Spyware Doctor mi našiel nejaké infikované súbory a preto dávam log či je v PC naozaj čisto:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Peter at 2010-05-03 17:20:05
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 32 GB (63%) free of 51 GB
Total RAM: 1023 MB (53% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20:31, on 3.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Peter\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Peter.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.sk/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3855522859
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.80.66.25/activex/AxisCamControl.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crl ... crlocx.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Update Service (gupdate1c986ed766218a2) (gupdate1c986ed766218a2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Peter/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
--
End of file - 7323 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{5424BEA9-A10A-4D48-AC65-CB94681185C6}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-04-04 61888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-03-28 1017592]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-09-11 2054360]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe /automount []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-08-06 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-12 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-04-13 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MultiScreen]
C:\Program Files\MultiScreen\MultiScreen.exe [2008-06-30 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-12-02 2221352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-11-06 570664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe /command:faststart []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe [2006-05-16 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-12-07 30208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-04-15 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WIAWizardMenu]
C:\WINDOWS\system32\sti_ci.dll [2008-04-14 136704]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2010-01-14 37888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Ponuka Štart^Programy^Pri spustení^Bluetooth.lnk]
C:\PROGRA~1\MSI\BTOESB~1\BTTray.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe [2005-08-06 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\MSI\BTOESB~1\BTTray.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-12 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-04 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Disabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:PowerDVD"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ae97f81-511b-11de-86e7-000272cc2d5d}]
shell\verb\command - explorer http://www.p4c.philips.com/files/s/sa1m ... al_eng.zip
======List of files/folders created in the last 1 months======
2010-05-03 15:56:07 ----A---- C:\WINDOWS\BDTSupport.dll
2010-05-03 15:56:06 ----A---- C:\WINDOWS\SGDetectionTool.dll
2010-05-03 15:56:05 ----A---- C:\WINDOWS\PCTBDRes.dll
2010-05-03 15:56:05 ----A---- C:\WINDOWS\PCTBDCore.dll
2010-05-03 15:50:16 ----D---- C:\Program Files\Common Files\PC Tools
2010-05-03 15:50:14 ----D---- C:\Program Files\Spyware Doctor
2010-05-03 15:50:14 ----D---- C:\Documents and Settings\Peter\Application Data\PC Tools
2010-05-03 15:50:14 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2010-05-02 22:22:08 ----D---- C:\Program Files\ICQ7.1
2010-04-20 23:31:25 ----A---- C:\WINDOWS\HPLANET.ini
2010-04-20 23:12:52 ----A---- C:\WINDOWS\system32\VB5DB.DLL
2010-04-20 23:12:49 ----D---- C:\Program Files\SatScape
2010-04-19 13:41:22 ----D---- C:\WINDOWS\system32\windowspowershell
2010-04-19 13:41:12 ----HDC---- C:\WINDOWS\$NtUninstallKB926139-v2$
2010-04-14 14:22:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 14:19:07 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 14:18:54 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 14:18:47 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-14 14:18:33 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 14:18:19 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 14:16:26 ----N---- C:\WINDOWS\system32\browserchoice.exe
======List of files/folders modified in the last 1 months======
2010-05-03 17:20:21 ----D---- C:\Program Files\Trend Micro
2010-05-03 17:20:17 ----D---- C:\WINDOWS\temp
2010-05-03 17:20:14 ----D---- C:\WINDOWS\Prefetch
2010-05-03 17:19:50 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-05-03 17:09:20 ----D---- C:\WINDOWS\system32
2010-05-03 16:02:21 ----D---- C:\WINDOWS\system32\drivers
2010-05-03 15:56:07 ----D---- C:\WINDOWS
2010-05-03 15:53:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-03 15:50:58 ----SHD---- C:\WINDOWS\Installer
2010-05-03 15:50:57 ----D---- C:\Config.Msi
2010-05-03 15:50:54 ----D---- C:\WINDOWS\WinSxS
2010-05-03 15:50:16 ----D---- C:\Program Files\Common Files
2010-05-03 15:50:14 ----D---- C:\Program Files
2010-05-03 15:50:03 ----D---- C:\WINDOWS\system32\ias
2010-05-03 15:48:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-03 15:44:29 ----A---- C:\WINDOWS\wincmd.ini
2010-05-03 15:44:28 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-05-02 22:24:40 ----D---- C:\Documents and Settings\Peter\Application Data\ICQ
2010-05-02 22:23:34 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-02 22:23:22 ----D---- C:\Program Files\ICQ6Toolbar
2010-05-02 22:23:06 ----D---- C:\Documents and Settings\All Users\Application Data\ICQ
2010-05-02 18:32:59 ----D---- C:\WINDOWS\Debug
2010-05-02 18:31:53 ----D---- C:\Program Files\CCleaner
2010-05-02 18:29:04 ----D---- C:\Program Files\Google
2010-05-02 16:37:50 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-01 17:56:46 ----RASH---- C:\boot.ini
2010-05-01 17:56:46 ----A---- C:\WINDOWS\win.ini
2010-05-01 17:56:46 ----A---- C:\WINDOWS\system.ini
2010-04-30 23:06:23 ----D---- C:\Documents and Settings\Peter\Application Data\Skype
2010-04-30 21:57:46 ----D---- C:\Documents and Settings\Peter\Application Data\skypePM
2010-04-29 16:23:38 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-28 14:23:30 ----RD---- C:\Program Files\Skype
2010-04-24 16:20:16 ----RSD---- C:\WINDOWS\assembly
2010-04-24 16:20:11 ----D---- C:\WINDOWS\AppPatch
2010-04-20 16:11:38 ----D---- C:\WINDOWS\system32\config
2010-04-19 14:39:31 ----D---- C:\WINDOWS\Microsoft.NET
2010-04-19 13:41:45 ----HD---- C:\WINDOWS\inf
2010-04-14 14:22:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-14 14:19:05 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-14 14:18:40 ----D---- C:\WINDOWS\ie8updates
2010-04-06 10:52:56 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2008-07-17 33408]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-09-11 108792]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-09-11 55768]
R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-09-11 116008]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-09-11 135048]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-04 3488768]
R3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
R3 BTHMODEM;Bluetooth Serial Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-06-19 33096]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 n558;N558 Bluetooth USB Filter Driver; C:\WINDOWS\System32\Drivers\n558.sys [2007-08-15 9600]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-01 54784]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-01 22016]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2007-12-13 47360]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
R3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys []
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2005-05-31 30189]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pctplsg;pctplsg; \??\C:\WINDOWS\system32\drivers\pctplsg.sys []
S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 61600]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 9360]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 97184]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 88688]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS); C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-05-01 18704]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM); C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-05-01 90800]
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM); C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys [2007-07-26 39808]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-04 602112]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-10 112592]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-09-11 735960]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate1c986ed766218a2;Google Update Service (gupdate1c986ed766218a2); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-04 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-09-11 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-23 183280]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-12-02 877864]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-12-12 537896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-01-30 107832]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-11-06 1141712]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 ThreatFire;ThreatFire; C:\Program Files\Spyware Doctor\TFEngine\TFService.exe [2009-11-12 70928]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-08-05 516096]
S4 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe []
S4 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -k runservice []
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe []
S4 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe []
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119411
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Log vypadá čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu
Vďaka
-
Rudy
- Site Admin
- Příspěvky: 119411
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu
ja som ešte skúšal program MBAM a našiel 5 infikovaných súborov, log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verzia databázy: 4065
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4.5.2010 18:50:34
mbam-log-2010-05-04 (18-50-34).txt
Typ kontroly: Úplná kontrola (C:\|D:\|)
Objektov kontrolovaných: 222959
Uplynulý čas: 1 hod, 15 min, 36 sek
Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 3
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 2
Infikované služby pamäte:
(Škodlivé položky neboli zistené)
Infikované moduly pamäte:
(Škodlivé položky neboli zistené)
Infikované registračné kľúče:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\Adparatus (Adware.Adparatus) -> No action taken.
HKEY_CURRENT_USER\Software\MarketPrecision\DuhikiToolbar (Malware.Trace) -> No action taken.
Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)
Infikované položky registračných dát:
(Škodlivé položky neboli zistené)
Infikované priečinky:
(Škodlivé položky neboli zistené)
Infikované súbory:
C:\WINDOWS\system32\updater\explorer.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\d3dx10d.dll (Trojan.FakeAlert) -> No action taken.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verzia databázy: 4065
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4.5.2010 18:50:34
mbam-log-2010-05-04 (18-50-34).txt
Typ kontroly: Úplná kontrola (C:\|D:\|)
Objektov kontrolovaných: 222959
Uplynulý čas: 1 hod, 15 min, 36 sek
Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 3
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 2
Infikované služby pamäte:
(Škodlivé položky neboli zistené)
Infikované moduly pamäte:
(Škodlivé položky neboli zistené)
Infikované registračné kľúče:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\Adparatus (Adware.Adparatus) -> No action taken.
HKEY_CURRENT_USER\Software\MarketPrecision\DuhikiToolbar (Malware.Trace) -> No action taken.
Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)
Infikované položky registračných dát:
(Škodlivé položky neboli zistené)
Infikované priečinky:
(Škodlivé položky neboli zistené)
Infikované súbory:
C:\WINDOWS\system32\updater\explorer.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\d3dx10d.dll (Trojan.FakeAlert) -> No action taken.
-
Rudy
- Site Admin
- Příspěvky: 119411
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Vše smažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu
Vykonané 
Re: Prosím o kontrolu
naskytol sa ešte jeden problémik, že keď vypínam PC, tak dlho sa vypína a stále vypisuje, že ukladá nastavenia..nechal som to asi 10 min. a PC sa stále nevypol, tak som musel podržať tlačítko...kde môže byť chyba?
-
Rudy
- Site Admin
- Příspěvky: 119411
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu
To se stalo až teď, po vyčištění?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu
neviem presne, ale zdá sa, že áno
-
Rudy
- Site Admin
- Příspěvky: 119411
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Zkuste najprve čištění CCleanerem: http://www.viry.cz/forum/viewtopic.php?f=46&t=7478 . Pokud to nepomže, udělejte obnovu systému k datu, kdy korketně fungoval.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu
a log z COMBOFIXU by nepomohol?
-
Rudy
- Site Admin
- Příspěvky: 119411
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu
CF pomůže, pokud by tam byl virus. Zkusit to můžete, ale nejsem přesvědčen o úspěchu. Pokud vám to systém před tím nedělal, pochybuji, že to bude způsobeno virem.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu
tak aspoň vyskúšam:
ComboFix 10-05-05.0D - Peter 06.05.2010 22:28:16.15.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1023.624 [GMT 2:00]
Running from: c:\documents and settings\Peter\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\d.ini
.
((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))))
.
2010-05-04 17:07 . 2010-05-04 17:07 54016 ----a-w- c:\windows\system32\drivers\lqrukxd.sys
2010-05-03 14:02 . 2009-11-12 08:03 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-05-03 14:02 . 2009-11-12 08:03 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-05-03 14:02 . 2009-11-12 08:03 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-05-03 13:56 . 2009-11-10 08:26 767952 ----a-w- c:\windows\BDTSupport.dll
2010-05-03 13:56 . 2009-11-10 08:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-05-03 13:56 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-05-03 13:56 . 2009-11-10 08:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-05-03 13:56 . 2009-11-10 08:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-05-03 13:56 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip
2010-05-03 13:51 . 2009-10-30 09:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-05-03 13:51 . 2009-11-09 09:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-05-03 13:51 . 2009-10-06 14:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-05-03 13:50 . 2009-09-03 07:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-05-03 13:50 . 2010-05-03 13:56 -------- d-----w- c:\program files\Common Files\PC Tools
2010-05-03 13:50 . 2010-05-03 15:54 -------- d-----w- c:\program files\Spyware Doctor
2010-05-03 13:50 . 2010-05-03 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-05-03 13:50 . 2010-05-03 13:50 -------- d-----w- c:\documents and settings\Peter\Application Data\PC Tools
2010-05-02 20:22 . 2010-05-02 20:22 -------- d-----w- c:\documents and settings\Peter\Local Settings\Application Data\AOL
2010-05-02 20:22 . 2010-05-02 20:29 -------- d-----w- c:\program files\ICQ7.1
2010-04-20 21:12 . 1998-06-17 22:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2010-04-20 21:12 . 2010-04-20 21:17 -------- d-----w- c:\program files\SatScape
2010-04-14 12:16 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 20:25 . 2007-06-26 12:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-06 14:10 . 2008-06-26 10:30 -------- d-----w- c:\program files\Trend Micro
2010-05-05 16:38 . 2007-09-20 12:52 -------- d-----w- c:\documents and settings\Peter\Application Data\ICQ
2010-05-05 07:06 . 2007-06-20 19:41 -------- d-----w- c:\documents and settings\Peter\Application Data\Skype
2010-05-05 06:00 . 2009-04-14 08:51 -------- d-----w- c:\documents and settings\Peter\Application Data\skypePM
2010-05-02 20:23 . 2007-01-27 15:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-02 20:23 . 2008-12-12 20:37 -------- d-----w- c:\program files\ICQ6Toolbar
2010-05-02 20:23 . 2008-12-12 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2010-05-02 16:31 . 2009-06-05 16:04 -------- d-----w- c:\program files\CCleaner
2010-05-02 16:29 . 2007-11-28 15:50 -------- d-----w- c:\program files\Google
2010-04-30 18:41 . 2008-02-27 19:19 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstWA\unins000.exe
2010-04-28 12:23 . 2010-03-15 11:43 -------- d-----r- c:\program files\Skype
2010-03-15 11:43 . 2007-06-20 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-03-14 21:25 . 2008-07-12 14:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-14 21:25 . 2007-07-07 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 19:44 . 2010-03-09 19:33 -------- d-----w- c:\documents and settings\Peter\Application Data\Happy Foto
2010-03-08 18:12 . 2007-01-27 16:02 28968 ----a-w- c:\documents and settings\Peter\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-17 07:10 . 2004-08-04 12:00 2189952 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2066816 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Ponuka Štart^Programy^Pri spustení^Bluetooth.lnk]
path=c:\documents and settings\All Users\Ponuka Štart\Programy\Pri spustení\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-08-06 00:07 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 22:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-04-13 10:09 49152 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MultiScreen]
2008-06-30 09:41 114688 ----a-w- c:\program files\MultiScreen\MultiScreen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-02 14:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-11-06 07:25 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
2006-05-16 16:51 57344 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-12-07 21:57 30208 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-04-15 03:01 77824 ----a-w- c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WIAWizardMenu]
2008-04-14 00:12 136704 ----a-w- c:\windows\system32\sti_ci.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3.5.2010 15:51 207792]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [3.5.2010 16:02 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [3.5.2010 16:02 59664]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11.9.2009 8:23 108792]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3.5.2010 15:51 233136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [3.5.2010 15:56 112592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11.9.2009 8:24 735960]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [12.12.2008 22:37 246520]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.7.2008 14:29 691696]
S2 gupdate1c986ed766218a2;Google Update Service (gupdate1c986ed766218a2);c:\program files\Google\Update\GoogleUpdate.exe [4.2.2009 19:24 133104]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [3.5.2010 15:50 70408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [3.5.2010 15:50 359624]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [3.5.2010 16:02 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
Contents of the 'Scheduled Tasks' folder
2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 17:24]
2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 17:24]
2010-05-06 c:\windows\Tasks\User_Feed_Synchronization-{5424BEA9-A10A-4D48-AC65-CB94681185C6}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\bgvefcv4.Mozilla\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/resul ... EF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.3&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv41629.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\TV JOJ Media Player\npplugin_netscape.dll
FF - plugin: d:\google\Picasa3\npPicasa2.dll
FF - plugin: d:\google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
MSConfigStartUp-Google Update - c:\documents and settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-NokiaMusic FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-06 22:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2000478354-1364589140-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2000478354-1364589140-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:59,54,ce,64,8d,da,31,a5,31,7c,f0,62,c0,b4,2a,09,30,24,e4,ca,d9,
9f,00,82,8e,84,68,76,da,e7,ca,a5,3b,74,8b,0d,f8,c5,45,2b,60,af,22,ef,8c,ac,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="17DB12C71B85235D2D6147ED8FD1A4E144F0D209CA23A39B3F184B886CDE1E8E21A6DB2B6BF438547DB8921A579F98968B1ABF4A2C61CCD8BB77E031B1E83C9A635EA4C6F0AF353FF88CF461B7F5FDCB5B9116D2258F7EF42E3FD86055F474F946E954058BB2BD501FF8B50A771BA7A36BC8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C9DB7CE019D40AA5C9DB7CE019D40AA5C4CC5F754BC4E3E29FEA336704F9B858FCD214B3B508BB02DD790A237DFB199C3ECC77A7FA81FEB31DCADA6832D622E4CD19FE189B4D0DF9B44ABAF0A40259E4DF40E505B8D6C66117E0A44A3B241D6B1F30D5CA741D813098B23DC5EFE5FA74061B9315CA823855DC4B9AE8C4E14902893E5E2B5B28D35563010FCD74AF41691F6A2BACD3923C6405270EA4DEE26902ED75806AACB4855F578404870556D7548BB52EB4F82C34AF60F93E34A8ABCB1D5294BB6CC4F5826EF6E365AF757C56F837B0729D1CCCCD5D22A4066BB980BF047B356CBBA0A01005F6126310F89ECD47045B3BB9EE27B533810C5232D17BCF03AE9470064C7F8DAF161F931AA2CC819D56C7FD0CE1580CC22F728B0FD056FF67E001DF00E5B6C576DC4CF229580AFD48A884476513680F41CD79E07E2E8B46DF5EF0CA15219783927A7F8ADECCD6D42F97310A3691F1621486C9305E1CA136297757DF71CDA31658BE6F9E5A35EC2C227CC272F2D2ACCC85C3627EAD7B60508EB148E3F2D809E6898A40E3C7D81E359A3F87ED48838268A20F92EDEF4BDF7B2148E8EA41A693AF063472208950AF8AF1A1D4037B82D97A6F2BEAEE93D744D5E3F6F83BBCBFAF25091795606DACD9C8FC4A64CD8D1EE88004450E47A86735C273504A4FAFD202D005FA882D40CA6E0E9F4C1B4A3BAEA59A21AC04060FE57EE50CF5C5E3B42C63F191C06AE77C175C8530EE4BF622D8F573A0EE26452A441413E7E4F51BBFEDE73DAAA891856659BCB010AC4E8463951C9174DCE2868CBD5087CC1F353A06ADE8928826DB0BBB27F5752735DDDE3BF28E8AE18E018A11DBC673832A86B6E12423508AE2E1FD73D0D4A456BEE80B3F80E6299C5B8F2DC1224FA43F70ED68E57831CA54E0FBB3D6A32F87DA67A68116F83D615BDBB2CE2FDBA4F13520A85D16E27DA4F1616946474E0AA436C49DFBD020DDA027D916CDA8137E6C192C59C6960B07EF7CA8DE929688F1D031964655D62B177E517260ED19550380EA0ADF5EA0AAA8C38C98333C8A7BA7F4D9E1D2C79997CAAE72FA9213B86442C5AF4739AD29CA2794882C999E7E9DFF554FE05987C007EE4D5FE10696B72D222AA9F8B4EFD1C2BB188F5F6780FB6819870D37347B846CA8AA15512DC1BCF41EBA9C1AF04AFE058147C3DE4E3276D2772"
"OODEFRAG08.00.00.01WORKSTATION"="7B25A8EF5C5A36912B3AA0E5532E62A5F731987EC5E89ECC10562E57777B5CD5A1C02B5E42E67E8A7C7527E7DF56638A8212F850036148FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C9DB7CE019D40AA5C9DB7CE019D40AA5CB943DEF6045B1732FED8F3AD8FE0D0BD4E3880CD858FF0CB06661E9C57390B7FA60E38FA019846C72CF93C50B36C1EB07C4B5954FD55211ADB8E4BA2161C49ADFD1C3E20A8AF63AD194AB5AC3D810812186914A926AF1B74511820CE077968CA4E622DCE618BC8F6AB323F48BD95D7A28291CF90D9B53A67DC389D416BAD7452C9EB87A375ECD2AB703479DD27EC5D14BDDAF0FED2D05F739D37874DE8E57F314755116E13E9E3C595614CD9D2A0EA11F1EA1E1FB140ED0F53F365F908A81D4B3ED254B3CD6AE1346C6160DD7A9FD6356CFE43D0FB184D21E1DE848238CCE5F4CF2A1EAD9A2AB5DAEDEF253FBDABFA0F9B670DA41ABDE88954FC7358487D76783A357EC6D3BCCC90B45CCC09A0D9B8A39409F1E3D7ECB09656E7081D6E3BEF94E6E14CA0B984991F7E894CF70A146F6C0FDAA68665B3180FB94DD8A8C5D977FADD341F906CBA12C6AF6F5EFB451988D16569A63C57F4172BF16DC387490134514CC0D41DF3EB2FBACD1801BC02F8EB3719D6336726672919191FE7785CACD3B106328E04397A6E2105237792D31B8BEE4E554C1FAE16CE786B4A296E432B86AA00C7B1368C19D19623C4C50BB1385742CB2DBA2CB0DF0A5EC96CB092A6A1813FD3D267579FD2DEA71B4438E8F6DEC6EBFD3C0A8ED1F6E3D3BA96693F16087C6240B89C400882205A06FB5B2064EFD51C74F089799863E657E46F8304812AB501267582FCC0D822A29B5B02DB9BA1807763D04BD0F27EA358952EF424BE276B770C968DCE285CF5ED3CE6437725FD4B16A2F326323077AC3CBF2374980773E4181CBEF72A01E4B3996BB3F7066BE23D832F86B6EA85D11B5D752C7D0BF755E92A24243E38709E7179CEEE3FCC3F02603F2749DBFB8AE38A86F1BFD15D92E9466615112254828AD0D4B25679C5D261C23FCE0FB71EBCD719F910E875A03C214B7B85E2A70FA47EEF6605BECE1E3D59F6698F42323BFBACEA6D52422F9DBFBE4D8AB08C19AC29A177DCD78E28B67B19941CF25D76F08B37A9885D7F8C4F48D8252AF1940427C7720F5B64C1B426EB22B6242BEF7392161A7DE8F9E35CE568DDAF654D95382A19C0647904E666B4524A7A480A21DBA6A654991F944A3444968B4D38673CCB161D312AC1B52072E0553A833F892828E72EB2AF313E1E6B822A7663960A4D1700B43D16341DA7545B81F17736C4CF92C40057F6972CE21EEB628559E4A49C38AFA73160C20046480BC44182CBF9799ADED5B92C4037"
"OODEFRAG11.00.00.01WORKSTATION"="ECA0B56A1CC63E9A0E60D2B7B9289982FAFB6E59B0082374DE0131EDE7719240D4FDCCC245B0E5C1E58E5E359B2C5F47CEF2A11B58C46608A53F6B458AC52E2B4111800EB4EA2BDC745C3076786F5E769EC7CA560135ECB484915E984FF2897DFE11478BCBF62B37763D113D2BFC18ACB144A9EE228E3B096DBC5C0C6BF3CED7CDDC293F1CBAD5A199445F0FC443E00D43568F09EA67AA18C927CF05CBAAFDDEE4F346F2ED7E6E72FDAC0DB38993623B81FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E6675D575E7D6A3B9808FEBC9E127BECC74CA2C352430A5DCCDD0FFA6E1759B857EE993AD0C0C4B89B375C0708D3CBB7038841FA23F50063CFB1112F0EC75D420B4809E77E94268FF2C60996F8DADDDD077BCB29571CC1961D3E32AAE886E2BB06869C3629E4470647BED9B070E79AC960761BE44E356F329DDD0358E34F964606103F824F4BFC43C93132492F519FC64EDC2CD72EF311C6C45E3BB522540655CB408041BA957CBF2BA799683F22EC731682A0BCDE410E378601B4D50D7822B29EE4917AF244E1CAA29DBBA9E818E7427E303DE78AB7B3BBDA7D6CDCD1D4C3FBC6434AC7C68D2D04EB8269BEBDA556795224E93DA32635603F7B848762B6A3A01311A5DA49DAC1E2C33A95EA0FF2E6B4E20EB3B5DC11A605B49CC324729C61E6D47843F4504A66B0ED1ED88674D8A9628294CCDE2F3081DBBEEE92127C3EFD65E01A64EDF42C478BB179EE7EC9E512C5894E885AD6EEA3EDE5FA7FCABC01E00B9109F13196077365D90D38512EDDF975D34A61DD53ECCD9739B9BC573503D39744CA74BE56145D83338A371683B61D5B400973B168FB2708C519A0552B94069E5B5B1DA79B405EFE119C94F2F21A1A38337F7EB21FA63643237CA3F726B90A8B3CAABD160F2F30C6CADE9D2565E7789C93176954C3266AA0E7B8658574AB541ACF194D432033731C3B5FBF7C0CB11F70CDAB3C99E5EA154BB297A5D728D641D9838065FE0158A915BF2411DD583E5A6DD010241D5A186A44A258CCDD935B0FB04A2AC7AC275B3C9A3CA548408287DA249008F08A380585DEDC2C6398D38EDE5799565543CC2EF56C964D40B186BDB4F5844C19255C3EE1430A39961FC1F7B8DAE9B6954FEFF5871A3A7D7B51A1C1609B290A34416782E2EC5798B91C8254861B3A7333ED538B818A94099C53D7AB3A1C7D630048BCC4CBAA745A42CDF815154E8B26FD547CFCDCF79939EA7F70C404D905ECDC3705AD48A11700C906CDDD197B63DF6749B58C746EBF4953B4760BDF0748AF50A0AB9864C876FD8EAAEF87A7804C2286A78DAE89D10168E4DFB832572851278228619512ECD0BF7236109EBB0ED264175ED58DBC56DCBBD388CA21571BB1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1044)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-05-06 22:36:33
ComboFix-quarantined-files.txt 2010-05-06 20:36
Pre-Run: 33 730 248 704 bytes free
Post-Run: 13 adresárov, 33 844 678 656 voľných bajtov
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
- - End Of File - - FB9076D6A424CB02146211676F211264
ComboFix 10-05-05.0D - Peter 06.05.2010 22:28:16.15.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1023.624 [GMT 2:00]
Running from: c:\documents and settings\Peter\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\d.ini
.
((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))))
.
2010-05-04 17:07 . 2010-05-04 17:07 54016 ----a-w- c:\windows\system32\drivers\lqrukxd.sys
2010-05-03 14:02 . 2009-11-12 08:03 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-05-03 14:02 . 2009-11-12 08:03 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-05-03 14:02 . 2009-11-12 08:03 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-05-03 13:56 . 2009-11-10 08:26 767952 ----a-w- c:\windows\BDTSupport.dll
2010-05-03 13:56 . 2009-11-10 08:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-05-03 13:56 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-05-03 13:56 . 2009-11-10 08:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-05-03 13:56 . 2009-11-10 08:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-05-03 13:56 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip
2010-05-03 13:51 . 2009-10-30 09:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-05-03 13:51 . 2009-11-09 09:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-05-03 13:51 . 2009-10-06 14:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-05-03 13:50 . 2009-09-03 07:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-05-03 13:50 . 2010-05-03 13:56 -------- d-----w- c:\program files\Common Files\PC Tools
2010-05-03 13:50 . 2010-05-03 15:54 -------- d-----w- c:\program files\Spyware Doctor
2010-05-03 13:50 . 2010-05-03 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-05-03 13:50 . 2010-05-03 13:50 -------- d-----w- c:\documents and settings\Peter\Application Data\PC Tools
2010-05-02 20:22 . 2010-05-02 20:22 -------- d-----w- c:\documents and settings\Peter\Local Settings\Application Data\AOL
2010-05-02 20:22 . 2010-05-02 20:29 -------- d-----w- c:\program files\ICQ7.1
2010-04-20 21:12 . 1998-06-17 22:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2010-04-20 21:12 . 2010-04-20 21:17 -------- d-----w- c:\program files\SatScape
2010-04-14 12:16 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 20:25 . 2007-06-26 12:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-06 14:10 . 2008-06-26 10:30 -------- d-----w- c:\program files\Trend Micro
2010-05-05 16:38 . 2007-09-20 12:52 -------- d-----w- c:\documents and settings\Peter\Application Data\ICQ
2010-05-05 07:06 . 2007-06-20 19:41 -------- d-----w- c:\documents and settings\Peter\Application Data\Skype
2010-05-05 06:00 . 2009-04-14 08:51 -------- d-----w- c:\documents and settings\Peter\Application Data\skypePM
2010-05-02 20:23 . 2007-01-27 15:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-02 20:23 . 2008-12-12 20:37 -------- d-----w- c:\program files\ICQ6Toolbar
2010-05-02 20:23 . 2008-12-12 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2010-05-02 16:31 . 2009-06-05 16:04 -------- d-----w- c:\program files\CCleaner
2010-05-02 16:29 . 2007-11-28 15:50 -------- d-----w- c:\program files\Google
2010-04-30 18:41 . 2008-02-27 19:19 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstWA\unins000.exe
2010-04-28 12:23 . 2010-03-15 11:43 -------- d-----r- c:\program files\Skype
2010-03-15 11:43 . 2007-06-20 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-03-14 21:25 . 2008-07-12 14:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-14 21:25 . 2007-07-07 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 19:44 . 2010-03-09 19:33 -------- d-----w- c:\documents and settings\Peter\Application Data\Happy Foto
2010-03-08 18:12 . 2007-01-27 16:02 28968 ----a-w- c:\documents and settings\Peter\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-17 07:10 . 2004-08-04 12:00 2189952 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2066816 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Ponuka Štart^Programy^Pri spustení^Bluetooth.lnk]
path=c:\documents and settings\All Users\Ponuka Štart\Programy\Pri spustení\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-08-06 00:07 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 22:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-04-13 10:09 49152 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MultiScreen]
2008-06-30 09:41 114688 ----a-w- c:\program files\MultiScreen\MultiScreen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-02 14:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-11-06 07:25 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
2006-05-16 16:51 57344 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-12-07 21:57 30208 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-04-15 03:01 77824 ----a-w- c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WIAWizardMenu]
2008-04-14 00:12 136704 ----a-w- c:\windows\system32\sti_ci.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3.5.2010 15:51 207792]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [3.5.2010 16:02 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [3.5.2010 16:02 59664]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11.9.2009 8:23 108792]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3.5.2010 15:51 233136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [3.5.2010 15:56 112592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11.9.2009 8:24 735960]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [12.12.2008 22:37 246520]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.7.2008 14:29 691696]
S2 gupdate1c986ed766218a2;Google Update Service (gupdate1c986ed766218a2);c:\program files\Google\Update\GoogleUpdate.exe [4.2.2009 19:24 133104]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [3.5.2010 15:50 70408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [3.5.2010 15:50 359624]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [3.5.2010 16:02 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
Contents of the 'Scheduled Tasks' folder
2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 17:24]
2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 17:24]
2010-05-06 c:\windows\Tasks\User_Feed_Synchronization-{5424BEA9-A10A-4D48-AC65-CB94681185C6}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\bgvefcv4.Mozilla\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/resul ... EF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.3&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv41629.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\TV JOJ Media Player\npplugin_netscape.dll
FF - plugin: d:\google\Picasa3\npPicasa2.dll
FF - plugin: d:\google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
MSConfigStartUp-Google Update - c:\documents and settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-NokiaMusic FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-06 22:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2000478354-1364589140-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2000478354-1364589140-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:59,54,ce,64,8d,da,31,a5,31,7c,f0,62,c0,b4,2a,09,30,24,e4,ca,d9,
9f,00,82,8e,84,68,76,da,e7,ca,a5,3b,74,8b,0d,f8,c5,45,2b,60,af,22,ef,8c,ac,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="17DB12C71B85235D2D6147ED8FD1A4E144F0D209CA23A39B3F184B886CDE1E8E21A6DB2B6BF438547DB8921A579F98968B1ABF4A2C61CCD8BB77E031B1E83C9A635EA4C6F0AF353FF88CF461B7F5FDCB5B9116D2258F7EF42E3FD86055F474F946E954058BB2BD501FF8B50A771BA7A36BC8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C9DB7CE019D40AA5C9DB7CE019D40AA5C4CC5F754BC4E3E29FEA336704F9B858FCD214B3B508BB02DD790A237DFB199C3ECC77A7FA81FEB31DCADA6832D622E4CD19FE189B4D0DF9B44ABAF0A40259E4DF40E505B8D6C66117E0A44A3B241D6B1F30D5CA741D813098B23DC5EFE5FA74061B9315CA823855DC4B9AE8C4E14902893E5E2B5B28D35563010FCD74AF41691F6A2BACD3923C6405270EA4DEE26902ED75806AACB4855F578404870556D7548BB52EB4F82C34AF60F93E34A8ABCB1D5294BB6CC4F5826EF6E365AF757C56F837B0729D1CCCCD5D22A4066BB980BF047B356CBBA0A01005F6126310F89ECD47045B3BB9EE27B533810C5232D17BCF03AE9470064C7F8DAF161F931AA2CC819D56C7FD0CE1580CC22F728B0FD056FF67E001DF00E5B6C576DC4CF229580AFD48A884476513680F41CD79E07E2E8B46DF5EF0CA15219783927A7F8ADECCD6D42F97310A3691F1621486C9305E1CA136297757DF71CDA31658BE6F9E5A35EC2C227CC272F2D2ACCC85C3627EAD7B60508EB148E3F2D809E6898A40E3C7D81E359A3F87ED48838268A20F92EDEF4BDF7B2148E8EA41A693AF063472208950AF8AF1A1D4037B82D97A6F2BEAEE93D744D5E3F6F83BBCBFAF25091795606DACD9C8FC4A64CD8D1EE88004450E47A86735C273504A4FAFD202D005FA882D40CA6E0E9F4C1B4A3BAEA59A21AC04060FE57EE50CF5C5E3B42C63F191C06AE77C175C8530EE4BF622D8F573A0EE26452A441413E7E4F51BBFEDE73DAAA891856659BCB010AC4E8463951C9174DCE2868CBD5087CC1F353A06ADE8928826DB0BBB27F5752735DDDE3BF28E8AE18E018A11DBC673832A86B6E12423508AE2E1FD73D0D4A456BEE80B3F80E6299C5B8F2DC1224FA43F70ED68E57831CA54E0FBB3D6A32F87DA67A68116F83D615BDBB2CE2FDBA4F13520A85D16E27DA4F1616946474E0AA436C49DFBD020DDA027D916CDA8137E6C192C59C6960B07EF7CA8DE929688F1D031964655D62B177E517260ED19550380EA0ADF5EA0AAA8C38C98333C8A7BA7F4D9E1D2C79997CAAE72FA9213B86442C5AF4739AD29CA2794882C999E7E9DFF554FE05987C007EE4D5FE10696B72D222AA9F8B4EFD1C2BB188F5F6780FB6819870D37347B846CA8AA15512DC1BCF41EBA9C1AF04AFE058147C3DE4E3276D2772"
"OODEFRAG08.00.00.01WORKSTATION"="7B25A8EF5C5A36912B3AA0E5532E62A5F731987EC5E89ECC10562E57777B5CD5A1C02B5E42E67E8A7C7527E7DF56638A8212F850036148FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C9DB7CE019D40AA5C9DB7CE019D40AA5CB943DEF6045B1732FED8F3AD8FE0D0BD4E3880CD858FF0CB06661E9C57390B7FA60E38FA019846C72CF93C50B36C1EB07C4B5954FD55211ADB8E4BA2161C49ADFD1C3E20A8AF63AD194AB5AC3D810812186914A926AF1B74511820CE077968CA4E622DCE618BC8F6AB323F48BD95D7A28291CF90D9B53A67DC389D416BAD7452C9EB87A375ECD2AB703479DD27EC5D14BDDAF0FED2D05F739D37874DE8E57F314755116E13E9E3C595614CD9D2A0EA11F1EA1E1FB140ED0F53F365F908A81D4B3ED254B3CD6AE1346C6160DD7A9FD6356CFE43D0FB184D21E1DE848238CCE5F4CF2A1EAD9A2AB5DAEDEF253FBDABFA0F9B670DA41ABDE88954FC7358487D76783A357EC6D3BCCC90B45CCC09A0D9B8A39409F1E3D7ECB09656E7081D6E3BEF94E6E14CA0B984991F7E894CF70A146F6C0FDAA68665B3180FB94DD8A8C5D977FADD341F906CBA12C6AF6F5EFB451988D16569A63C57F4172BF16DC387490134514CC0D41DF3EB2FBACD1801BC02F8EB3719D6336726672919191FE7785CACD3B106328E04397A6E2105237792D31B8BEE4E554C1FAE16CE786B4A296E432B86AA00C7B1368C19D19623C4C50BB1385742CB2DBA2CB0DF0A5EC96CB092A6A1813FD3D267579FD2DEA71B4438E8F6DEC6EBFD3C0A8ED1F6E3D3BA96693F16087C6240B89C400882205A06FB5B2064EFD51C74F089799863E657E46F8304812AB501267582FCC0D822A29B5B02DB9BA1807763D04BD0F27EA358952EF424BE276B770C968DCE285CF5ED3CE6437725FD4B16A2F326323077AC3CBF2374980773E4181CBEF72A01E4B3996BB3F7066BE23D832F86B6EA85D11B5D752C7D0BF755E92A24243E38709E7179CEEE3FCC3F02603F2749DBFB8AE38A86F1BFD15D92E9466615112254828AD0D4B25679C5D261C23FCE0FB71EBCD719F910E875A03C214B7B85E2A70FA47EEF6605BECE1E3D59F6698F42323BFBACEA6D52422F9DBFBE4D8AB08C19AC29A177DCD78E28B67B19941CF25D76F08B37A9885D7F8C4F48D8252AF1940427C7720F5B64C1B426EB22B6242BEF7392161A7DE8F9E35CE568DDAF654D95382A19C0647904E666B4524A7A480A21DBA6A654991F944A3444968B4D38673CCB161D312AC1B52072E0553A833F892828E72EB2AF313E1E6B822A7663960A4D1700B43D16341DA7545B81F17736C4CF92C40057F6972CE21EEB628559E4A49C38AFA73160C20046480BC44182CBF9799ADED5B92C4037"
"OODEFRAG11.00.00.01WORKSTATION"="ECA0B56A1CC63E9A0E60D2B7B9289982FAFB6E59B0082374DE0131EDE7719240D4FDCCC245B0E5C1E58E5E359B2C5F47CEF2A11B58C46608A53F6B458AC52E2B4111800EB4EA2BDC745C3076786F5E769EC7CA560135ECB484915E984FF2897DFE11478BCBF62B37763D113D2BFC18ACB144A9EE228E3B096DBC5C0C6BF3CED7CDDC293F1CBAD5A199445F0FC443E00D43568F09EA67AA18C927CF05CBAAFDDEE4F346F2ED7E6E72FDAC0DB38993623B81FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E6675D575E7D6A3B9808FEBC9E127BECC74CA2C352430A5DCCDD0FFA6E1759B857EE993AD0C0C4B89B375C0708D3CBB7038841FA23F50063CFB1112F0EC75D420B4809E77E94268FF2C60996F8DADDDD077BCB29571CC1961D3E32AAE886E2BB06869C3629E4470647BED9B070E79AC960761BE44E356F329DDD0358E34F964606103F824F4BFC43C93132492F519FC64EDC2CD72EF311C6C45E3BB522540655CB408041BA957CBF2BA799683F22EC731682A0BCDE410E378601B4D50D7822B29EE4917AF244E1CAA29DBBA9E818E7427E303DE78AB7B3BBDA7D6CDCD1D4C3FBC6434AC7C68D2D04EB8269BEBDA556795224E93DA32635603F7B848762B6A3A01311A5DA49DAC1E2C33A95EA0FF2E6B4E20EB3B5DC11A605B49CC324729C61E6D47843F4504A66B0ED1ED88674D8A9628294CCDE2F3081DBBEEE92127C3EFD65E01A64EDF42C478BB179EE7EC9E512C5894E885AD6EEA3EDE5FA7FCABC01E00B9109F13196077365D90D38512EDDF975D34A61DD53ECCD9739B9BC573503D39744CA74BE56145D83338A371683B61D5B400973B168FB2708C519A0552B94069E5B5B1DA79B405EFE119C94F2F21A1A38337F7EB21FA63643237CA3F726B90A8B3CAABD160F2F30C6CADE9D2565E7789C93176954C3266AA0E7B8658574AB541ACF194D432033731C3B5FBF7C0CB11F70CDAB3C99E5EA154BB297A5D728D641D9838065FE0158A915BF2411DD583E5A6DD010241D5A186A44A258CCDD935B0FB04A2AC7AC275B3C9A3CA548408287DA249008F08A380585DEDC2C6398D38EDE5799565543CC2EF56C964D40B186BDB4F5844C19255C3EE1430A39961FC1F7B8DAE9B6954FEFF5871A3A7D7B51A1C1609B290A34416782E2EC5798B91C8254861B3A7333ED538B818A94099C53D7AB3A1C7D630048BCC4CBAA745A42CDF815154E8B26FD547CFCDCF79939EA7F70C404D905ECDC3705AD48A11700C906CDDD197B63DF6749B58C746EBF4953B4760BDF0748AF50A0AB9864C876FD8EAAEF87A7804C2286A78DAE89D10168E4DFB832572851278228619512ECD0BF7236109EBB0ED264175ED58DBC56DCBBD388CA21571BB1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1044)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-05-06 22:36:33
ComboFix-quarantined-files.txt 2010-05-06 20:36
Pre-Run: 33 730 248 704 bytes free
Post-Run: 13 adresárov, 33 844 678 656 voľných bajtov
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
- - End Of File - - FB9076D6A424CB02146211676F211264
-
Rudy
- Site Admin
- Příspěvky: 119411
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Otevřte Poznámkový blok a zkopírujte do něj:
Nezapomeňte vypnout antivir a firewall před spuštěním CF. V předchozím spuštění zůstaly zapnuty.
Uložte na plochu jako CFScript.txt. Pak jej mxší přetáhněte nad ikonu ComboFix a pusťte. Cf se spustí a vykoná příkazy ze skriptu.Collect::
c:\windows\system32\drivers\lqrukxd.sys
Driver::
lqrukxd
Nezapomeňte vypnout antivir a firewall před spuštěním CF. V předchozím spuštění zůstaly zapnuty.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?