Logfile of random's system information tool 1.06 (written by random/random)
Run by Správca at 2010-05-03 20:05:33
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 52 GB (71%) free of 74 GB
Total RAM: 1015 MB (40% free)
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-510800751-467427538-2743169865-1005Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-510800751-467427538-2743169865-1005UA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-12 1372160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8}]
PhotoPos Toolbar - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll [2009-09-30 91584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask.com Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-02-26 809864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-10-19 1345336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-10-19 1345336]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-10-30 1019336]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask.com Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-02-26 809864]
{5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - PhotoPos Toolbar - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll [2009-09-30 91584]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AsusACPIServer"=C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [2009-04-16 630784]
"AsusEPCMonitor"=C:\Program Files\EeePC\ACPI\AsEPCMon.exe [2009-03-13 98304]
"AsusTray"=C:\Program Files\EeePC\ACPI\AsTray.exe [2009-04-16 118784]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-03-06 1434920]
"SynAsusAcpi"=C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [2009-03-06 79144]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-14 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2009-07-14 949376]
"BigDog305"=C:\WINDOWS\VM305_STI.EXE [2007-04-09 57344]
"tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2005-12-20 94208]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-04-27 17881088]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-10-20 111928]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Eee Docking"=C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [2009-05-08 395776]
"msnmsgr"=~C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []
"ManyCam"=C:\Program Files\ManyCam 2.4\ManyCam.exe [2009-12-19 1824040]
"Google Update"=C:\Documents and Settings\Správca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-25 135664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe /c []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
C:\Program Files\ManyCam 2.4\ManyCam.exe [2009-12-19 1824040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
~C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Documents and Settings\Správca\Start Menu\Programs\Startup
Orezávač obrazovky a spúšťač programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Documents and Settings\Správca\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Správca\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Správca\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Správca\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Documents and Settings\Správca\Desktop\Arkanoid3d\Arkanoid 3D\Arkanoid3d.exe"="C:\Documents and Settings\Správca\Desktop\Arkanoid3d\Arkanoid 3D\Arkanoid3d.exe:*:Enabled:Arkanoid3d"
"C:\Documents and Settings\Správca\Desktop\ikony z plochy\Arkanoid3d\Arkanoid 3D\Arkanoid3d.exe"="C:\Documents and Settings\Správca\Desktop\ikony z plochy\Arkanoid3d\Arkanoid 3D\Arkanoid3d.exe:*:Enabled:Arkanoid3d"
"F:\webpage\Phone\Skype.exe"="F:\webpage\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ooVoo\ooVoo.exe"="C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe"="C:\Program Files\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe:*:Enabled:MxDownloadServer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e45c7e6-70a5-11de-b514-000000000000}]
shell\AutoRun\command - E:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2010-05-03 20:05:34 ----D---- C:\Program Files\trend micro
2010-05-03 20:05:33 ----D---- C:\rsit
2010-04-29 16:08:31 ----D---- C:\Documents and Settings\Správca\Application Data\Template
2010-04-28 14:55:28 ----D---- C:\Program Files\SeaMonkey
2010-04-28 14:51:21 ----D---- C:\Documents and Settings\Správca\Application Data\MxBoost
2010-04-28 14:50:52 ----D---- C:\Program Files\Maxthon2
2010-04-28 14:44:47 ----D---- C:\Documents and Settings\Správca\Application Data\Lunascape
2010-04-28 14:39:47 ----D---- C:\Program Files\Lunascape
2010-04-23 16:44:56 ----D---- C:\Documents and Settings\Správca\Application Data\Apple Computer
2010-04-23 16:44:13 ----D---- C:\Program Files\Safari
2010-04-23 16:44:13 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-04-23 16:43:30 ----D---- C:\Program Files\Bonjour
2010-04-23 16:42:53 ----D---- C:\Program Files\Common Files\Apple
2010-04-23 16:42:09 ----D---- C:\Program Files\Apple Software Update
2010-04-23 16:42:09 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2010-04-14 18:16:00 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 18:15:26 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 18:11:00 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-04-14 18:09:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 18:08:58 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 18:05:45 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 18:05:25 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
======List of files/folders modified in the last 1 months======
2010-05-03 20:05:34 ----RD---- C:\Program Files
2010-05-03 20:05:30 ----D---- C:\WINDOWS\Prefetch
2010-05-03 19:54:28 ----D---- C:\Documents and Settings\Správca\Application Data\Skype
2010-05-03 19:46:26 ----D---- C:\WINDOWS\Temp
2010-05-03 12:52:47 ----D---- C:\Documents and Settings\Správca\Application Data\skypePM
2010-05-03 06:43:02 ----D---- C:\WINDOWS\system32
2010-05-03 06:43:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-02 22:24:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-01 19:25:35 ----SHD---- C:\WINDOWS\Installer
2010-04-28 14:59:44 ----D---- C:\Documents and Settings\Správca\Application Data\Mozilla
2010-04-23 16:44:40 ----SHD---- C:\Config.Msi
2010-04-23 16:43:10 ----D---- C:\WINDOWS\WinSxS
2010-04-23 16:42:53 ----D---- C:\Program Files\Common Files
2010-04-23 16:42:18 ----SD---- C:\WINDOWS\Tasks
2010-04-22 14:50:41 ----HD---- C:\WINDOWS\inf
2010-04-22 14:50:40 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-17 08:36:55 ----D---- C:\Program Files\Mozilla Firefox
2010-04-14 18:34:13 ----D---- C:\WINDOWS
2010-04-14 18:17:22 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-04-14 18:16:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-14 18:15:54 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-14 18:15:45 ----A---- C:\WINDOWS\imsins.BAK
2010-04-14 18:15:30 ----D---- C:\WINDOWS\system32\drivers
2010-04-11 14:46:01 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-04-11 13:57:59 ----A---- C:\WINDOWS\Helicon Debug Window.ini
2010-04-11 13:03:05 ----D---- C:\Documents and Settings\Správca\Application Data\EBookSys
2010-04-07 19:05:58 ----D---- C:\Program Files\Google
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2009-07-14 15424]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2009-07-14 512096]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2009-03-13 1528928]
R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2008-04-08 10752]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-04-27 5074944]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2009-03-02 38912]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-03-06 208304]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 uvclf;uvclf; C:\WINDOWS\system32\DRIVERS\uvclf.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZSMC0305;A4 TECH PC Camera V; C:\WINDOWS\System32\Drivers\usbVM305.sys [2006-05-08 391688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-02-12 345376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-07-14 552064]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-01 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosim o kontrolu logu. Dakujem.
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
neskutocna13
- Návštěvník
- Příspěvky: 4
- Registrován: 03 kvě 2010 18:26
-
Rudy
- Site Admin
- Příspěvky: 119408
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu. Dakujem.
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
neskutocna13
- Návštěvník
- Příspěvky: 4
- Registrován: 03 kvě 2010 18:26
Re: Prosim o kontrolu logu. Dakujem.
ComboFix 10-05-03.01 - Správca 03.05.2010 21:23:38.1.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1015.693 [GMT 2:00]
Running from: c:\documents and settings\Správca\Desktop\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Správca\Recent\Thumbs.db
c:\program files\AntiMalware
c:\program files\AntiMalware\malw.db
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\WindowsUpdate
c:\recycler\S-1-5-21-1981262451-2361577260-3126563650-1003
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 )))))))))))))))))))))))))))))))
.
2010-05-03 18:05 . 2010-05-03 18:06 -------- d-----w- c:\program files\trend micro
2010-05-03 18:05 . 2010-05-03 18:09 -------- d-----w- C:\rsit
2010-04-30 18:19 . 2010-04-30 18:19 0 ----a-w- c:\windows\system32\cid_store.dat
2010-04-28 12:55 . 2010-04-29 03:48 -------- d-----w- c:\program files\SeaMonkey
2010-04-28 12:50 . 2010-04-28 13:13 -------- d-----w- c:\program files\Maxthon2
2010-04-28 12:39 . 2010-04-28 12:39 -------- d-----w- c:\program files\Lunascape
2010-04-23 14:45 . 2010-04-23 14:45 45252 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-23 14:44 . 2010-04-23 14:44 -------- d-----w- c:\program files\Safari
2010-04-23 14:44 . 2010-04-23 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-23 14:43 . 2010-04-23 14:43 -------- d-----w- c:\program files\Bonjour
2010-04-23 14:42 . 2010-04-23 14:42 -------- d-----w- c:\program files\Common Files\Apple
2010-04-23 14:42 . 2010-04-23 14:42 -------- d-----w- c:\program files\Apple Software Update
2010-04-23 14:42 . 2010-04-23 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 16:17 . 2009-05-26 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-11 12:46 . 2009-12-05 20:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-07 17:05 . 2009-10-01 19:31 -------- d-----w- c:\program files\Google
2010-03-31 06:15 . 2010-03-31 06:15 -------- d-----w- c:\program files\Common Files\Java
2010-03-31 06:13 . 2009-12-08 18:09 -------- d-----w- c:\program files\Java
2010-03-29 10:16 . 2009-07-14 19:07 -------- d-----w- c:\program files\Opera
2010-03-14 20:51 . 2010-01-31 12:00 -------- d-----w- c:\program files\TiskProRadost
2010-03-14 20:43 . 2010-01-31 12:00 14812423 ----a-w- c:\windows\system32\TiskProRadost_AlbumMaker_uninstaller.exe
2010-03-14 18:42 . 2010-03-14 18:42 -------- d-----w- c:\program files\E-Book Systems
2010-03-14 14:13 . 2009-12-09 21:14 -------- d-----w- c:\program files\PopCap Games
2010-03-14 14:13 . 2009-05-26 19:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-14 14:13 . 2010-01-18 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Vivendi Universal Games
2010-03-13 11:33 . 2010-03-13 11:33 -------- d-----w- c:\program files\ICQ6Toolbar
2010-03-13 11:33 . 2010-03-13 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2010-03-11 12:38 . 2009-05-12 00:35 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-05-12 00:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2009-05-12 00:35 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-10 14:36 . 2010-03-10 14:36 -------- d-----w- c:\program files\Common Files\ST System Shared
2010-03-10 14:36 . 2010-03-10 14:36 -------- d-----w- c:\program files\STOIK Imaging
2010-03-10 14:22 . 2010-03-10 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Helicon
2010-03-10 14:22 . 2010-03-10 14:22 -------- d-----w- c:\program files\Common Files\Nikon
2010-03-10 14:21 . 2010-03-10 14:21 -------- d-----w- c:\program files\Helicon Software
2010-03-09 11:09 . 2009-05-12 00:35 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 02:28 . 2009-12-08 18:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-06 21:45 . 2010-03-06 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\EmailNotifier
2010-03-06 21:45 . 2010-03-06 21:44 -------- d-----w- c:\program files\PhotoposComTbr
2010-03-04 02:00 . 2010-03-04 02:00 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-02-24 13:11 . 2009-05-12 00:35 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2008-04-14 00:54 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-05 16:10 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 09:46 . 2010-02-12 09:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 09:46 . 2010-02-12 09:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33 . 2009-05-12 00:35 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2009-05-12 00:35 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2004-07-22 09:51 . 2004-07-22 09:51 3432656 ----a-w- c:\program files\ManagedDX.CAB
2004-07-19 21:58 . 2004-07-19 21:58 1156363 ----a-w- c:\program files\BDANT.cab
2004-07-19 21:53 . 2004-07-19 21:53 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-09 13:17 . 2004-07-09 13:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 08:13 . 2004-07-09 08:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 08:13 . 2004-07-09 08:13 703080 ----a-w- c:\program files\BDA.cab
2004-07-09 03:08 . 2004-07-09 03:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 03:08 . 2004-07-09 03:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 02:03 . 2004-07-09 02:03 62976 ----a-w- c:\program files\DSETUP.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-26 10:25 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-05-08 395776]
"ManyCam"="c:\program files\ManyCam 2.4\ManyCam.exe" [2009-12-19 1824040]
"Google Update"="c:\documents and settings\Správca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-25 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-07-14 949376]
"BigDog305"="c:\windows\VM305_STI.EXE" [2007-04-09 57344]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Spr vca\Start Menu\Programs\Startup\
Orez vaź obrazovky a spŁçśaź programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-26 376832]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
2009-12-19 05:04 1824040 ----a-w- c:\program files\ManyCam 2.4\ManyCam.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Správca\\Desktop\\ikony z plochy\\Arkanoid3d\\Arkanoid 3D\\Arkanoid3d.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [14.7.2009 21:02 15424]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [20.5.2009 7:08 38912]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14.1.2008 12:06 21632]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.7.2009 20:45 691696]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1.10.2009 21:32 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [29.10.2009 22:04 1684736]
S3 uvclf;uvclf;c:\windows\system32\DRIVERS\uvclf.sys --> c:\windows\system32\DRIVERS\uvclf.sys [?]
S3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [12.10.2009 19:32 391688]
.
Contents of the 'Scheduled Tasks' folder
2010-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 19:31]
2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 19:31]
2010-05-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-26 10:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Správca\Application Data\Mozilla\Firefox\Profiles\m23op3hw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ooVoo Chat Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1572363&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://urlseek.vmn.net/search.php?type=dns&tbn=photopos2_0&q=
FF - component: c:\documents and settings\Správca\Application Data\Mozilla\Firefox\Profiles\m23op3hw.default\extensions\{5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8}\components\dtTransparency.dll
FF - component: c:\documents and settings\Správca\Application Data\Mozilla\Firefox\Profiles\m23op3hw.default\extensions\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFxViewer.dll
FF - plugin: c:\program files\Opera\program\plugins\NPFxViewer.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-IncrediMail - c:\program files\IncrediMail\bin\IncMail.exe
MSConfigStartUp-MsnMsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-03 21:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-510800751-467427538-2743169865-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A22B5106-9B6A-BB63-49AB-1B73FFE3B23B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oandlcepfbefiddmameppjjbgaenhl"=hex:61,69,64,63,6b,64,6c,6a,6e,64,66,61,61,6a,
6c,68,6d,69,6e,70,65,6d,66,65,68,65,6b,62,70,6a,62,65,66,63,62,61,67,68,64,\
"iacdbabadblmmohfik"=hex:6a,61,68,62,6d,6c,68,6e,6e,6f,6c,67,6d,6f,63,61,67,6e,
6a,67,00,00
"haidhdciccgeclkc"=hex:6a,61,68,62,6d,6c,68,6e,6e,6f,6c,67,6d,6f,63,61,67,6e,
6a,67,00,d7
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(776)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Completion time: 2010-05-03 21:31:48
ComboFix-quarantined-files.txt 2010-05-03 19:31
Pre-Run: 54 780 305 408 bytes free
Post-Run: 11 adresárov, 58 595 778 560 voľných bajtov
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 3DB1E2F6D06C59C69095B06DD9AFBF80
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1015.693 [GMT 2:00]
Running from: c:\documents and settings\Správca\Desktop\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Správca\Recent\Thumbs.db
c:\program files\AntiMalware
c:\program files\AntiMalware\malw.db
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\WindowsUpdate
c:\recycler\S-1-5-21-1981262451-2361577260-3126563650-1003
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 )))))))))))))))))))))))))))))))
.
2010-05-03 18:05 . 2010-05-03 18:06 -------- d-----w- c:\program files\trend micro
2010-05-03 18:05 . 2010-05-03 18:09 -------- d-----w- C:\rsit
2010-04-30 18:19 . 2010-04-30 18:19 0 ----a-w- c:\windows\system32\cid_store.dat
2010-04-28 12:55 . 2010-04-29 03:48 -------- d-----w- c:\program files\SeaMonkey
2010-04-28 12:50 . 2010-04-28 13:13 -------- d-----w- c:\program files\Maxthon2
2010-04-28 12:39 . 2010-04-28 12:39 -------- d-----w- c:\program files\Lunascape
2010-04-23 14:45 . 2010-04-23 14:45 45252 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-23 14:44 . 2010-04-23 14:44 -------- d-----w- c:\program files\Safari
2010-04-23 14:44 . 2010-04-23 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-23 14:43 . 2010-04-23 14:43 -------- d-----w- c:\program files\Bonjour
2010-04-23 14:42 . 2010-04-23 14:42 -------- d-----w- c:\program files\Common Files\Apple
2010-04-23 14:42 . 2010-04-23 14:42 -------- d-----w- c:\program files\Apple Software Update
2010-04-23 14:42 . 2010-04-23 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 16:17 . 2009-05-26 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-11 12:46 . 2009-12-05 20:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-07 17:05 . 2009-10-01 19:31 -------- d-----w- c:\program files\Google
2010-03-31 06:15 . 2010-03-31 06:15 -------- d-----w- c:\program files\Common Files\Java
2010-03-31 06:13 . 2009-12-08 18:09 -------- d-----w- c:\program files\Java
2010-03-29 10:16 . 2009-07-14 19:07 -------- d-----w- c:\program files\Opera
2010-03-14 20:51 . 2010-01-31 12:00 -------- d-----w- c:\program files\TiskProRadost
2010-03-14 20:43 . 2010-01-31 12:00 14812423 ----a-w- c:\windows\system32\TiskProRadost_AlbumMaker_uninstaller.exe
2010-03-14 18:42 . 2010-03-14 18:42 -------- d-----w- c:\program files\E-Book Systems
2010-03-14 14:13 . 2009-12-09 21:14 -------- d-----w- c:\program files\PopCap Games
2010-03-14 14:13 . 2009-05-26 19:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-14 14:13 . 2010-01-18 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Vivendi Universal Games
2010-03-13 11:33 . 2010-03-13 11:33 -------- d-----w- c:\program files\ICQ6Toolbar
2010-03-13 11:33 . 2010-03-13 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2010-03-11 12:38 . 2009-05-12 00:35 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-05-12 00:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2009-05-12 00:35 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-10 14:36 . 2010-03-10 14:36 -------- d-----w- c:\program files\Common Files\ST System Shared
2010-03-10 14:36 . 2010-03-10 14:36 -------- d-----w- c:\program files\STOIK Imaging
2010-03-10 14:22 . 2010-03-10 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Helicon
2010-03-10 14:22 . 2010-03-10 14:22 -------- d-----w- c:\program files\Common Files\Nikon
2010-03-10 14:21 . 2010-03-10 14:21 -------- d-----w- c:\program files\Helicon Software
2010-03-09 11:09 . 2009-05-12 00:35 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 02:28 . 2009-12-08 18:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-06 21:45 . 2010-03-06 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\EmailNotifier
2010-03-06 21:45 . 2010-03-06 21:44 -------- d-----w- c:\program files\PhotoposComTbr
2010-03-04 02:00 . 2010-03-04 02:00 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-02-24 13:11 . 2009-05-12 00:35 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2008-04-14 00:54 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-05 16:10 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 09:46 . 2010-02-12 09:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 09:46 . 2010-02-12 09:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33 . 2009-05-12 00:35 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2009-05-12 00:35 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2004-07-22 09:51 . 2004-07-22 09:51 3432656 ----a-w- c:\program files\ManagedDX.CAB
2004-07-19 21:58 . 2004-07-19 21:58 1156363 ----a-w- c:\program files\BDANT.cab
2004-07-19 21:53 . 2004-07-19 21:53 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-09 13:17 . 2004-07-09 13:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 08:13 . 2004-07-09 08:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 08:13 . 2004-07-09 08:13 703080 ----a-w- c:\program files\BDA.cab
2004-07-09 03:08 . 2004-07-09 03:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 03:08 . 2004-07-09 03:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 02:03 . 2004-07-09 02:03 62976 ----a-w- c:\program files\DSETUP.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-26 10:25 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-05-08 395776]
"ManyCam"="c:\program files\ManyCam 2.4\ManyCam.exe" [2009-12-19 1824040]
"Google Update"="c:\documents and settings\Správca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-25 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-07-14 949376]
"BigDog305"="c:\windows\VM305_STI.EXE" [2007-04-09 57344]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Spr vca\Start Menu\Programs\Startup\
Orez vaź obrazovky a spŁçśaź programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-26 376832]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
2009-12-19 05:04 1824040 ----a-w- c:\program files\ManyCam 2.4\ManyCam.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Správca\\Desktop\\ikony z plochy\\Arkanoid3d\\Arkanoid 3D\\Arkanoid3d.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [14.7.2009 21:02 15424]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [20.5.2009 7:08 38912]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14.1.2008 12:06 21632]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.7.2009 20:45 691696]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1.10.2009 21:32 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [29.10.2009 22:04 1684736]
S3 uvclf;uvclf;c:\windows\system32\DRIVERS\uvclf.sys --> c:\windows\system32\DRIVERS\uvclf.sys [?]
S3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [12.10.2009 19:32 391688]
.
Contents of the 'Scheduled Tasks' folder
2010-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 19:31]
2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 19:31]
2010-05-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-26 10:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Správca\Application Data\Mozilla\Firefox\Profiles\m23op3hw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ooVoo Chat Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1572363&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://urlseek.vmn.net/search.php?type=dns&tbn=photopos2_0&q=
FF - component: c:\documents and settings\Správca\Application Data\Mozilla\Firefox\Profiles\m23op3hw.default\extensions\{5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8}\components\dtTransparency.dll
FF - component: c:\documents and settings\Správca\Application Data\Mozilla\Firefox\Profiles\m23op3hw.default\extensions\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFxViewer.dll
FF - plugin: c:\program files\Opera\program\plugins\NPFxViewer.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-IncrediMail - c:\program files\IncrediMail\bin\IncMail.exe
MSConfigStartUp-MsnMsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-03 21:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-510800751-467427538-2743169865-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A22B5106-9B6A-BB63-49AB-1B73FFE3B23B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oandlcepfbefiddmameppjjbgaenhl"=hex:61,69,64,63,6b,64,6c,6a,6e,64,66,61,61,6a,
6c,68,6d,69,6e,70,65,6d,66,65,68,65,6b,62,70,6a,62,65,66,63,62,61,67,68,64,\
"iacdbabadblmmohfik"=hex:6a,61,68,62,6d,6c,68,6e,6e,6f,6c,67,6d,6f,63,61,67,6e,
6a,67,00,00
"haidhdciccgeclkc"=hex:6a,61,68,62,6d,6c,68,6e,6e,6f,6c,67,6d,6f,63,61,67,6e,
6a,67,00,d7
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(776)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Completion time: 2010-05-03 21:31:48
ComboFix-quarantined-files.txt 2010-05-03 19:31
Pre-Run: 54 780 305 408 bytes free
Post-Run: 11 adresárov, 58 595 778 560 voľných bajtov
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 3DB1E2F6D06C59C69095B06DD9AFBF80
-
Rudy
- Site Admin
- Příspěvky: 119408
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu. Dakujem.
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Folder::
c:\program files\Ask.com
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
neskutocna13
- Návštěvník
- Příspěvky: 4
- Registrován: 03 kvě 2010 18:26
Re: Prosim o kontrolu logu. Dakujem.
ComboFix 10-05-03.05 - Správca 04.05.2010 10:54:53.2.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1015.486 [GMT 2:00]
Running from: c:\documents and settings\Správca\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Správca\Desktop\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Ask.com
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\UpdateTask.exe
.
((((((((((((((((((((((((( Files Created from 2010-04-04 to 2010-05-04 )))))))))))))))))))))))))))))))
.
2010-05-03 18:05 . 2010-05-03 18:06 -------- d-----w- c:\program files\trend micro
2010-05-03 18:05 . 2010-05-03 18:09 -------- d-----w- C:\rsit
2010-04-30 18:19 . 2010-04-30 18:19 0 ----a-w- c:\windows\system32\cid_store.dat
2010-04-28 12:55 . 2010-04-29 03:48 -------- d-----w- c:\program files\SeaMonkey
2010-04-28 12:50 . 2010-04-28 13:13 -------- d-----w- c:\program files\Maxthon2
2010-04-28 12:39 . 2010-04-28 12:39 -------- d-----w- c:\program files\Lunascape
2010-04-23 14:45 . 2010-04-23 14:45 45252 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-23 14:44 . 2010-04-23 14:44 -------- d-----w- c:\program files\Safari
2010-04-23 14:44 . 2010-04-23 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-23 14:43 . 2010-04-23 14:43 -------- d-----w- c:\program files\Bonjour
2010-04-23 14:42 . 2010-04-23 14:42 -------- d-----w- c:\program files\Common Files\Apple
2010-04-23 14:42 . 2010-04-23 14:42 -------- d-----w- c:\program files\Apple Software Update
2010-04-23 14:42 . 2010-04-23 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 16:17 . 2009-05-26 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-11 12:46 . 2009-12-05 20:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-07 17:05 . 2009-10-01 19:31 -------- d-----w- c:\program files\Google
2010-03-31 06:15 . 2010-03-31 06:15 -------- d-----w- c:\program files\Common Files\Java
2010-03-31 06:13 . 2009-12-08 18:09 -------- d-----w- c:\program files\Java
2010-03-29 10:16 . 2009-07-14 19:07 -------- d-----w- c:\program files\Opera
2010-03-14 20:51 . 2010-01-31 12:00 -------- d-----w- c:\program files\TiskProRadost
2010-03-14 20:43 . 2010-01-31 12:00 14812423 ----a-w- c:\windows\system32\TiskProRadost_AlbumMaker_uninstaller.exe
2010-03-14 18:42 . 2010-03-14 18:42 -------- d-----w- c:\program files\E-Book Systems
2010-03-14 14:13 . 2009-12-09 21:14 -------- d-----w- c:\program files\PopCap Games
2010-03-14 14:13 . 2009-05-26 19:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-14 14:13 . 2010-01-18 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Vivendi Universal Games
2010-03-13 11:33 . 2010-03-13 11:33 -------- d-----w- c:\program files\ICQ6Toolbar
2010-03-13 11:33 . 2010-03-13 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2010-03-11 12:38 . 2009-05-12 00:35 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-05-12 00:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2009-05-12 00:35 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-10 14:36 . 2010-03-10 14:36 -------- d-----w- c:\program files\Common Files\ST System Shared
2010-03-10 14:36 . 2010-03-10 14:36 -------- d-----w- c:\program files\STOIK Imaging
2010-03-10 14:22 . 2010-03-10 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Helicon
2010-03-10 14:22 . 2010-03-10 14:22 -------- d-----w- c:\program files\Common Files\Nikon
2010-03-10 14:21 . 2010-03-10 14:21 -------- d-----w- c:\program files\Helicon Software
2010-03-09 11:09 . 2009-05-12 00:35 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 02:28 . 2009-12-08 18:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-06 21:45 . 2010-03-06 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\EmailNotifier
2010-03-06 21:45 . 2010-03-06 21:44 -------- d-----w- c:\program files\PhotoposComTbr
2010-03-04 02:00 . 2010-03-04 02:00 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-02-24 13:11 . 2009-05-12 00:35 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2008-04-14 00:54 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-05 16:10 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 09:46 . 2010-02-12 09:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 09:46 . 2010-02-12 09:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33 . 2009-05-12 00:35 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2009-05-12 00:35 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2004-07-22 09:51 . 2004-07-22 09:51 3432656 ----a-w- c:\program files\ManagedDX.CAB
2004-07-19 21:58 . 2004-07-19 21:58 1156363 ----a-w- c:\program files\BDANT.cab
2004-07-19 21:53 . 2004-07-19 21:53 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-09 13:17 . 2004-07-09 13:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 08:13 . 2004-07-09 08:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 08:13 . 2004-07-09 08:13 703080 ----a-w- c:\program files\BDA.cab
2004-07-09 03:08 . 2004-07-09 03:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 03:08 . 2004-07-09 03:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 02:03 . 2004-07-09 02:03 62976 ----a-w- c:\program files\DSETUP.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-05-03_19.29.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-04 08:45 . 2010-05-04 08:45 16384 c:\windows\Temp\Perflib_Perfdata_6f0.dat
+ 2009-05-12 00:35 . 2010-05-04 08:49 68490 c:\windows\system32\perfc009.dat
- 2009-05-12 00:35 . 2010-05-03 19:22 68490 c:\windows\system32\perfc009.dat
+ 2009-05-12 00:35 . 2010-05-04 08:49 435594 c:\windows\system32\perfh009.dat
- 2009-05-12 00:35 . 2010-05-03 19:22 435594 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-05-08 395776]
"ManyCam"="c:\program files\ManyCam 2.4\ManyCam.exe" [2009-12-19 1824040]
"Google Update"="c:\documents and settings\Správca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-25 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-07-14 949376]
"BigDog305"="c:\windows\VM305_STI.EXE" [2007-04-09 57344]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Spr vca\Start Menu\Programs\Startup\
Orez vaź obrazovky a spŁçśaź programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-26 376832]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
2009-12-19 05:04 1824040 ----a-w- c:\program files\ManyCam 2.4\ManyCam.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Správca\\Desktop\\ikony z plochy\\Arkanoid3d\\Arkanoid 3D\\Arkanoid3d.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [14.7.2009 21:02 15424]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [20.5.2009 7:08 38912]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14.1.2008 12:06 21632]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.7.2009 20:45 691696]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1.10.2009 21:32 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [29.10.2009 22:04 1684736]
S3 uvclf;uvclf;c:\windows\system32\DRIVERS\uvclf.sys --> c:\windows\system32\DRIVERS\uvclf.sys [?]
S3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [12.10.2009 19:32 391688]
.
Contents of the 'Scheduled Tasks' folder
2010-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 19:31]
2010-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Správca\Application Data\Mozilla\Firefox\Profiles\m23op3hw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ooVoo Chat Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1572363&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://urlseek.vmn.net/search.php?type=dns&tbn=photopos2_0&q=
FF - component: c:\documents and settings\Správca\Application Data\Mozilla\Firefox\Profiles\m23op3hw.default\extensions\{5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8}\components\dtTransparency.dll
FF - component: c:\documents and settings\Správca\Application Data\Mozilla\Firefox\Profiles\m23op3hw.default\extensions\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}\components\FFExternalAlert.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-04 11:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-510800751-467427538-2743169865-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A22B5106-9B6A-BB63-49AB-1B73FFE3B23B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oandlcepfbefiddmameppjjbgaenhl"=hex:61,69,64,63,6b,64,6c,6a,6e,64,66,61,61,6a,
6c,68,6d,69,6e,70,65,6d,66,65,68,65,6b,62,70,6a,62,65,66,63,62,61,67,68,64,\
"iacdbabadblmmohfik"=hex:6a,61,68,62,6d,6c,68,6e,6e,6f,6c,67,6d,6f,63,61,67,6e,
6a,67,00,00
"haidhdciccgeclkc"=hex:6a,61,68,62,6d,6c,68,6e,6e,6f,6c,67,6d,6f,63,61,67,6e,
6a,67,00,d7
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(776)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Completion time: 2010-05-04 11:03:45
ComboFix-quarantined-files.txt 2010-05-04 09:03
ComboFix2.txt 2010-05-03 19:31
Pre-Run: 58 598 182 912 bytes free
Post-Run: 11 adresárov, 58 556 170 240 voľných bajtov
- - End Of File - - 855D28E11FAA6194828DAD35678041D8
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1015.486 [GMT 2:00]
Running from: c:\documents and settings\Správca\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Správca\Desktop\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Ask.com
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\UpdateTask.exe
.
((((((((((((((((((((((((( Files Created from 2010-04-04 to 2010-05-04 )))))))))))))))))))))))))))))))
.
2010-05-03 18:05 . 2010-05-03 18:06 -------- d-----w- c:\program files\trend micro
2010-05-03 18:05 . 2010-05-03 18:09 -------- d-----w- C:\rsit
2010-04-30 18:19 . 2010-04-30 18:19 0 ----a-w- c:\windows\system32\cid_store.dat
2010-04-28 12:55 . 2010-04-29 03:48 -------- d-----w- c:\program files\SeaMonkey
2010-04-28 12:50 . 2010-04-28 13:13 -------- d-----w- c:\program files\Maxthon2
2010-04-28 12:39 . 2010-04-28 12:39 -------- d-----w- c:\program files\Lunascape
2010-04-23 14:45 . 2010-04-23 14:45 45252 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-23 14:44 . 2010-04-23 14:44 -------- d-----w- c:\program files\Safari
2010-04-23 14:44 . 2010-04-23 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-23 14:43 . 2010-04-23 14:43 -------- d-----w- c:\program files\Bonjour
2010-04-23 14:42 . 2010-04-23 14:42 -------- d-----w- c:\program files\Common Files\Apple
2010-04-23 14:42 . 2010-04-23 14:42 -------- d-----w- c:\program files\Apple Software Update
2010-04-23 14:42 . 2010-04-23 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 16:17 . 2009-05-26 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-11 12:46 . 2009-12-05 20:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-07 17:05 . 2009-10-01 19:31 -------- d-----w- c:\program files\Google
2010-03-31 06:15 . 2010-03-31 06:15 -------- d-----w- c:\program files\Common Files\Java
2010-03-31 06:13 . 2009-12-08 18:09 -------- d-----w- c:\program files\Java
2010-03-29 10:16 . 2009-07-14 19:07 -------- d-----w- c:\program files\Opera
2010-03-14 20:51 . 2010-01-31 12:00 -------- d-----w- c:\program files\TiskProRadost
2010-03-14 20:43 . 2010-01-31 12:00 14812423 ----a-w- c:\windows\system32\TiskProRadost_AlbumMaker_uninstaller.exe
2010-03-14 18:42 . 2010-03-14 18:42 -------- d-----w- c:\program files\E-Book Systems
2010-03-14 14:13 . 2009-12-09 21:14 -------- d-----w- c:\program files\PopCap Games
2010-03-14 14:13 . 2009-05-26 19:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-14 14:13 . 2010-01-18 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Vivendi Universal Games
2010-03-13 11:33 . 2010-03-13 11:33 -------- d-----w- c:\program files\ICQ6Toolbar
2010-03-13 11:33 . 2010-03-13 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2010-03-11 12:38 . 2009-05-12 00:35 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-05-12 00:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2009-05-12 00:35 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-10 14:36 . 2010-03-10 14:36 -------- d-----w- c:\program files\Common Files\ST System Shared
2010-03-10 14:36 . 2010-03-10 14:36 -------- d-----w- c:\program files\STOIK Imaging
2010-03-10 14:22 . 2010-03-10 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Helicon
2010-03-10 14:22 . 2010-03-10 14:22 -------- d-----w- c:\program files\Common Files\Nikon
2010-03-10 14:21 . 2010-03-10 14:21 -------- d-----w- c:\program files\Helicon Software
2010-03-09 11:09 . 2009-05-12 00:35 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 02:28 . 2009-12-08 18:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-06 21:45 . 2010-03-06 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\EmailNotifier
2010-03-06 21:45 . 2010-03-06 21:44 -------- d-----w- c:\program files\PhotoposComTbr
2010-03-04 02:00 . 2010-03-04 02:00 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-02-24 13:11 . 2009-05-12 00:35 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2008-04-14 00:54 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-05 16:10 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 09:46 . 2010-02-12 09:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 09:46 . 2010-02-12 09:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33 . 2009-05-12 00:35 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2009-05-12 00:35 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2004-07-22 09:51 . 2004-07-22 09:51 3432656 ----a-w- c:\program files\ManagedDX.CAB
2004-07-19 21:58 . 2004-07-19 21:58 1156363 ----a-w- c:\program files\BDANT.cab
2004-07-19 21:53 . 2004-07-19 21:53 976020 ----a-w- c:\program files\BDAXP.cab
2004-07-09 13:17 . 2004-07-09 13:17 13265040 ----a-w- c:\program files\dxnt.cab
2004-07-09 08:13 . 2004-07-09 08:13 15493481 ----a-w- c:\program files\DirectX.cab
2004-07-09 08:13 . 2004-07-09 08:13 703080 ----a-w- c:\program files\BDA.cab
2004-07-09 03:08 . 2004-07-09 03:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 03:08 . 2004-07-09 03:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 02:03 . 2004-07-09 02:03 62976 ----a-w- c:\program files\DSETUP.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-05-03_19.29.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-04 08:45 . 2010-05-04 08:45 16384 c:\windows\Temp\Perflib_Perfdata_6f0.dat
+ 2009-05-12 00:35 . 2010-05-04 08:49 68490 c:\windows\system32\perfc009.dat
- 2009-05-12 00:35 . 2010-05-03 19:22 68490 c:\windows\system32\perfc009.dat
+ 2009-05-12 00:35 . 2010-05-04 08:49 435594 c:\windows\system32\perfh009.dat
- 2009-05-12 00:35 . 2010-05-03 19:22 435594 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-05-08 395776]
"ManyCam"="c:\program files\ManyCam 2.4\ManyCam.exe" [2009-12-19 1824040]
"Google Update"="c:\documents and settings\Správca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-25 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-07-14 949376]
"BigDog305"="c:\windows\VM305_STI.EXE" [2007-04-09 57344]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Spr vca\Start Menu\Programs\Startup\
Orez vaź obrazovky a spŁçśaź programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-26 376832]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
2009-12-19 05:04 1824040 ----a-w- c:\program files\ManyCam 2.4\ManyCam.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Správca\\Desktop\\ikony z plochy\\Arkanoid3d\\Arkanoid 3D\\Arkanoid3d.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [14.7.2009 21:02 15424]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [20.5.2009 7:08 38912]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14.1.2008 12:06 21632]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.7.2009 20:45 691696]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1.10.2009 21:32 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [29.10.2009 22:04 1684736]
S3 uvclf;uvclf;c:\windows\system32\DRIVERS\uvclf.sys --> c:\windows\system32\DRIVERS\uvclf.sys [?]
S3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [12.10.2009 19:32 391688]
.
Contents of the 'Scheduled Tasks' folder
2010-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 19:31]
2010-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-01 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Správca\Application Data\Mozilla\Firefox\Profiles\m23op3hw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ooVoo Chat Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1572363&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://urlseek.vmn.net/search.php?type=dns&tbn=photopos2_0&q=
FF - component: c:\documents and settings\Správca\Application Data\Mozilla\Firefox\Profiles\m23op3hw.default\extensions\{5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8}\components\dtTransparency.dll
FF - component: c:\documents and settings\Správca\Application Data\Mozilla\Firefox\Profiles\m23op3hw.default\extensions\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}\components\FFExternalAlert.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-04 11:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-510800751-467427538-2743169865-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A22B5106-9B6A-BB63-49AB-1B73FFE3B23B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oandlcepfbefiddmameppjjbgaenhl"=hex:61,69,64,63,6b,64,6c,6a,6e,64,66,61,61,6a,
6c,68,6d,69,6e,70,65,6d,66,65,68,65,6b,62,70,6a,62,65,66,63,62,61,67,68,64,\
"iacdbabadblmmohfik"=hex:6a,61,68,62,6d,6c,68,6e,6e,6f,6c,67,6d,6f,63,61,67,6e,
6a,67,00,00
"haidhdciccgeclkc"=hex:6a,61,68,62,6d,6c,68,6e,6e,6f,6c,67,6d,6f,63,61,67,6e,
6a,67,00,d7
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(776)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Completion time: 2010-05-04 11:03:45
ComboFix-quarantined-files.txt 2010-05-04 09:03
ComboFix2.txt 2010-05-03 19:31
Pre-Run: 58 598 182 912 bytes free
Post-Run: 11 adresárov, 58 556 170 240 voľných bajtov
- - End Of File - - 855D28E11FAA6194828DAD35678041D8
-
Rudy
- Site Admin
- Příspěvky: 119408
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu. Dakujem.
Log již vypadá čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
neskutocna13
- Návštěvník
- Příspěvky: 4
- Registrován: 03 kvě 2010 18:26
Re: Prosim o kontrolu logu. Dakujem.
Dakujem za pomoc.
-
Rudy
- Site Admin
- Příspěvky: 119408
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu. Dakujem.
Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?