čaute pls. help už včera som si všimol ked som zapol pc som mal výkon 470 čo obvykle mávam ked zapnem pc 200 ... dneska som ho zapol tak mi blbne ked chcem napríklad preniest ikonku do koša tak mi ju nezobere ked chcem preniest okno tiež nereaguje na prvý krát a aj divné vrčí pc
tu je log
Logfile of random's system information tool 1.08 (written by random/random)
Run by Branislav at 2010-07-14 09:53:27
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 19 GB (25%) free of 76 GB
Total RAM: 1535 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:53:37, on 14.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Branislav\My Documents\Stiahnute subory\RSIT.exe
C:\Program Files\trend micro\Branislav.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Branislav\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Branislav\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 7167 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\expressburnSevenDaysInit.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll [2005-04-14 327748]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\Branislav\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-14 150768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll [2005-04-14 327748]
{D5D47440-0750-463D-BAEF-A47D02414806}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"TWCU"=C:\Program Files\TP-LINK\TWCU\TWCU.exe [2005-08-09 413696]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2008-04-04 88584]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-01-16 37376]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-12-11 98304]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-02-27 155648]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Orb"=C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-04-01 507904]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-03 159744]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2010\Pes World Cup 2010.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2010\Pes World Cup 2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-07-14 08:51:40 ----SHD---- C:\Config.Msi
2010-07-14 08:40:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-06-29 15:53:43 ----D---- C:\Program Files\KONAMI
2010-06-29 15:53:43 ----D---- C:\Documents and Settings\All Users\Application Data\KONAMI
======List of files/folders modified in the last 1 months======
2010-07-14 09:53:34 ----D---- C:\WINDOWS\Temp
2010-07-14 09:53:34 ----D---- C:\Program Files\trend micro
2010-07-14 09:53:33 ----D---- C:\WINDOWS\Prefetch
2010-07-14 08:53:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-14 08:52:53 ----SHD---- C:\WINDOWS\Installer
2010-07-14 08:51:26 ----D---- C:\WINDOWS\system32
2010-07-14 08:47:59 ----A---- C:\WINDOWS\NeroDigital.ini
2010-07-14 08:43:17 ----D---- C:\WINDOWS
2010-07-14 08:41:20 ----HD---- C:\WINDOWS\inf
2010-07-14 08:41:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-14 08:40:43 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-14 08:40:40 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-14 08:38:33 ----D---- C:\WINDOWS\Debug
2010-07-12 11:31:16 ----D---- C:\Program Files\EA Sports
2010-07-11 20:16:11 ----D---- C:\Documents and Settings\Branislav\Application Data\vlc
2010-07-11 20:16:03 ----D---- C:\Documents and Settings\Branislav\Application Data\dvdcss
2010-07-11 09:03:33 ----D---- C:\WINDOWS\system32\DirectX
2010-07-11 09:03:16 ----RSD---- C:\WINDOWS\assembly
2010-07-10 20:06:08 ----A---- C:\WINDOWS\wincmd.ini
2010-07-10 12:26:19 ----D---- C:\WINDOWS\WinSxS
2010-07-09 18:28:07 ----D---- C:\Program Files
2010-07-08 18:23:24 ----D---- C:\WINDOWS\system32\config
2010-07-08 14:34:55 ----D---- C:\Program Files\Magic Video Converter
2010-07-08 09:45:14 ----D---- C:\Documents and Settings\Branislav\Application Data\Skype
2010-07-08 09:21:36 ----D---- C:\Documents and Settings\Branislav\Application Data\skypePM
2010-07-02 21:39:05 ----A---- C:\WINDOWS\system32\MRT.exe
2010-06-28 06:57:21 ----D---- C:\Program Files\Mozilla Firefox
2010-06-24 12:48:57 ----SD---- C:\Documents and Settings\Branislav\Application Data\Microsoft
2010-06-23 15:26:48 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-23 13:16:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-16 16:00:18 ----D---- C:\Documents and Settings\Branislav\Application Data\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-01-15 611064]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-11-16 55768]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-01-14 17801]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-11-16 135048]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-03 4605952]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-06-19 33096]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-03-08 47360]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2010-01-15 223128]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2008-01-25 19336]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2008-01-25 48904]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 AR5211;TP-LINK Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-06-25 463168]
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\BRANIS~1\LOCALS~1\Temp\XZZDF1.tmp []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-01-24 25280]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\k510bus.sys [2010-02-09 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2010-02-09 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2010-02-09 94064]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2008-01-25 28168]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2008-01-25 14728]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACS;TP-LINK Configuration Service; C:\WINDOWS\system32\acs.exe [2005-05-05 36864]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-03 602112]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2010-02-04 603904]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 vvdsvc;VJVodClientServices; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-20 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-02-04 360192]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
pls. pozrie sa na to niekto???
eset nič nenašiel a dnes som aj defragmentoval disk a cez ccleaner vyčistil registre
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
vírus
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: vírus
Hezké odpoledne 
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe - ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
Branno
Re: vírus
ahoj tu je ten log
ComboFix 10-07-13.08 - Branislav 14.07.2010 17:54:08.1.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1535.1152 [GMT 2:00]
Running from: c:\documents and settings\Branislav\My Documents\Stiahnute subory\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Branislav\Application Data\Microsoft\Internet Explorer\qiPSearchbar.dll
c:\documents and settings\Branislav\Recent\Thumbs.db
.
((((((((((((((((((((((((( Files Created from 2010-06-14 to 2010-07-14 )))))))))))))))))))))))))))))))
.
2010-07-14 06:10 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-29 13:53 . 2010-06-29 13:53 -------- d-----w- c:\program files\KONAMI
2010-06-29 13:53 . 2010-06-29 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-14 11:01 . 2010-01-15 10:07 -------- d-----w- c:\documents and settings\Branislav\Application Data\Skype
2010-07-14 10:53 . 2010-01-15 18:40 -------- d-----w- c:\documents and settings\Branislav\Application Data\skypePM
2010-07-14 07:53 . 2010-01-15 17:41 -------- d-----w- c:\program files\trend micro
2010-07-12 09:31 . 2010-01-15 08:55 -------- d-----w- c:\program files\EA Sports
2010-07-11 18:16 . 2010-01-15 07:42 -------- d-----w- c:\documents and settings\Branislav\Application Data\vlc
2010-07-11 18:16 . 2010-01-17 10:11 -------- d-----w- c:\documents and settings\Branislav\Application Data\dvdcss
2010-07-08 12:34 . 2010-03-08 14:07 -------- d-----w- c:\program files\Magic Video Converter
2010-06-14 14:31 . 2010-01-14 05:31 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-08 15:19 . 2010-01-26 18:16 -------- d-----w- c:\program files\Electronic Arts
2010-05-29 14:34 . 2010-05-29 14:34 -------- d-----w- c:\program files\Activision
2010-05-28 17:56 . 2010-02-06 07:59 788 ----a-w- c:\windows\eReg.dat
2010-05-09 10:52 . 2010-05-09 10:52 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-02 05:22 . 2006-02-28 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2006-02-28 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2005-08-09 413696]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-27 155648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\Pes World Cup 2010.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 10:03 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 10:04 735960]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\BRANIS~1\LOCALS~1\Temp\XZZDF1.tmp --> c:\docume~1\BRANIS~1\LOCALS~1\Temp\XZZDF1.tmp [?]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [9.2.2010 15:12 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [9.2.2010 15:12 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [9.2.2010 15:12 94064]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [23.4.2007 14:54 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [23.4.2007 14:54 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [23.4.2007 14:54 108680]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [15.1.2010 10:38 223128]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.1.2010 10:35 611064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-07-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
2010-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-05-03 c:\windows\Tasks\expressburnSevenDaysInit.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-05-03 13:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
FF - ProfilePath - c:\documents and settings\Branislav\Application Data\Mozilla\Firefox\Profiles\ygsygnad.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-14 17:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\BRANIS~1\LOCALS~1\Temp\XZZDF1.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2010-07-14 18:00:40
ComboFix-quarantined-files.txt 2010-07-14 16:00
Pre-Run: 31 909 588 992 bytes free
Post-Run: 14 adresárov, 32 054 497 280 voľných bajtov
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 67FB132569126BFAE806F1E21E9C2FCB
ComboFix 10-07-13.08 - Branislav 14.07.2010 17:54:08.1.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1535.1152 [GMT 2:00]
Running from: c:\documents and settings\Branislav\My Documents\Stiahnute subory\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Branislav\Application Data\Microsoft\Internet Explorer\qiPSearchbar.dll
c:\documents and settings\Branislav\Recent\Thumbs.db
.
((((((((((((((((((((((((( Files Created from 2010-06-14 to 2010-07-14 )))))))))))))))))))))))))))))))
.
2010-07-14 06:10 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-29 13:53 . 2010-06-29 13:53 -------- d-----w- c:\program files\KONAMI
2010-06-29 13:53 . 2010-06-29 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-14 11:01 . 2010-01-15 10:07 -------- d-----w- c:\documents and settings\Branislav\Application Data\Skype
2010-07-14 10:53 . 2010-01-15 18:40 -------- d-----w- c:\documents and settings\Branislav\Application Data\skypePM
2010-07-14 07:53 . 2010-01-15 17:41 -------- d-----w- c:\program files\trend micro
2010-07-12 09:31 . 2010-01-15 08:55 -------- d-----w- c:\program files\EA Sports
2010-07-11 18:16 . 2010-01-15 07:42 -------- d-----w- c:\documents and settings\Branislav\Application Data\vlc
2010-07-11 18:16 . 2010-01-17 10:11 -------- d-----w- c:\documents and settings\Branislav\Application Data\dvdcss
2010-07-08 12:34 . 2010-03-08 14:07 -------- d-----w- c:\program files\Magic Video Converter
2010-06-14 14:31 . 2010-01-14 05:31 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-08 15:19 . 2010-01-26 18:16 -------- d-----w- c:\program files\Electronic Arts
2010-05-29 14:34 . 2010-05-29 14:34 -------- d-----w- c:\program files\Activision
2010-05-28 17:56 . 2010-02-06 07:59 788 ----a-w- c:\windows\eReg.dat
2010-05-09 10:52 . 2010-05-09 10:52 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-02 05:22 . 2006-02-28 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2006-02-28 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2005-08-09 413696]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-27 155648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\Pes World Cup 2010.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 10:03 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 10:04 735960]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\BRANIS~1\LOCALS~1\Temp\XZZDF1.tmp --> c:\docume~1\BRANIS~1\LOCALS~1\Temp\XZZDF1.tmp [?]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [9.2.2010 15:12 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [9.2.2010 15:12 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [9.2.2010 15:12 94064]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [23.4.2007 14:54 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [23.4.2007 14:54 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [23.4.2007 14:54 108680]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [15.1.2010 10:38 223128]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.1.2010 10:35 611064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-07-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
2010-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-05-03 c:\windows\Tasks\expressburnSevenDaysInit.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-05-03 13:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
FF - ProfilePath - c:\documents and settings\Branislav\Application Data\Mozilla\Firefox\Profiles\ygsygnad.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-14 17:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\BRANIS~1\LOCALS~1\Temp\XZZDF1.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2010-07-14 18:00:40
ComboFix-quarantined-files.txt 2010-07-14 16:00
Pre-Run: 31 909 588 992 bytes free
Post-Run: 14 adresárov, 32 054 497 280 voľných bajtov
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 67FB132569126BFAE806F1E21E9C2FCB
Re: vírus
Garenu používáte?
Dejte soubor otestovat na http://www.virustotal.com
c:\windows\system32\dllcache\helpsvc.exe
-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače
Dejte soubor otestovat na http://www.virustotal.comc:\windows\system32\dllcache\helpsvc.exe
-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: vírus
Na virustotalu klikněte na procházet a celou cestu k tomu souboru nakopírujte do spodního okénka
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: vírus
Já Vás budu zase trápit, ale já potřebuju, aby se otestoval soubor z Vašeho počítače..tedy nechat otestovat znovu. Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
Branno
Re: vírus
File file-1225932__ received on 2010.07.14 10:05:51 (UTC)
Current status: finished
Result: 0/42 (0.00%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.14 -
AhnLab-V3 2010.07.14.01 2010.07.14 -
AntiVir 8.2.4.10 2010.07.14 -
Antiy-AVL 2.0.3.7 2010.07.14 -
Authentium 5.2.0.5 2010.07.14 -
Avast 4.8.1351.0 2010.07.13 -
Avast5 5.0.332.0 2010.07.13 -
AVG 9.0.0.836 2010.07.13 -
BitDefender 7.2 2010.07.14 -
CAT-QuickHeal 11.00 2010.07.14 -
ClamAV 0.96.0.3-git 2010.07.14 -
Comodo 5422 2010.07.14 -
DrWeb 5.0.2.03300 2010.07.14 -
eSafe 7.0.17.0 2010.07.11 -
eTrust-Vet 36.1.7704 2010.07.13 -
F-Prot 4.6.1.107 2010.07.14 -
F-Secure 9.0.15370.0 2010.07.14 -
Fortinet 4.1.143.0 2010.07.14 -
GData 21 2010.07.14 -
Ikarus T3.1.1.84.0 2010.07.14 -
Jiangmin 13.0.900 2010.07.14 -
Kaspersky 7.0.0.125 2010.07.14 -
McAfee 5.400.0.1158 2010.07.14 -
McAfee-GW-Edition 2010.1 2010.07.14 -
Microsoft 1.5902 2010.07.14 -
NOD32 5276 2010.07.13 -
Norman 6.05.11 2010.07.14 -
nProtect 2010-07-14.01 2010.07.14 -
Panda 10.0.2.7 2010.07.14 -
PCTools 7.0.3.5 2010.07.14 -
Prevx 3.0 2010.07.14 -
Rising 22.56.02.04 2010.07.14 -
Sophos 4.55.0 2010.07.14 -
Sunbelt 6579 2010.07.14 -
SUPERAntiSpyware 4.40.0.1006 2010.07.14 -
Symantec 20101.1.1.7 2010.07.14 -
TheHacker 6.5.2.1.313 2010.07.13 -
TrendMicro 9.120.0.1004 2010.07.14 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.14 -
VBA32 3.12.12.6 2010.07.13 -
ViRobot 2010.7.12.3932 2010.07.14 -
VirusBuster 5.0.27.0 2010.07.13 -
Additional information
File size: 744448 bytes
MD5 : e5517d0908ca75eef9633a93ff3f0408
SHA1 : f8f38dee458d4ed6d5f98830f2578a2bca517e89
SHA256: adbf3948908ab0c487d2b536e2f8e0c0803ef2bde109ac525677582549f7a7e2
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x26D11
timedatestamp.....: 0x4C163D2D (Mon Jun 14 16:31:09 2010)
machinetype.......: 0x14C (Intel I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x9F518 0x9F600 6.22 1c7916a80e692f507458adcb37282f6f
.data 0xA1000 0x5DD4 0x5A00 5.49 0e652c4fabca0c3fa8f0fa85b828edf5
.rsrc 0xA7000 0x10720 0x10800 4.81 ff52c1e7c1c0c3c9333fe987c5731b74
( 8 imports )
> advapi32.dll: SetSecurityDescriptorDacl, CryptAcquireContextW, CryptCreateHash, CryptHashData, CryptDeriveKey, CryptEncrypt, CryptDecrypt, CryptDestroyHash, CryptDestroyKey, CryptReleaseContext, ReportEventW, DeregisterEventSource, RegisterEventSourceW, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW, RegGetKeySecurity, GetFileSecurityW, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, GetSecurityDescriptorSacl, SetSecurityDescriptorSacl, LsaOpenPolicy, LsaAddAccountRights, LsaNtStatusToWinError, CryptVerifySignatureW, CryptImportKey, LogonUserW, CreateProcessAsUserW, DuplicateTokenEx, CreateServiceW, ChangeServiceConfig2W, ControlService, DeleteService, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerW, SetServiceStatus, OpenSCManagerW, OpenServiceW, CloseServiceHandle, RevertToSelf, LsaClose, RegSetKeySecurity, SetFileSecurityW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegOpenKeyExW, RegSetValueExW, RegQueryInfoKeyW, RegEnumValueW, RegEnumKeyExW, InitializeAcl, InitializeSecurityDescriptor, MakeAbsoluteSD, RegQueryValueExW, IsValidSecurityDescriptor, MakeSelfRelativeSD, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, AddAccessDeniedAce, GetAce, AddAccessAllowedAce, GetLengthSid, GetAclInformation, IsValidAcl, GetSecurityDescriptorDacl, DeleteAce, EqualSid, LookupAccountNameW, FreeSid, AllocateAndInitializeSid, RegConnectRegistryW, RegEnumKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, AddAce, ConvertSecurityDescriptorToStringSecurityDescriptorW, GetSecurityDescriptorControl, SetSecurityDescriptorControl, SetThreadToken, AccessCheck, MapGenericMask, CopySid, GetTokenInformation, OpenThreadToken, ConvertStringSidToSidW, LookupAccountSidW, AddAccessAllowedAceEx, AddAccessDeniedAceEx, AddAuditAccessAceEx, AddAccessAllowedObjectAce, AddAccessDeniedObjectAce, AddAuditAccessObjectAce
> kernel32.dll: CreateFileMappingW, OpenFileMappingW, MapViewOfFile, lstrcpyW, lstrcatW, GetProcAddress, CreateThread, FindCloseChangeNotification, FindFirstChangeNotificationW, FindNextChangeNotification, GetLocaleInfoW, IsDBCSLeadByte, CompareStringA, SetThreadPriority, FormatMessageW, GetWindowsDirectoryW, LocalAlloc, LoadLibraryA, RaiseException, ResetEvent, MoveFileW, ReleaseMutex, FlushViewOfFile, UnmapViewOfFile, OpenMutexW, SetLastError, lstrcmpiA, MultiByteToWideChar, lstrlenW, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, lstrcmpiW, lstrcpynW, HeapDestroy, InterlockedIncrement, InterlockedDecrement, FreeLibrary, lstrlenA, SizeofResource, LoadResource, FindResourceW, GetLastError, LoadLibraryExW, GetShortPathNameW, GetModuleFileNameW, GetVersionExW, GetCommandLineW, GetPrivateProfileStringW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InterlockedExchange, Sleep, LoadLibraryW, WaitForMultipleObjects, SetEvent, CloseHandle, CreateEventW, WaitForSingleObject, GetCurrentThread, SetEnvironmentVariableW, GetTempPathW, GetEnvironmentVariableW, CopyFileW, SetFileAttributesW, DeleteFileW, MoveFileExW, GetFileAttributesExW, CreateDirectoryW, FindClose, FindNextFileW, FindFirstFileW, RemoveDirectoryW, CreateFileW, CompareFileTime, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, GetSystemTime, GetLocalTime, OpenProcess, GlobalMemoryStatusEx, GetSystemDirectoryW, GlobalUnlock, GlobalLock, GlobalSize, GlobalAlloc, FileTimeToSystemTime, GetUserDefaultLCID, GetTimeZoneInformation, GetCurrentDirectoryW, GetFullPathNameW, ExpandEnvironmentStringsW, GetDiskFreeSpaceW, GetTempFileNameW, WideCharToMultiByte, LocalFree, DuplicateHandle, WriteFile, SetFilePointer, ReadFile, GetFileInformationByHandle, GlobalFree, GetModuleHandleA, GetStartupInfoW, GetFileAttributesA, FileTimeToDosDateTime, FileTimeToLocalFileTime, CreateFileA, HeapAlloc, HeapReAlloc, GetThreadPriority, IsDBCSLeadByteEx, GetSystemDefaultLangID, GetLocaleInfoA, GetACP, HeapFree, GetProcessHeap, CreateMutexW
> msvcrt.dll: memmove, _strnicoll, iswcntrl, _controlfp, _onexit, _errno, remove, _open, _read, _write, _close, _lseek, _tempnam, __dllonexit, __1type_info@@UAE@XZ, _terminate@@YAXXZ, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __wgetmainargs, _wcmdln, exit, _cexit, _XcptFilter, _exit, _c_exit, wcschr, wcsncpy, _wcsnicmp, wcsrchr, _wtoi, _stricmp, _wcsdup, memchr, wcscat, wcscpy, iswspace, _ftol, _beginthreadex, _vsnwprintf, _CxxThrowException, wcscmp, swscanf, swprintf, _purecall, _wcsicmp, wcslen, realloc, free, malloc, __CxxFrameHandler, __doserrno
> ntdll.dll: wcsncmp, sprintf, strrchr, tolower, strchr, _wtol, _itow, _ltow, wcsstr, _snwprintf, towlower, strtoul, wcstoul, NtQueryInformationProcess, strncpy
> ole32.dll: CLSIDFromString, CoSuspendClassObjects, CoRegisterClassObject, StringFromCLSID, CoSetProxyBlanket, GetHGlobalFromStream, StgOpenStorageEx, StgCreateStorageEx, CoGetCallContext, CreateStreamOnHGlobal, CoCreateGuid, StringFromGUID2, CoCreateInstanceEx, CoInitializeEx, CoInitializeSecurity, CoUninitialize, CoTaskMemRealloc, CoTaskMemAlloc, CoTaskMemFree, CoCreateInstance, CoRevokeClassObject
> oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> rpcrt4.dll: I_RpcBindingInqLocalClientPID
> user32.dll: CharUpperBuffW, CharUpperW, CharNextA, GetSystemMetrics, GetMessageW, DispatchMessageW, MsgWaitForMultipleObjects, LoadStringW, CharNextW, PostThreadMessageW, TranslateMessage, PeekMessageW
( 0 exports )
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
Symantec reputation: Suspicious.Insight http://www.symantec.com/security_respon ... 23-0550-99
ssdeep: 12288:45JGtd310QtVgo9bD1Hm/uylJbUWdV55cMFMgNo4UwT9jCYNcTu3FpQp/4jXsbJm:4Kz0QtVgo9bD1Hm/uylJbnz55cMFMgUJ
sigcheck: publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Microsoft Help Center Service
original name: HELPSVC.EXE
internal name: HELPSVC.EXE
file version.: 5.1.2600.5997 (xpsp_sp3_gdr.100614-1759)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
RDS : NSRL Reference Data Set
-
Current status: finished
Result: 0/42 (0.00%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.14 -
AhnLab-V3 2010.07.14.01 2010.07.14 -
AntiVir 8.2.4.10 2010.07.14 -
Antiy-AVL 2.0.3.7 2010.07.14 -
Authentium 5.2.0.5 2010.07.14 -
Avast 4.8.1351.0 2010.07.13 -
Avast5 5.0.332.0 2010.07.13 -
AVG 9.0.0.836 2010.07.13 -
BitDefender 7.2 2010.07.14 -
CAT-QuickHeal 11.00 2010.07.14 -
ClamAV 0.96.0.3-git 2010.07.14 -
Comodo 5422 2010.07.14 -
DrWeb 5.0.2.03300 2010.07.14 -
eSafe 7.0.17.0 2010.07.11 -
eTrust-Vet 36.1.7704 2010.07.13 -
F-Prot 4.6.1.107 2010.07.14 -
F-Secure 9.0.15370.0 2010.07.14 -
Fortinet 4.1.143.0 2010.07.14 -
GData 21 2010.07.14 -
Ikarus T3.1.1.84.0 2010.07.14 -
Jiangmin 13.0.900 2010.07.14 -
Kaspersky 7.0.0.125 2010.07.14 -
McAfee 5.400.0.1158 2010.07.14 -
McAfee-GW-Edition 2010.1 2010.07.14 -
Microsoft 1.5902 2010.07.14 -
NOD32 5276 2010.07.13 -
Norman 6.05.11 2010.07.14 -
nProtect 2010-07-14.01 2010.07.14 -
Panda 10.0.2.7 2010.07.14 -
PCTools 7.0.3.5 2010.07.14 -
Prevx 3.0 2010.07.14 -
Rising 22.56.02.04 2010.07.14 -
Sophos 4.55.0 2010.07.14 -
Sunbelt 6579 2010.07.14 -
SUPERAntiSpyware 4.40.0.1006 2010.07.14 -
Symantec 20101.1.1.7 2010.07.14 -
TheHacker 6.5.2.1.313 2010.07.13 -
TrendMicro 9.120.0.1004 2010.07.14 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.14 -
VBA32 3.12.12.6 2010.07.13 -
ViRobot 2010.7.12.3932 2010.07.14 -
VirusBuster 5.0.27.0 2010.07.13 -
Additional information
File size: 744448 bytes
MD5 : e5517d0908ca75eef9633a93ff3f0408
SHA1 : f8f38dee458d4ed6d5f98830f2578a2bca517e89
SHA256: adbf3948908ab0c487d2b536e2f8e0c0803ef2bde109ac525677582549f7a7e2
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x26D11
timedatestamp.....: 0x4C163D2D (Mon Jun 14 16:31:09 2010)
machinetype.......: 0x14C (Intel I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x9F518 0x9F600 6.22 1c7916a80e692f507458adcb37282f6f
.data 0xA1000 0x5DD4 0x5A00 5.49 0e652c4fabca0c3fa8f0fa85b828edf5
.rsrc 0xA7000 0x10720 0x10800 4.81 ff52c1e7c1c0c3c9333fe987c5731b74
( 8 imports )
> advapi32.dll: SetSecurityDescriptorDacl, CryptAcquireContextW, CryptCreateHash, CryptHashData, CryptDeriveKey, CryptEncrypt, CryptDecrypt, CryptDestroyHash, CryptDestroyKey, CryptReleaseContext, ReportEventW, DeregisterEventSource, RegisterEventSourceW, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW, RegGetKeySecurity, GetFileSecurityW, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, GetSecurityDescriptorSacl, SetSecurityDescriptorSacl, LsaOpenPolicy, LsaAddAccountRights, LsaNtStatusToWinError, CryptVerifySignatureW, CryptImportKey, LogonUserW, CreateProcessAsUserW, DuplicateTokenEx, CreateServiceW, ChangeServiceConfig2W, ControlService, DeleteService, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerW, SetServiceStatus, OpenSCManagerW, OpenServiceW, CloseServiceHandle, RevertToSelf, LsaClose, RegSetKeySecurity, SetFileSecurityW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegOpenKeyExW, RegSetValueExW, RegQueryInfoKeyW, RegEnumValueW, RegEnumKeyExW, InitializeAcl, InitializeSecurityDescriptor, MakeAbsoluteSD, RegQueryValueExW, IsValidSecurityDescriptor, MakeSelfRelativeSD, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, AddAccessDeniedAce, GetAce, AddAccessAllowedAce, GetLengthSid, GetAclInformation, IsValidAcl, GetSecurityDescriptorDacl, DeleteAce, EqualSid, LookupAccountNameW, FreeSid, AllocateAndInitializeSid, RegConnectRegistryW, RegEnumKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, AddAce, ConvertSecurityDescriptorToStringSecurityDescriptorW, GetSecurityDescriptorControl, SetSecurityDescriptorControl, SetThreadToken, AccessCheck, MapGenericMask, CopySid, GetTokenInformation, OpenThreadToken, ConvertStringSidToSidW, LookupAccountSidW, AddAccessAllowedAceEx, AddAccessDeniedAceEx, AddAuditAccessAceEx, AddAccessAllowedObjectAce, AddAccessDeniedObjectAce, AddAuditAccessObjectAce
> kernel32.dll: CreateFileMappingW, OpenFileMappingW, MapViewOfFile, lstrcpyW, lstrcatW, GetProcAddress, CreateThread, FindCloseChangeNotification, FindFirstChangeNotificationW, FindNextChangeNotification, GetLocaleInfoW, IsDBCSLeadByte, CompareStringA, SetThreadPriority, FormatMessageW, GetWindowsDirectoryW, LocalAlloc, LoadLibraryA, RaiseException, ResetEvent, MoveFileW, ReleaseMutex, FlushViewOfFile, UnmapViewOfFile, OpenMutexW, SetLastError, lstrcmpiA, MultiByteToWideChar, lstrlenW, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, lstrcmpiW, lstrcpynW, HeapDestroy, InterlockedIncrement, InterlockedDecrement, FreeLibrary, lstrlenA, SizeofResource, LoadResource, FindResourceW, GetLastError, LoadLibraryExW, GetShortPathNameW, GetModuleFileNameW, GetVersionExW, GetCommandLineW, GetPrivateProfileStringW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InterlockedExchange, Sleep, LoadLibraryW, WaitForMultipleObjects, SetEvent, CloseHandle, CreateEventW, WaitForSingleObject, GetCurrentThread, SetEnvironmentVariableW, GetTempPathW, GetEnvironmentVariableW, CopyFileW, SetFileAttributesW, DeleteFileW, MoveFileExW, GetFileAttributesExW, CreateDirectoryW, FindClose, FindNextFileW, FindFirstFileW, RemoveDirectoryW, CreateFileW, CompareFileTime, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, GetSystemTime, GetLocalTime, OpenProcess, GlobalMemoryStatusEx, GetSystemDirectoryW, GlobalUnlock, GlobalLock, GlobalSize, GlobalAlloc, FileTimeToSystemTime, GetUserDefaultLCID, GetTimeZoneInformation, GetCurrentDirectoryW, GetFullPathNameW, ExpandEnvironmentStringsW, GetDiskFreeSpaceW, GetTempFileNameW, WideCharToMultiByte, LocalFree, DuplicateHandle, WriteFile, SetFilePointer, ReadFile, GetFileInformationByHandle, GlobalFree, GetModuleHandleA, GetStartupInfoW, GetFileAttributesA, FileTimeToDosDateTime, FileTimeToLocalFileTime, CreateFileA, HeapAlloc, HeapReAlloc, GetThreadPriority, IsDBCSLeadByteEx, GetSystemDefaultLangID, GetLocaleInfoA, GetACP, HeapFree, GetProcessHeap, CreateMutexW
> msvcrt.dll: memmove, _strnicoll, iswcntrl, _controlfp, _onexit, _errno, remove, _open, _read, _write, _close, _lseek, _tempnam, __dllonexit, __1type_info@@UAE@XZ, _terminate@@YAXXZ, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __wgetmainargs, _wcmdln, exit, _cexit, _XcptFilter, _exit, _c_exit, wcschr, wcsncpy, _wcsnicmp, wcsrchr, _wtoi, _stricmp, _wcsdup, memchr, wcscat, wcscpy, iswspace, _ftol, _beginthreadex, _vsnwprintf, _CxxThrowException, wcscmp, swscanf, swprintf, _purecall, _wcsicmp, wcslen, realloc, free, malloc, __CxxFrameHandler, __doserrno
> ntdll.dll: wcsncmp, sprintf, strrchr, tolower, strchr, _wtol, _itow, _ltow, wcsstr, _snwprintf, towlower, strtoul, wcstoul, NtQueryInformationProcess, strncpy
> ole32.dll: CLSIDFromString, CoSuspendClassObjects, CoRegisterClassObject, StringFromCLSID, CoSetProxyBlanket, GetHGlobalFromStream, StgOpenStorageEx, StgCreateStorageEx, CoGetCallContext, CreateStreamOnHGlobal, CoCreateGuid, StringFromGUID2, CoCreateInstanceEx, CoInitializeEx, CoInitializeSecurity, CoUninitialize, CoTaskMemRealloc, CoTaskMemAlloc, CoTaskMemFree, CoCreateInstance, CoRevokeClassObject
> oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> rpcrt4.dll: I_RpcBindingInqLocalClientPID
> user32.dll: CharUpperBuffW, CharUpperW, CharNextA, GetSystemMetrics, GetMessageW, DispatchMessageW, MsgWaitForMultipleObjects, LoadStringW, CharNextW, PostThreadMessageW, TranslateMessage, PeekMessageW
( 0 exports )
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
Symantec reputation: Suspicious.Insight http://www.symantec.com/security_respon ... 23-0550-99
ssdeep: 12288:45JGtd310QtVgo9bD1Hm/uylJbUWdV55cMFMgNo4UwT9jCYNcTu3FpQp/4jXsbJm:4Kz0QtVgo9bD1Hm/uylJbnz55cMFMgUJ
sigcheck: publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Microsoft Help Center Service
original name: HELPSVC.EXE
internal name: HELPSVC.EXE
file version.: 5.1.2600.5997 (xpsp_sp3_gdr.100614-1759)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
RDS : NSRL Reference Data Set
-
Re: vírus
Pokud nemáte, přesuňte Combofix na plochu-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
Driver::
GarenaPEngine
File::
c:\docume~1\BRANIS~1\LOCALS~1\Temp\XZZDF1.tmp
DDS::
uStart Page = hxxp://www.yahoo.com
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
Firefox::
FF - ProfilePath - c:\documents and settings\Branislav\Application Data\Mozilla\Firefox\Profiles\ygsygnad.default\
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
Branno
Re: vírus
ComboFix 10-07-13.08 - Branislav 15.07.2010 16:06:10.2.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1535.1147 [GMT 2:00]
Running from: c:\documents and settings\Branislav\My Documents\Stiahnute subory\ComboFix.exe
Command switches used :: c:\documents and settings\Branislav\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
FILE ::
"c:\docume~1\BRANIS~1\LOCALS~1\Temp\XZZDF1.tmp"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GARENAPENGINE
-------\Service_GarenaPEngine
((((((((((((((((((((((((( Files Created from 2010-06-15 to 2010-07-15 )))))))))))))))))))))))))))))))
.
2010-07-14 06:10 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-29 13:53 . 2010-06-29 13:53 -------- d-----w- c:\program files\KONAMI
2010-06-29 13:53 . 2010-06-29 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 07:21 . 2010-03-08 14:07 -------- d-----w- c:\program files\Magic Video Converter
2010-07-14 11:01 . 2010-01-15 10:07 -------- d-----w- c:\documents and settings\Branislav\Application Data\Skype
2010-07-14 10:53 . 2010-01-15 18:40 -------- d-----w- c:\documents and settings\Branislav\Application Data\skypePM
2010-07-14 07:53 . 2010-01-15 17:41 -------- d-----w- c:\program files\trend micro
2010-07-12 09:31 . 2010-01-15 08:55 -------- d-----w- c:\program files\EA Sports
2010-07-11 18:16 . 2010-01-15 07:42 -------- d-----w- c:\documents and settings\Branislav\Application Data\vlc
2010-07-11 18:16 . 2010-01-17 10:11 -------- d-----w- c:\documents and settings\Branislav\Application Data\dvdcss
2010-06-14 14:31 . 2010-01-14 05:31 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-08 15:19 . 2010-01-26 18:16 -------- d-----w- c:\program files\Electronic Arts
2010-05-29 14:34 . 2010-05-29 14:34 -------- d-----w- c:\program files\Activision
2010-05-28 17:56 . 2010-02-06 07:59 788 ----a-w- c:\windows\eReg.dat
2010-05-09 10:52 . 2010-05-09 10:52 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-02 05:22 . 2006-02-28 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2006-02-28 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2005-08-09 413696]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-27 155648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\Pes World Cup 2010.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 10:03 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 10:04 735960]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [9.2.2010 15:12 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [9.2.2010 15:12 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [9.2.2010 15:12 94064]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [23.4.2007 14:54 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [23.4.2007 14:54 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [23.4.2007 14:54 108680]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [15.1.2010 10:38 223128]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.1.2010 10:35 611064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-07-15 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
2010-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-05-03 c:\windows\Tasks\expressburnSevenDaysInit.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-05-03 13:42]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
FF - ProfilePath - c:\documents and settings\Branislav\Application Data\Mozilla\Firefox\Profiles\ygsygnad.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-15 16:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\acs.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\wdfmgr.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2010-07-15 16:19:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-15 14:19
ComboFix2.txt 2010-07-14 16:00
Pre-Run: 31 768 662 016 bytes free
Post-Run: 14 adresárov, 31 684 014 080 voľných bajtov
- - End Of File - - AA6BCB7277ABAE30BFB30E63074DA44F
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1535.1147 [GMT 2:00]
Running from: c:\documents and settings\Branislav\My Documents\Stiahnute subory\ComboFix.exe
Command switches used :: c:\documents and settings\Branislav\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
FILE ::
"c:\docume~1\BRANIS~1\LOCALS~1\Temp\XZZDF1.tmp"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GARENAPENGINE
-------\Service_GarenaPEngine
((((((((((((((((((((((((( Files Created from 2010-06-15 to 2010-07-15 )))))))))))))))))))))))))))))))
.
2010-07-14 06:10 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-29 13:53 . 2010-06-29 13:53 -------- d-----w- c:\program files\KONAMI
2010-06-29 13:53 . 2010-06-29 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 07:21 . 2010-03-08 14:07 -------- d-----w- c:\program files\Magic Video Converter
2010-07-14 11:01 . 2010-01-15 10:07 -------- d-----w- c:\documents and settings\Branislav\Application Data\Skype
2010-07-14 10:53 . 2010-01-15 18:40 -------- d-----w- c:\documents and settings\Branislav\Application Data\skypePM
2010-07-14 07:53 . 2010-01-15 17:41 -------- d-----w- c:\program files\trend micro
2010-07-12 09:31 . 2010-01-15 08:55 -------- d-----w- c:\program files\EA Sports
2010-07-11 18:16 . 2010-01-15 07:42 -------- d-----w- c:\documents and settings\Branislav\Application Data\vlc
2010-07-11 18:16 . 2010-01-17 10:11 -------- d-----w- c:\documents and settings\Branislav\Application Data\dvdcss
2010-06-14 14:31 . 2010-01-14 05:31 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-08 15:19 . 2010-01-26 18:16 -------- d-----w- c:\program files\Electronic Arts
2010-05-29 14:34 . 2010-05-29 14:34 -------- d-----w- c:\program files\Activision
2010-05-28 17:56 . 2010-02-06 07:59 788 ----a-w- c:\windows\eReg.dat
2010-05-09 10:52 . 2010-05-09 10:52 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-02 05:22 . 2006-02-28 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2006-02-28 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2005-08-09 413696]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-27 155648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\Pes World Cup 2010.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 10:03 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 10:04 735960]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [9.2.2010 15:12 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [9.2.2010 15:12 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [9.2.2010 15:12 94064]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [23.4.2007 14:54 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [23.4.2007 14:54 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [23.4.2007 14:54 108680]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [15.1.2010 10:38 223128]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.1.2010 10:35 611064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-07-15 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
2010-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-05-03 c:\windows\Tasks\expressburnSevenDaysInit.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-05-03 13:42]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
FF - ProfilePath - c:\documents and settings\Branislav\Application Data\Mozilla\Firefox\Profiles\ygsygnad.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-15 16:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\acs.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\wdfmgr.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2010-07-15 16:19:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-15 14:19
ComboFix2.txt 2010-07-14 16:00
Pre-Run: 31 768 662 016 bytes free
Post-Run: 14 adresárov, 31 684 014 080 voľných bajtov
- - End Of File - - AA6BCB7277ABAE30BFB30E63074DA44F
Re: vírus
Jak to teď vypadá s počítačem?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: vírus
Můžete mi prosím vysvětlit, jak to s tím výkonem myslíte?
Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Stahněte MBAM z mého podpisu-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
Branno
Re: vírus
ked dám správca úloh/výkon tak mávam väčšinou 500 aj to ked nič nerobím nemám nič spustené predtým som mával vždy 200 ...Můžete mi prosím vysvětlit, jak to s tím výkonem myslíte?
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verzia databázy: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
18.7.2010 11:14:38
mbam-log-2010-07-18 (11-14-38).txt
Typ kontroly: Úplná kontrola (C:\|)
Objektov kontrolovaných: 206442
Uplynulý čas: 1 hod, 26 min, 56 sek
Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 0
Infikované služby pamäte:
(Škodlivé položky neboli zistené)
Infikované moduly pamäte:
(Škodlivé položky neboli zistené)
Infikované registračné kľúče:
(Škodlivé položky neboli zistené)
Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)
Infikované položky registračných dát:
(Škodlivé položky neboli zistené)
Infikované priečinky:
(Škodlivé položky neboli zistené)
Infikované súbory:
(Škodlivé položky neboli zistené)
Přispějete na provoz fóra?