Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
pravděpodobně neznámý TSR.BOOT virus
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
riffman
- VIP
- Příspěvky: 3203
- Registrován: 20 říj 2004 07:00
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: pravděpodobně neznámý TSR.BOOT virus
nemate zac
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Re: pravděpodobně neznámý TSR.BOOT virus
ahoj, možem poprosiť o pomoc s odstránením víru? vďaka
ComboFix 10-10-07.02 - Oto . 10. 2010 18:22:06.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1919.1239 [GMT 2:00]
Running from: c:\documents and settings\Oto\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Oto\Application Data\inst.exe
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF130728
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF130739
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF130750
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF130760
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF150495
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF163982
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF471598
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF471609
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF471620
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF471631
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF484257
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF484268
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF484279
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF484290
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF493331
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF493342
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF493353
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF493364
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT130732
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT130743
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT130754
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT130765
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT150500
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT163987
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT471603
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT471614
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT471625
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT471635
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT484262
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT484273
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT484284
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT484295
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT493335
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT493346
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT493357
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT493368
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\wtran32.INI
c:\program files\Buderus_Heiztechnik\Ersatzteilkatalog\_install.exe
c:\program files\winwin
c:\program files\winwin\hondawin.swf
c:\program files\winwin\install.swf
c:\program files\winwin\uninst.exe
E:\AUTORUN.INF
.
((((((((((((((((((((((((( Files Created from 2010-09-08 to 2010-10-08 )))))))))))))))))))))))))))))))
.
2010-09-24 06:04 . 2010-04-14 16:39 827488 ----a-w- c:\documents and settings\All Users\Application Data\Tenda Driver\Tenda Wireless LAN Card\Driver\rt2870.sys
2010-09-24 06:04 . 2010-04-14 17:31 238944 ----a-w- c:\documents and settings\All Users\Application Data\Tenda Driver\Tenda Wireless LAN Card\Driver\RaCoInst.dll
2010-09-24 06:04 . 2010-09-24 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Tenda Driver
2010-09-24 06:04 . 2009-12-10 09:15 533792 ----a-w- c:\documents and settings\All Users\Application Data\Tenda Driver\Tenda Wireless LAN Card\Driver\RaInst.exe
2010-09-24 06:04 . 2009-12-10 09:15 323648 ----a-w- c:\documents and settings\All Users\Application Data\Tenda Driver\Tenda Wireless LAN Card\Driver\difxapi7.dll
2010-09-24 06:04 . 2009-12-10 09:15 319456 ----a-w- c:\documents and settings\All Users\Application Data\Tenda Driver\Tenda Wireless LAN Card\Driver\difxapi.dll
2010-09-24 06:04 . 2009-12-10 09:15 197920 ----a-w- c:\documents and settings\All Users\Application Data\Tenda Driver\Tenda Wireless LAN Card\Driver\CoInstaller.dll
2010-09-24 05:47 . 2010-04-14 17:31 238944 ----a-w- c:\windows\system32\RaCoInst.dll
2010-09-24 05:47 . 2010-04-14 16:39 827488 ----a-w- c:\windows\system32\drivers\rt2870.sys
2010-09-24 05:47 . 2010-04-14 16:29 13931 ----a-w- c:\windows\system32\RaCoInst.dat
2010-09-24 05:46 . 2010-09-24 05:46 -------- d-----w- c:\program files\Tenda
2010-09-21 18:37 . 2010-09-21 18:37 932288 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\21684\AdobeARM.exe
2010-09-21 18:37 . 2010-09-21 18:37 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\21684\AdobeExtractFiles.dll
2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\21684\ReaderUpdater.exe
2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\21684\AcrobatUpdater.exe
2010-09-20 21:12 . 2010-09-20 21:12 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-20 21:12 . 2010-09-20 21:12 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-09-20 21:12 . 2010-09-20 21:12 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-08 16:27 . 2007-01-06 07:21 -------- d-----w- c:\documents and settings\Oto\Application Data\Skype
2010-10-08 16:04 . 2008-06-10 20:32 -------- d-----w- c:\documents and settings\Oto\Application Data\ICQ
2010-10-08 16:03 . 2008-12-23 11:23 -------- d-----w- c:\documents and settings\Oto\Application Data\Vso
2010-10-08 16:02 . 2007-03-06 22:23 -------- d-----w- c:\program files\Spamihilator
2010-09-24 06:04 . 2006-12-21 15:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-24 05:47 . 2010-09-07 17:11 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-09-20 21:13 . 2010-05-06 09:42 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-20 21:12 . 2010-04-22 14:32 -------- d-----w- c:\program files\DivX
2010-09-20 21:12 . 2010-04-22 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-09-20 21:12 . 2010-09-01 20:47 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll
2010-09-20 21:11 . 2010-09-01 20:45 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-20 21:11 . 2010-04-22 14:42 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-09-20 21:11 . 2010-04-22 14:42 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-09-10 23:55 . 2009-11-03 20:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-07 17:11 . 2010-09-07 17:11 -------- d-----w- c:\program files\Belkin
2010-09-07 17:11 . 2010-09-07 17:11 -------- d-----w- c:\documents and settings\Oto\Application Data\InstallShield
2010-09-01 20:47 . 2010-09-01 20:47 57691 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-09-01 20:46 . 2010-09-01 20:46 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-08-26 21:36 . 2007-03-06 22:02 -------- d-----w- c:\program files\Common Files\Java
2010-08-26 21:35 . 2007-03-06 22:05 -------- d-----w- c:\program files\Java
2010-08-25 20:59 . 2010-06-22 17:14 -------- d-----w- c:\program files\ICQ7.0
2010-08-11 15:09 . 2010-08-11 07:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-08-11 15:09 . 2010-08-11 15:06 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-11 07:41 . 2010-08-11 07:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-08-11 07:41 . 2010-08-11 07:41 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-08-08 18:42 . 2010-08-08 18:42 503808 ----a-w- c:\documents and settings\Oto\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3e1244ec-n\msvcp71.dll
2010-08-08 18:42 . 2010-08-08 18:42 499712 ----a-w- c:\documents and settings\Oto\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3e1244ec-n\jmc.dll
2010-08-08 18:42 . 2010-08-08 18:42 348160 ----a-w- c:\documents and settings\Oto\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3e1244ec-n\msvcr71.dll
2010-08-08 18:42 . 2010-08-08 18:42 61440 ----a-w- c:\documents and settings\Oto\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-20c7d54d-n\decora-sse.dll
2010-08-08 18:42 . 2010-08-08 18:42 12800 ----a-w- c:\documents and settings\Oto\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-20c7d54d-n\decora-d3d.dll
2010-07-31 06:26 . 2010-07-31 06:26 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-07-31 06:26 . 2010-07-31 06:26 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-07-31 06:26 . 2010-07-31 06:26 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-30 04:33 . 2010-07-30 04:33 503808 ----a-w- c:\documents and settings\Oto\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-398a5586-n\msvcp71.dll
2010-07-30 04:33 . 2010-07-30 04:33 499712 ----a-w- c:\documents and settings\Oto\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-398a5586-n\jmc.dll
2010-07-30 04:33 . 2010-07-30 04:33 348160 ----a-w- c:\documents and settings\Oto\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-398a5586-n\msvcr71.dll
2010-07-30 04:33 . 2010-07-30 04:33 61440 ----a-w- c:\documents and settings\Oto\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-351b9221-n\decora-sse.dll
2010-07-30 04:33 . 2010-07-30 04:33 12800 ----a-w- c:\documents and settings\Oto\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-351b9221-n\decora-d3d.dll
2010-07-17 03:00 . 2010-05-20 09:32 423656 ----a-w- c:\windows\system32\deployJava1.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2007-01-24 619008]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-02-23 106496]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-03-02 552960]
"4500w Scan2PC"="c:\windows\Twain_32\Samsung\SCX4500W\Scan2pc.exe" [2009-03-06 503808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
W311U.lnk - c:\program files\Tenda\W311U\UI.exe [2010-9-24 2125824]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Oto^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\Oto\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2006-03-08 20:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F5D7050v3]
2007-10-30 20:37 1654784 ----a-w- c:\program files\Belkin\F5D7050v3\Belkinwcui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-08-22 11:02 133432 ----a-w- c:\program files\ICQ7.0\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 12:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 02:01 32768 ----a-w- c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-05-04 07:59 16206848 ------r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-01-20 04:34 544768 ----a-w- c:\windows\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Caplio Software\\RGateLXP.exe"=
"c:\\Program Files\\DSC Software\\DL10XP.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\SCX4500W\\Scan2Pc.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\SCX4500W\\Sscan2io.exe"=
"e:\\Paja nemina\\Counter-Strikec\\hl.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9. 4. 2009 16:18 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9. 4. 2009 16:19 731840]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [14. 1. 2009 23:55 246520]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [21. 12. 2006 17:22 1056512]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [21. 12. 2006 17:23 8064]
S2 gupdate1c9861ff631b52;Google Update Service (gupdate1c9861ff631b52);c:\program files\Google\Update\GoogleUpdate.exe [3. 2. 2009 18:47 133104]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [14. 12. 2007 17:41 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [14. 12. 2007 17:41 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [14. 12. 2007 17:41 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [14. 12. 2007 17:42 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [14. 12. 2007 17:42 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [14. 12. 2007 17:41 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [14. 12. 2007 17:42 90800]
.
Contents of the 'Scheduled Tasks' folder
2010-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 16:46]
2010-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 16:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://uk.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
TCP: {350BC7BC-9E3A-4F27-BDCE-0270F2EE7FE2} = 192.168.1.1
TCP: {531D6A59-E517-4C60-9537-2FC0D4E171B9} = 192.168.1.1
TCP: {5CC6F604-F52C-4DDE-A803-7C006DFADDCF} = 192.168.1.1
TCP: {8F6650E5-3842-4D52-93DE-EB31CA7A1D3E} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Oto\Application Data\Mozilla\Firefox\Profiles\668ujda3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.pravda.sk/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\documents and settings\Oto\Application Data\Facebook\npfbplugin_1_0_0.dll
FF - plugin: c:\documents and settings\Oto\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe
MSConfigStartUp-ICQ Lite - c:\program files\ICQLite\ICQLite.exe
MSConfigStartUp-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
AddRemove-DamageCopier 3.1 - c:\program files\Evolution Labs\DamageCopier 3.1\Uninstal.exe
AddRemove-MegauploadToolbar - c:\program files\MegauploadToolbar\uninstall.exe
AddRemove-PopCap Browser Plugin - c:\program files\PopCap Games\PopCap Browser Plugin\Uninstall.exe
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1409082233-839522115-293330755-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D90CF015-4C1C-0498-33EF-F71A6F28FB20}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1304)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-10-08 18:28:51
ComboFix-quarantined-files.txt 2010-10-08 16:28
Pre-Run: 2 082 799 616 bytes free
Post-Run: 4 159 279 104 bytes free
- - End Of File - - 7F2EEFA74C45CF110284ACA5E62EB829
ComboFix 10-10-07.02 - Oto . 10. 2010 18:22:06.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1919.1239 [GMT 2:00]
Running from: c:\documents and settings\Oto\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Oto\Application Data\inst.exe
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF130728
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF130739
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF130750
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF130760
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF150495
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF163982
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF471598
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF471609
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF471620
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF471631
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF484257
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF484268
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF484279
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF484290
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF493331
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF493342
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF493353
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RF493364
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT130732
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT130743
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT130754
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT130765
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT150500
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT163987
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT471603
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT471614
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT471625
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT471635
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT484262
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT484273
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT484284
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT484295
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT493335
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT493346
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT493357
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\RT493368
c:\documents and settings\Oto\Local Settings\Temporary Internet Files\wtran32.INI
c:\program files\Buderus_Heiztechnik\Ersatzteilkatalog\_install.exe
c:\program files\winwin
c:\program files\winwin\hondawin.swf
c:\program files\winwin\install.swf
c:\program files\winwin\uninst.exe
E:\AUTORUN.INF
.
((((((((((((((((((((((((( Files Created from 2010-09-08 to 2010-10-08 )))))))))))))))))))))))))))))))
.
2010-09-24 06:04 . 2010-04-14 16:39 827488 ----a-w- c:\documents and settings\All Users\Application Data\Tenda Driver\Tenda Wireless LAN Card\Driver\rt2870.sys
2010-09-24 06:04 . 2010-04-14 17:31 238944 ----a-w- c:\documents and settings\All Users\Application Data\Tenda Driver\Tenda Wireless LAN Card\Driver\RaCoInst.dll
2010-09-24 06:04 . 2010-09-24 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Tenda Driver
2010-09-24 06:04 . 2009-12-10 09:15 533792 ----a-w- c:\documents and settings\All Users\Application Data\Tenda Driver\Tenda Wireless LAN Card\Driver\RaInst.exe
2010-09-24 06:04 . 2009-12-10 09:15 323648 ----a-w- c:\documents and settings\All Users\Application Data\Tenda Driver\Tenda Wireless LAN Card\Driver\difxapi7.dll
2010-09-24 06:04 . 2009-12-10 09:15 319456 ----a-w- c:\documents and settings\All Users\Application Data\Tenda Driver\Tenda Wireless LAN Card\Driver\difxapi.dll
2010-09-24 06:04 . 2009-12-10 09:15 197920 ----a-w- c:\documents and settings\All Users\Application Data\Tenda Driver\Tenda Wireless LAN Card\Driver\CoInstaller.dll
2010-09-24 05:47 . 2010-04-14 17:31 238944 ----a-w- c:\windows\system32\RaCoInst.dll
2010-09-24 05:47 . 2010-04-14 16:39 827488 ----a-w- c:\windows\system32\drivers\rt2870.sys
2010-09-24 05:47 . 2010-04-14 16:29 13931 ----a-w- c:\windows\system32\RaCoInst.dat
2010-09-24 05:46 . 2010-09-24 05:46 -------- d-----w- c:\program files\Tenda
2010-09-21 18:37 . 2010-09-21 18:37 932288 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\21684\AdobeARM.exe
2010-09-21 18:37 . 2010-09-21 18:37 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\21684\AdobeExtractFiles.dll
2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\21684\ReaderUpdater.exe
2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\21684\AcrobatUpdater.exe
2010-09-20 21:12 . 2010-09-20 21:12 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-20 21:12 . 2010-09-20 21:12 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-09-20 21:12 . 2010-09-20 21:12 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-08 16:27 . 2007-01-06 07:21 -------- d-----w- c:\documents and settings\Oto\Application Data\Skype
2010-10-08 16:04 . 2008-06-10 20:32 -------- d-----w- c:\documents and settings\Oto\Application Data\ICQ
2010-10-08 16:03 . 2008-12-23 11:23 -------- d-----w- c:\documents and settings\Oto\Application Data\Vso
2010-10-08 16:02 . 2007-03-06 22:23 -------- d-----w- c:\program files\Spamihilator
2010-09-24 06:04 . 2006-12-21 15:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-24 05:47 . 2010-09-07 17:11 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-09-20 21:13 . 2010-05-06 09:42 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-20 21:12 . 2010-04-22 14:32 -------- d-----w- c:\program files\DivX
2010-09-20 21:12 . 2010-04-22 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-09-20 21:12 . 2010-09-01 20:47 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll
2010-09-20 21:11 . 2010-09-01 20:45 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-20 21:11 . 2010-04-22 14:42 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-09-20 21:11 . 2010-04-22 14:42 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-09-10 23:55 . 2009-11-03 20:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-07 17:11 . 2010-09-07 17:11 -------- d-----w- c:\program files\Belkin
2010-09-07 17:11 . 2010-09-07 17:11 -------- d-----w- c:\documents and settings\Oto\Application Data\InstallShield
2010-09-01 20:47 . 2010-09-01 20:47 57691 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-09-01 20:46 . 2010-09-01 20:46 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-08-26 21:36 . 2007-03-06 22:02 -------- d-----w- c:\program files\Common Files\Java
2010-08-26 21:35 . 2007-03-06 22:05 -------- d-----w- c:\program files\Java
2010-08-25 20:59 . 2010-06-22 17:14 -------- d-----w- c:\program files\ICQ7.0
2010-08-11 15:09 . 2010-08-11 07:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-08-11 15:09 . 2010-08-11 15:06 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-11 07:41 . 2010-08-11 07:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-08-11 07:41 . 2010-08-11 07:41 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-08-08 18:42 . 2010-08-08 18:42 503808 ----a-w- c:\documents and settings\Oto\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3e1244ec-n\msvcp71.dll
2010-08-08 18:42 . 2010-08-08 18:42 499712 ----a-w- c:\documents and settings\Oto\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3e1244ec-n\jmc.dll
2010-08-08 18:42 . 2010-08-08 18:42 348160 ----a-w- c:\documents and settings\Oto\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3e1244ec-n\msvcr71.dll
2010-08-08 18:42 . 2010-08-08 18:42 61440 ----a-w- c:\documents and settings\Oto\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-20c7d54d-n\decora-sse.dll
2010-08-08 18:42 . 2010-08-08 18:42 12800 ----a-w- c:\documents and settings\Oto\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-20c7d54d-n\decora-d3d.dll
2010-07-31 06:26 . 2010-07-31 06:26 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-07-31 06:26 . 2010-07-31 06:26 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-07-31 06:26 . 2010-07-31 06:26 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-30 04:33 . 2010-07-30 04:33 503808 ----a-w- c:\documents and settings\Oto\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-398a5586-n\msvcp71.dll
2010-07-30 04:33 . 2010-07-30 04:33 499712 ----a-w- c:\documents and settings\Oto\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-398a5586-n\jmc.dll
2010-07-30 04:33 . 2010-07-30 04:33 348160 ----a-w- c:\documents and settings\Oto\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-398a5586-n\msvcr71.dll
2010-07-30 04:33 . 2010-07-30 04:33 61440 ----a-w- c:\documents and settings\Oto\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-351b9221-n\decora-sse.dll
2010-07-30 04:33 . 2010-07-30 04:33 12800 ----a-w- c:\documents and settings\Oto\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-351b9221-n\decora-d3d.dll
2010-07-17 03:00 . 2010-05-20 09:32 423656 ----a-w- c:\windows\system32\deployJava1.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2007-01-24 619008]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-02-23 106496]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-03-02 552960]
"4500w Scan2PC"="c:\windows\Twain_32\Samsung\SCX4500W\Scan2pc.exe" [2009-03-06 503808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
W311U.lnk - c:\program files\Tenda\W311U\UI.exe [2010-9-24 2125824]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Oto^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\Oto\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2006-03-08 20:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F5D7050v3]
2007-10-30 20:37 1654784 ----a-w- c:\program files\Belkin\F5D7050v3\Belkinwcui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-08-22 11:02 133432 ----a-w- c:\program files\ICQ7.0\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 12:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 02:01 32768 ----a-w- c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-05-04 07:59 16206848 ------r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-01-20 04:34 544768 ----a-w- c:\windows\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Caplio Software\\RGateLXP.exe"=
"c:\\Program Files\\DSC Software\\DL10XP.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\SCX4500W\\Scan2Pc.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\SCX4500W\\Sscan2io.exe"=
"e:\\Paja nemina\\Counter-Strikec\\hl.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9. 4. 2009 16:18 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9. 4. 2009 16:19 731840]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [14. 1. 2009 23:55 246520]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [21. 12. 2006 17:22 1056512]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [21. 12. 2006 17:23 8064]
S2 gupdate1c9861ff631b52;Google Update Service (gupdate1c9861ff631b52);c:\program files\Google\Update\GoogleUpdate.exe [3. 2. 2009 18:47 133104]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [14. 12. 2007 17:41 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [14. 12. 2007 17:41 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [14. 12. 2007 17:41 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [14. 12. 2007 17:42 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [14. 12. 2007 17:42 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [14. 12. 2007 17:41 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [14. 12. 2007 17:42 90800]
.
Contents of the 'Scheduled Tasks' folder
2010-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 16:46]
2010-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 16:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://uk.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
TCP: {350BC7BC-9E3A-4F27-BDCE-0270F2EE7FE2} = 192.168.1.1
TCP: {531D6A59-E517-4C60-9537-2FC0D4E171B9} = 192.168.1.1
TCP: {5CC6F604-F52C-4DDE-A803-7C006DFADDCF} = 192.168.1.1
TCP: {8F6650E5-3842-4D52-93DE-EB31CA7A1D3E} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Oto\Application Data\Mozilla\Firefox\Profiles\668ujda3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.pravda.sk/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\documents and settings\Oto\Application Data\Facebook\npfbplugin_1_0_0.dll
FF - plugin: c:\documents and settings\Oto\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe
MSConfigStartUp-ICQ Lite - c:\program files\ICQLite\ICQLite.exe
MSConfigStartUp-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
AddRemove-DamageCopier 3.1 - c:\program files\Evolution Labs\DamageCopier 3.1\Uninstal.exe
AddRemove-MegauploadToolbar - c:\program files\MegauploadToolbar\uninstall.exe
AddRemove-PopCap Browser Plugin - c:\program files\PopCap Games\PopCap Browser Plugin\Uninstall.exe
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1409082233-839522115-293330755-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D90CF015-4C1C-0498-33EF-F71A6F28FB20}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1304)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-10-08 18:28:51
ComboFix-quarantined-files.txt 2010-10-08 16:28
Pre-Run: 2 082 799 616 bytes free
Post-Run: 4 159 279 104 bytes free
- - End Of File - - 7F2EEFA74C45CF110284ACA5E62EB829
-
riffman
- VIP
- Příspěvky: 3203
- Registrován: 20 říj 2004 07:00
- Bydliště: České Budějovice
- Kontaktovat uživatele:
Re: pravděpodobně neznámý TSR.BOOT virus
zdravim
pro reseni vaseho problemu zalozte v teto sekci vlastni thread s logem, takto znacne zneprehlednujete jiz reseny problem
zde zamykam
pro reseni vaseho problemu zalozte v teto sekci vlastni thread s logem, takto znacne zneprehlednujete jiz reseny problem
zde zamykam
Give us a chance to live
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Give us a chance to die
Give us a chance to be free
Without fire from the sky
Give us a chance to love
Give us a chance to hate
Give us a chance, before you kill us all
Přispějete na provoz fóra?