windows\system32\drivers\TridVid.sys [27. 12. 2008 16:25 230528]
.
Contents of the 'Scheduled Tasks' folder
2010-03-21 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-21 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-21 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-19 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.dell.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {180C94CC-DDE3-4DD1-9500-8DE8C5C98AE7} = 213.151.208.162,192.168.0.1
FF - ProfilePath - c:\documents and settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-22 18:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(280)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1836)
c:\windows\system32\msi.dll
.
Completion time: 2010-03-22 18:48:20
ComboFix-quarantined-files.txt 2010-03-22 17:48
ComboFix2.txt 2010-03-21 14:16
ComboFix3.txt 2010-03-21 10:14
ComboFix4.txt 2010-03-20 11:51
ComboFix5.txt 2010-03-22 17:34
Pre-Run: 3 876 270 080 bytes free
Post-Run: 3 838 644 224 bytes free
- - End Of File - - 8AC2E9182F8F64A91571E29E07A47D34
-
Rudy
- Site Admin
- Příspěvky: 119390
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: xp smart security
Zkuste, prosím, ještě jednou tímto skriptem:
Collect::
c:\documents and settings\Zuzana Kazmerova\Start Menu\Programs\Startup\ihaupd32.exe
c:\windows\pss\ihaupd32.exe
Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^Zuzana Kazmerova^Start Menu^Programs^Startup^ihaupd32.exe]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: xp smart security
ComboFix 10-03-19.08 - Zuzana Kazmerova . 03. 2010 20:34:20.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1022.596 [GMT 1:00]
Running from: c:\documents and settings\Zuzana Kazmerova\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Zuzana Kazmerova\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2010-02-22 to 2010-03-22 )))))))))))))))))))))))))))))))
.
2010-03-20 09:59 . 2010-03-20 09:59 -------- d--h--w- c:\windows\PIF
2010-03-14 08:18 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-14 08:18 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-14 08:18 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-14 08:18 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-14 08:18 . 2010-03-14 08:18 -------- d-----w- c:\program files\Avira
2010-03-14 08:18 . 2010-03-14 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-20 07:34 . 2010-01-09 09:38 -------- d-----w- c:\program files\trend micro
2010-03-19 20:12 . 2008-11-09 08:56 -------- d-----w- c:\program files\ICQToolbar
2010-03-19 19:43 . 2008-10-13 12:22 -------- d-----w- c:\documents and settings\Zuzana Kazmerova\Application Data\uTorrent
2010-03-14 16:51 . 2009-09-12 12:06 -------- d-----w- c:\program files\Digsby
2010-03-06 10:16 . 2010-01-24 22:16 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-20 08:32 . 2008-10-13 12:22 -------- d-----w- c:\program files\uTorrent
2010-02-08 22:19 . 2010-01-16 10:20 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-08 22:19 . 2010-01-16 10:18 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-08 22:19 . 2010-01-16 10:18 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-25 17:39 . 2006-09-11 02:56 77240 ----a-w- c:\documents and settings\Zuzana Kazmerova\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-13 16:24 . 2006-09-11 02:56 3818 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-01-14_19.09.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- 2009-06-02 16:20 . 2009-09-12 06:29 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-06-02 16:20 . 2010-02-13 21:54 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2010-03-14 08:18 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2006-09-09 02:34 . 2010-03-19 22:27 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-09-09 02:34 . 2010-01-10 09:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-09-09 02:34 . 2010-01-10 09:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-09-09 02:34 . 2010-03-19 22:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2010-03-14 08:12 . 2010-03-14 08:12 228352 c:\windows\Installer\7fc93.msi
+ 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2004-11-10 442368]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-11-19 442368]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
2007-11-13 21:46 135168 ----a-w- c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-09-12 13:34 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 21:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NwSapAgent"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9. 1. 2010 11:16 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14. 3. 2010 9:18 108289]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [22. 12. 2008 0:28 257024]
S3 cglptnt;cglptnt;c:\program files\totalcmd\CGLPTNT.SYS [17. 3. 2008 15:40 7888]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2. 12. 2009 14:19 1181328]
S3 TridVid;TM6000 TV Service;c:\windows\system32\drivers\TridVid.sys [27. 12. 2008 16:25 230528]
.
Contents of the 'Scheduled Tasks' folder
2010-03-21 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-21 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-21 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-19 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.dell.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {180C94CC-DDE3-4DD1-9500-8DE8C5C98AE7} = 213.151.208.162,192.168.0.1
FF - ProfilePath - c:\documents and settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-22 20:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1144)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1572)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-03-22 20:43:02
ComboFix-quarantined-files.txt 2010-03-22 19:43
ComboFix2.txt 2010-03-22 17:48
ComboFix3.txt 2010-03-21 14:16
ComboFix4.txt 2010-03-21 10:14
ComboFix5.txt 2010-03-22 19:32
Pre-Run: 2 685 177 856 bytes free
Post-Run: 2 646 855 680 bytes free
- - End Of File - - 71042EAB836F03D17EBB3D556E2C18A5
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1022.596 [GMT 1:00]
Running from: c:\documents and settings\Zuzana Kazmerova\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Zuzana Kazmerova\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2010-02-22 to 2010-03-22 )))))))))))))))))))))))))))))))
.
2010-03-20 09:59 . 2010-03-20 09:59 -------- d--h--w- c:\windows\PIF
2010-03-14 08:18 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-14 08:18 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-14 08:18 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-14 08:18 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-14 08:18 . 2010-03-14 08:18 -------- d-----w- c:\program files\Avira
2010-03-14 08:18 . 2010-03-14 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-20 07:34 . 2010-01-09 09:38 -------- d-----w- c:\program files\trend micro
2010-03-19 20:12 . 2008-11-09 08:56 -------- d-----w- c:\program files\ICQToolbar
2010-03-19 19:43 . 2008-10-13 12:22 -------- d-----w- c:\documents and settings\Zuzana Kazmerova\Application Data\uTorrent
2010-03-14 16:51 . 2009-09-12 12:06 -------- d-----w- c:\program files\Digsby
2010-03-06 10:16 . 2010-01-24 22:16 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-20 08:32 . 2008-10-13 12:22 -------- d-----w- c:\program files\uTorrent
2010-02-08 22:19 . 2010-01-16 10:20 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-08 22:19 . 2010-01-16 10:18 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-08 22:19 . 2010-01-16 10:18 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-25 17:39 . 2006-09-11 02:56 77240 ----a-w- c:\documents and settings\Zuzana Kazmerova\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-13 16:24 . 2006-09-11 02:56 3818 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-01-14_19.09.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- 2009-06-02 16:20 . 2009-09-12 06:29 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-06-02 16:20 . 2010-02-13 21:54 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2010-03-14 08:18 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2006-09-09 02:34 . 2010-03-19 22:27 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-09-09 02:34 . 2010-01-10 09:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-09-09 02:34 . 2010-01-10 09:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-09-09 02:34 . 2010-03-19 22:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2010-03-14 08:12 . 2010-03-14 08:12 228352 c:\windows\Installer\7fc93.msi
+ 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2004-11-10 442368]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-11-19 442368]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
2007-11-13 21:46 135168 ----a-w- c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-09-12 13:34 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 21:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NwSapAgent"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9. 1. 2010 11:16 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14. 3. 2010 9:18 108289]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [22. 12. 2008 0:28 257024]
S3 cglptnt;cglptnt;c:\program files\totalcmd\CGLPTNT.SYS [17. 3. 2008 15:40 7888]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2. 12. 2009 14:19 1181328]
S3 TridVid;TM6000 TV Service;c:\windows\system32\drivers\TridVid.sys [27. 12. 2008 16:25 230528]
.
Contents of the 'Scheduled Tasks' folder
2010-03-21 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-21 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-21 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-19 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
2010-03-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 22:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.dell.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {180C94CC-DDE3-4DD1-9500-8DE8C5C98AE7} = 213.151.208.162,192.168.0.1
FF - ProfilePath - c:\documents and settings\Zuzana Kazmerova\Application Data\Mozilla\Firefox\Profiles\rrtwwrd3.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-22 20:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1144)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1572)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-03-22 20:43:02
ComboFix-quarantined-files.txt 2010-03-22 19:43
ComboFix2.txt 2010-03-22 17:48
ComboFix3.txt 2010-03-21 14:16
ComboFix4.txt 2010-03-21 10:14
ComboFix5.txt 2010-03-22 19:32
Pre-Run: 2 685 177 856 bytes free
Post-Run: 2 646 855 680 bytes free
- - End Of File - - 71042EAB836F03D17EBB3D556E2C18A5
-
Rudy
- Site Admin
- Příspěvky: 119390
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: xp smart security
Zdařilo se, log je již čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: xp smart security
dakujem krasne
-
Rudy
- Site Admin
- Příspěvky: 119390
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: xp smart security
Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?