Dobrý večer.
Antivir hlási množstvo vírusov, spomalený comp.
Logfile of random's system information tool 1.08 (written by random/random)
Run by Sarka at 2010-11-24 17:33:14
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 63 GB (56%) free of 111 GB
Total RAM: 2046 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:33:23, on 24/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\AOL\1166043706\ee\AOLSoftware.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\Program Files\Belkin\Cardbus F5D701F\Wireless Utility\Belkinwcui.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\N-ABLE~1\REMOTE~1\RemoteControlAgent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\UpsPilot\Winpower.exe
C:\Program Files\UltraVnc\WinVNC.exe
C:\Program Files\UpsPilot\jre\bin\javaw.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\PROGRA~1\UpsPilot\monitor.exe
C:\Program Files\UpsPilot\jre\bin\javaw.exe
C:\PROGRA~1\UpsPilot\wpRMI.exe
C:\Program Files\UpsPilot\jre\bin\javaw.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sarka\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Sarka.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&c ... bd=6060906
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://googleure.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&c ... bd=6060906
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&c ... bd=6060906
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1166043706\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVnc\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\RunServices: [Winpower] C:\Program Files\UpsPilot\Winpower.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Belkin Wireless G Notebook Card Client Utility.lnk = C:\Program Files\Belkin\Cardbus F5D701F\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/portsmouth/s ... aryRdr.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ufkesh.dll relxas.dll
O20 - Winlogon Notify: khfETnmj - khfETnmj.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate1c9db4396e77414) (gupdate1c9db4396e77414) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Windows Remote Control Agent (N-able Technologies Windows Remote Control Agent) - N-able Technologies - C:\PROGRA~1\N-ABLE~1\REMOTE~1\RemoteControlAgent.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Winpower - ZeroG Software - C:\PROGRA~1\UpsPilot\Winpower.exe
O23 - Service: Winpowermanager - ZeroG Software - C:\PROGRA~1\UpsPilot\manager.exe
O23 - Service: Winpowermonitor - ZeroG Software - C:\PROGRA~1\UpsPilot\monitor.exe
O23 - Service: WinpowerRMI - ZeroG Software - C:\PROGRA~1\UpsPilot\wpRMI.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVnc\WinVNC.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 12512 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4235665694-360910871-2595321805-1008.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4235665694-360910871-2595321805-1008.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{74C6652E-80B1-4D9F-B200-45A6923F4AD2}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-08-25 341600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-11-19 251504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-10-12 842296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-11-19 251504]
{472734EA-242A-422B-ADF8-83D1E48CC825}
{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-02-10 282624]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2007-12-07 71008]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"AOL Spyware Protection"=C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe [2004-03-19 78960]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-03-21 7561216]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-03-21 86016]
"HostManager"=C:\Program Files\Common Files\AOL\1166043706\ee\AOLSoftware.exe [2006-11-17 50736]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"WinVNC"=C:\Program Files\UltraVnc\WinVNC.exe [2008-09-08 712704]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"BrStsWnd"=C:\Program Files\Brownie\BrstsWnd.exe [2008-09-18 880640]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-08-25 202256]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-08-02 281768]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-09-10 2500552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\Dell Support\DSAgnt.exe [2006-07-16 389120]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe
Belkin Wireless G Notebook Card Client Utility.lnk - C:\Program Files\Belkin\Cardbus F5D701F\Wireless Utility\Belkinwcui.exe
Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="ufkesh.dll relxas.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfETnmj]
khfETnmj.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\pmnligDu
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fggjptxe.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\haemtoft.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jcqmaucu.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jgudoheo.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\whtymcat.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\whxrfufm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\fggjptxe.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\haemtoft.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\jcqmaucu.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\jgudoheo.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\whtymcat.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\whxrfufm.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\1166043706\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1166043706\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\SPSSInc\SPSS16\spss.exe"="C:\Program Files\SPSSInc\SPSS16\spss.exe:*:Disabled:SPSS 16.0 for Windows (1033:exe)"
"C:\Program Files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe"="C:\Program Files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor (1033)"
"C:\Program Files\SPSSInc\SPSS16\spss.com"="C:\Program Files\SPSSInc\SPSS16\spss.com:*:Disabled:SPSS 16.0 for Windows (1033:com)"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
======List of files/folders created in the last 1 months======
2010-11-24 17:33:15 ----D---- C:\Program Files\trend micro
2010-11-24 17:33:14 ----D---- C:\rsit
2010-11-24 17:10:05 ----D---- C:\Documents and Settings\Sarka\Application Data\QuickScan
2010-11-24 15:32:22 ----D---- C:\Documents and Settings\Sarka\Application Data\Avira
2010-11-24 15:30:46 ----D---- C:\Documents and Settings\Sarka\Application Data\Malwarebytes
2010-11-24 15:30:34 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-11-24 15:30:32 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-11-24 15:30:32 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-11-24 15:30:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-24 15:18:57 ----D---- C:\WINDOWS\system32\NtmsData
2010-11-24 15:17:28 ----A---- C:\WINDOWS\system32\drivers\revoflt.sys
2010-11-24 15:17:23 ----D---- C:\Program Files\VS Revo Group
2010-11-24 15:01:18 ----D---- C:\Program Files\COMODO
2010-11-24 14:49:57 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2010-11-24 14:06:57 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2010-11-24 14:06:55 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2010-11-24 14:06:55 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2010-11-24 14:06:55 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2010-11-24 14:06:55 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2010-11-24 14:06:54 ----D---- C:\Program Files\Avira
2010-11-24 14:06:54 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2010-11-22 11:13:40 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-11-22 11:13:16 ----A---- C:\WINDOWS\system32\javaws.exe
2010-11-22 11:13:16 ----A---- C:\WINDOWS\system32\javaw.exe
2010-11-22 11:13:16 ----A---- C:\WINDOWS\system32\java.exe
2010-11-22 11:13:16 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-11-22 08:05:33 ----RA---- C:\Documents and Settings\Sarka\Application Data\BG0Ai.txt
2010-11-14 18:44:37 ----D---- C:\Documents and Settings\Sarka\Application Data\dvdcss
======List of files/folders modified in the last 1 months======
2010-11-24 17:33:20 ----D---- C:\WINDOWS\Prefetch
2010-11-24 17:33:15 ----RD---- C:\Program Files
2010-11-24 17:33:00 ----D---- C:\Documents and Settings\All Users\Application Data\Kontiki
2010-11-24 17:31:36 ----D---- C:\Documents and Settings\Sarka\Application Data\Skype
2010-11-24 17:29:39 ----SHD---- C:\System Volume Information
2010-11-24 17:17:40 ----D---- C:\WINDOWS\Registration
2010-11-24 17:14:26 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-11-24 17:09:07 ----SD---- C:\WINDOWS\Tasks
2010-11-24 17:03:42 ----AD---- C:\WINDOWS\Temp
2010-11-24 17:03:19 ----D---- C:\WINDOWS
2010-11-24 17:02:28 ----A---- C:\WINDOWS\Brownie.ini
2010-11-24 17:02:23 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-24 17:01:47 ----SHD---- C:\WINDOWS\system32\dllcache
2010-11-24 17:01:47 ----D---- C:\WINDOWS\system32\drivers
2010-11-24 17:01:47 ----D---- C:\WINDOWS\system32
2010-11-24 17:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2010-11-24 17:00:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-24 16:59:42 ----D---- C:\Program Files\Angle Interactive
2010-11-24 16:25:45 ----SHD---- C:\WINDOWS\Installer
2010-11-24 16:20:00 ----SHD---- C:\Config.Msi
2010-11-24 16:19:58 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-11-24 16:19:33 ----D---- C:\Program Files\Windows Live
2010-11-24 16:00:01 ----D---- C:\Documents and Settings\Sarka\Application Data\skypePM
2010-11-24 15:24:25 ----D---- C:\Program Files\Google
2010-11-24 15:17:33 ----HD---- C:\WINDOWS\inf
2010-11-24 13:48:51 ----D---- C:\WINDOWS\WinSxS
2010-11-24 11:46:52 ----D---- C:\Program Files\Spyware Doctor
2010-11-24 11:46:52 ----D---- C:\Program Files\Common Files
2010-11-24 11:41:27 ----D---- C:\Program Files\Opera
2010-11-24 08:33:29 ----D---- C:\Program Files\UpsPilot
2010-11-24 01:39:56 ----D---- C:\WINDOWS\system32\CatRoot
2010-11-23 20:39:44 ----D---- C:\WINDOWS\Minidump
2010-11-23 20:39:44 ----D---- C:\WINDOWS\Debug
2010-11-22 11:13:39 ----D---- C:\Program Files\Common Files\Java
2010-11-22 11:13:11 ----D---- C:\Program Files\Java
2010-11-21 19:06:37 ----RSHD---- C:\RECYCLER
2010-11-14 20:13:15 ----D---- C:\Documents and Settings\Sarka\Application Data\vlc
2010-11-10 23:39:45 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-10 21:10:31 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-11-08 12:39:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2005-09-12 89264]
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2010-09-10 91560]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-08-02 126856]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-09-10 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-09-10 25240]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-12-21 5632]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-10-15 21035]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-08-02 60936]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R3 CamSuiteVAC;CamSuite Virtual Audio; C:\WINDOWS\system32\DRIVERS\CamSuiteVAC.sys [2008-09-19 37560]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-03-21 3650368]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-02-10 1107224]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S0 fggjptxe;fggjptxe; C:\WINDOWS\system32\drivers\fggjptxe.sys []
S0 haemtoft;haemtoft; C:\WINDOWS\System32\Drivers\haemtoft.sys []
S0 jcqmaucu;jcqmaucu; C:\WINDOWS\system32\drivers\jcqmaucu.sys []
S0 jgudoheo;jgudoheo; C:\WINDOWS\system32\drivers\jgudoheo.sys []
S0 whxrfufm;whxrfufm; C:\WINDOWS\system32\drivers\whxrfufm.sys []
S1 NDISRD;NDISRD; C:\WINDOWS\system32\drivers\NDISRD.sys [2009-06-22 24576]
S2 Packet;Auto Internet Protocol; C:\WINDOWS\system32\DRIVERS\packet.sys [2006-12-18 12672]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 167808]
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-08-02 267944]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-09-10 1901056]
R2 hnmsvc;Advanced Networking Service; C:\Program Files\Dell Network Assistant\hnm_svc.exe [2007-08-27 111912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 KService;KService; C:\Program Files\Kontiki\KService.exe [2007-04-23 3068352]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 N-able Technologies Windows Remote Control Agent;Windows Remote Control Agent; C:\PROGRA~1\N-ABLE~1\REMOTE~1\RemoteControlAgent.exe [2008-12-12 197272]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-03-21 143436]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 Winpower;Winpower; C:\PROGRA~1\UpsPilot\Winpower.exe [2007-05-25 112640]
R2 winvnc;VNC Server; C:\Program Files\UltraVnc\WinVNC.exe [2008-09-08 712704]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2008-10-15 439632]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 Winpowermonitor;Winpowermonitor; C:\PROGRA~1\UpsPilot\monitor.exe [2007-05-25 112640]
R3 WinpowerRMI;WinpowerRMI; C:\PROGRA~1\UpsPilot\wpRMI.exe [2007-05-25 112640]
S2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 gupdate1c9db4396e77414;Google Update Service (gupdate1c9db4396e77414); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-23 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-21 137200]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Winpowermanager;Winpowermanager; C:\PROGRA~1\UpsPilot\manager.exe [2007-05-25 112640]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu.
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119428
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu.
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu.
ComboFix 10-11-23.05 - Sarka 24/11/2010 18:56:39.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1363 [GMT 0:00]
Running from: c:\documents and settings\Sarka\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Sarka\Application Data\BG0Ai.txt
c:\documents and settings\Sarka\Local Settings\Application Data\aikmwac.exe
c:\program files\Common Files\Uninstall
c:\windows\system32\csdgxdvm.ini
c:\windows\system32\cugfxolu.ini
c:\windows\system32\cvvflgrb.ini
c:\windows\system32\iuqfdrxb.ini
c:\windows\system32\jerbmgqg.ini
c:\windows\system32\kill.exe
c:\windows\system32\ndisapi.dll
c:\windows\system32\nTuCKRqr.ini
c:\windows\system32\nTuCKRqr.ini2
c:\windows\system32\uDgilnmp.ini
c:\windows\system32\uDgilnmp.ini2
c:\windows\system32\ussvonho.ini
c:\windows\system32\uswqvgik.ini
c:\windows\system32\uwnuwtgi.ini
c:\windows\system32\yISssvut.ini
c:\windows\system32\yISssvut.ini2
c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\ServicePackFiles\i386\cdrom.sys
.
((((((((((((((((((((((((( Files Created from 2010-10-24 to 2010-11-24 )))))))))))))))))))))))))))))))
.
2010-11-24 19:00 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-11-24 19:00 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2010-11-24 18:31 . 2010-11-24 18:31 -------- d-----w- c:\program files\ESET
2010-11-24 17:33 . 2010-11-24 17:33 -------- d-----w- c:\program files\trend micro
2010-11-24 17:33 . 2010-11-24 17:33 -------- d-----w- C:\rsit
2010-11-24 17:10 . 2010-11-24 17:10 -------- d-----w- c:\documents and settings\Sarka\Application Data\QuickScan
2010-11-24 15:32 . 2010-11-24 15:32 -------- d-----w- c:\documents and settings\Sarka\Application Data\Avira
2010-11-24 15:30 . 2010-11-24 15:30 -------- d-----w- c:\documents and settings\Sarka\Application Data\Malwarebytes
2010-11-24 15:30 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-24 15:30 . 2010-11-24 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-24 15:30 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-24 15:30 . 2010-11-24 15:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-24 15:18 . 2010-11-24 17:18 -------- d-----w- c:\windows\system32\NtmsData
2010-11-24 15:17 . 2010-11-24 15:17 -------- d-----w- c:\documents and settings\Sarka\Local Settings\Application Data\VS Revo Group
2010-11-24 15:17 . 2009-12-30 11:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-11-24 15:17 . 2010-11-24 15:17 -------- d-----w- c:\program files\VS Revo Group
2010-11-24 15:01 . 2010-11-24 15:01 -------- d-----w- c:\program files\COMODO
2010-11-24 14:49 . 2010-11-24 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2010-11-24 14:06 . 2010-08-02 16:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-24 14:06 . 2010-08-02 16:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-24 14:06 . 2010-06-17 15:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-11-24 14:06 . 2010-06-17 15:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-24 14:06 . 2010-11-24 14:06 -------- d-----w- c:\program files\Avira
2010-11-24 14:06 . 2010-11-24 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-11-22 11:13 . 2010-09-15 04:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-22 11:13 . 2010-09-15 04:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-14 18:44 . 2010-11-14 18:44 -------- d-----w- c:\documents and settings\Sarka\Application Data\dvdcss
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 11:23 . 2004-08-10 11:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 11:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 11:51 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 11:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 02:29 . 2007-05-25 09:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 23:41 . 2010-09-10 23:41 285480 ----a-w- c:\windows\system32\guard32.dll
2010-09-10 23:40 . 2010-09-10 23:40 91560 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-09-10 23:40 . 2010-09-10 23:40 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-09-10 23:40 . 2010-09-10 23:40 239240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-09-10 23:40 . 2010-09-10 23:40 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-09-10 05:58 . 2004-08-10 11:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-10 11:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-10 11:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 22:39 . 2010-09-09 22:39 2826240 ----a-w- c:\windows\system32\GPhotos.scr
2010-09-01 11:51 . 2004-08-10 11:50 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-10 11:51 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-10 11:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-10 11:51 99840 ----a-w- c:\windows\system32\srvsvc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-16 389120]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 282624]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7561216]
"nwiz"="nwiz.exe" [2006-03-21 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-21 86016]
"HostManager"="c:\program files\Common Files\AOL\1166043706\ee\AOLSoftware.exe" [2006-11-17 50736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"WinVNC"="c:\program files\UltraVnc\WinVNC.exe" [2008-09-08 712704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-25 202256]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-10 2500552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2006-9-6 156784]
Belkin Wireless G Notebook Card Client Utility.lnk - c:\program files\Belkin\Cardbus F5D701F\Wireless Utility\Belkinwcui.exe [2008-9-30 1556480]
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-9-6 7168]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\haemtoft.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1166043706\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.com"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10/09/2010 23:40 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10/09/2010 23:40 25240]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [24/11/2010 14:06 135336]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [01/01/2010 00:00 112592]
R2 N-able Technologies Windows Remote Control Agent;Windows Remote Control Agent;c:\progra~1\N-ABLE~1\REMOTE~1\RemoteControlAgent.exe [19/05/2009 23:25 197272]
R3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\drivers\CamSuiteVAC.sys [12/10/2010 13:59 37560]
S0 fggjptxe;fggjptxe; [x]
S0 haemtoft;haemtoft;c:\windows\system32\Drivers\haemtoft.sys --> c:\windows\system32\Drivers\haemtoft.sys [?]
S0 jcqmaucu;jcqmaucu; [x]
S0 jgudoheo;jgudoheo; [x]
S0 whxrfufm;whxrfufm; [x]
S2 gupdate1c9db4396e77414;Google Update Service (gupdate1c9db4396e77414);c:\program files\Google\Update\GoogleUpdate.exe [23/05/2009 01:12 133104]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [24/11/2010 15:17 27064]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [27/03/2006 17:53 167808]
--- Other Services/Drivers In Memory ---
*Deregistered* - NDISRD
.
Contents of the 'Scheduled Tasks' folder
2010-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-23 01:12]
2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-23 01:12]
2010-11-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4235665694-360910871-2595321805-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]
2010-11-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4235665694-360910871-2595321805-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]
2010-11-24 c:\windows\Tasks\User_Feed_Synchronization-{74C6652E-80B1-4D9F-B200-45A6923F4AD2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://googleure.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=d ... bd=6060906
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Sarka\Application Data\Mozilla\Firefox\Profiles\hyzi8ibq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
Notify-khfETnmj - khfETnmj.dll
SafeBoot-fggjptxe.sys
SafeBoot-jcqmaucu.sys
SafeBoot-jgudoheo.sys
SafeBoot-whtymcat.sys
SafeBoot-whxrfufm.sys
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-24 19:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2848)
c:\windows\system32\WININET.dll
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\UpsPilot\Winpower.exe
c:\program files\UpsPilot\jre\bin\javaw.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\progra~1\UpsPilot\monitor.exe
c:\program files\UpsPilot\jre\bin\javaw.exe
c:\windows\stsystra.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\UpsPilot\wpRMI.exe
c:\program files\UpsPilot\jre\bin\javaw.exe
c:\program files\Dell Network Assistant\ezi_hnm2.exe
.
**************************************************************************
.
Completion time: 2010-11-24 19:10:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-24 19:09
Pre-Run: 66,468,720,640 bytes free
Post-Run: 67,133,362,176 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 55F67791F752D1413B7BD1138C1357AE
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1363 [GMT 0:00]
Running from: c:\documents and settings\Sarka\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Sarka\Application Data\BG0Ai.txt
c:\documents and settings\Sarka\Local Settings\Application Data\aikmwac.exe
c:\program files\Common Files\Uninstall
c:\windows\system32\csdgxdvm.ini
c:\windows\system32\cugfxolu.ini
c:\windows\system32\cvvflgrb.ini
c:\windows\system32\iuqfdrxb.ini
c:\windows\system32\jerbmgqg.ini
c:\windows\system32\kill.exe
c:\windows\system32\ndisapi.dll
c:\windows\system32\nTuCKRqr.ini
c:\windows\system32\nTuCKRqr.ini2
c:\windows\system32\uDgilnmp.ini
c:\windows\system32\uDgilnmp.ini2
c:\windows\system32\ussvonho.ini
c:\windows\system32\uswqvgik.ini
c:\windows\system32\uwnuwtgi.ini
c:\windows\system32\yISssvut.ini
c:\windows\system32\yISssvut.ini2
c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\ServicePackFiles\i386\cdrom.sys
.
((((((((((((((((((((((((( Files Created from 2010-10-24 to 2010-11-24 )))))))))))))))))))))))))))))))
.
2010-11-24 19:00 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-11-24 19:00 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2010-11-24 18:31 . 2010-11-24 18:31 -------- d-----w- c:\program files\ESET
2010-11-24 17:33 . 2010-11-24 17:33 -------- d-----w- c:\program files\trend micro
2010-11-24 17:33 . 2010-11-24 17:33 -------- d-----w- C:\rsit
2010-11-24 17:10 . 2010-11-24 17:10 -------- d-----w- c:\documents and settings\Sarka\Application Data\QuickScan
2010-11-24 15:32 . 2010-11-24 15:32 -------- d-----w- c:\documents and settings\Sarka\Application Data\Avira
2010-11-24 15:30 . 2010-11-24 15:30 -------- d-----w- c:\documents and settings\Sarka\Application Data\Malwarebytes
2010-11-24 15:30 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-24 15:30 . 2010-11-24 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-24 15:30 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-24 15:30 . 2010-11-24 15:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-24 15:18 . 2010-11-24 17:18 -------- d-----w- c:\windows\system32\NtmsData
2010-11-24 15:17 . 2010-11-24 15:17 -------- d-----w- c:\documents and settings\Sarka\Local Settings\Application Data\VS Revo Group
2010-11-24 15:17 . 2009-12-30 11:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-11-24 15:17 . 2010-11-24 15:17 -------- d-----w- c:\program files\VS Revo Group
2010-11-24 15:01 . 2010-11-24 15:01 -------- d-----w- c:\program files\COMODO
2010-11-24 14:49 . 2010-11-24 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2010-11-24 14:06 . 2010-08-02 16:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-24 14:06 . 2010-08-02 16:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-24 14:06 . 2010-06-17 15:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-11-24 14:06 . 2010-06-17 15:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-24 14:06 . 2010-11-24 14:06 -------- d-----w- c:\program files\Avira
2010-11-24 14:06 . 2010-11-24 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-11-22 11:13 . 2010-09-15 04:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-22 11:13 . 2010-09-15 04:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-14 18:44 . 2010-11-14 18:44 -------- d-----w- c:\documents and settings\Sarka\Application Data\dvdcss
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 11:23 . 2004-08-10 11:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 11:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 11:51 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 11:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 02:29 . 2007-05-25 09:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 23:41 . 2010-09-10 23:41 285480 ----a-w- c:\windows\system32\guard32.dll
2010-09-10 23:40 . 2010-09-10 23:40 91560 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-09-10 23:40 . 2010-09-10 23:40 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-09-10 23:40 . 2010-09-10 23:40 239240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-09-10 23:40 . 2010-09-10 23:40 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-09-10 05:58 . 2004-08-10 11:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-10 11:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-10 11:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 22:39 . 2010-09-09 22:39 2826240 ----a-w- c:\windows\system32\GPhotos.scr
2010-09-01 11:51 . 2004-08-10 11:50 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-10 11:51 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-10 11:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-10 11:51 99840 ----a-w- c:\windows\system32\srvsvc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-16 389120]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 282624]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7561216]
"nwiz"="nwiz.exe" [2006-03-21 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-21 86016]
"HostManager"="c:\program files\Common Files\AOL\1166043706\ee\AOLSoftware.exe" [2006-11-17 50736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"WinVNC"="c:\program files\UltraVnc\WinVNC.exe" [2008-09-08 712704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-25 202256]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-10 2500552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2006-9-6 156784]
Belkin Wireless G Notebook Card Client Utility.lnk - c:\program files\Belkin\Cardbus F5D701F\Wireless Utility\Belkinwcui.exe [2008-9-30 1556480]
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-9-6 7168]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\haemtoft.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1166043706\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.com"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10/09/2010 23:40 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10/09/2010 23:40 25240]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [24/11/2010 14:06 135336]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [01/01/2010 00:00 112592]
R2 N-able Technologies Windows Remote Control Agent;Windows Remote Control Agent;c:\progra~1\N-ABLE~1\REMOTE~1\RemoteControlAgent.exe [19/05/2009 23:25 197272]
R3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\drivers\CamSuiteVAC.sys [12/10/2010 13:59 37560]
S0 fggjptxe;fggjptxe; [x]
S0 haemtoft;haemtoft;c:\windows\system32\Drivers\haemtoft.sys --> c:\windows\system32\Drivers\haemtoft.sys [?]
S0 jcqmaucu;jcqmaucu; [x]
S0 jgudoheo;jgudoheo; [x]
S0 whxrfufm;whxrfufm; [x]
S2 gupdate1c9db4396e77414;Google Update Service (gupdate1c9db4396e77414);c:\program files\Google\Update\GoogleUpdate.exe [23/05/2009 01:12 133104]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [24/11/2010 15:17 27064]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [27/03/2006 17:53 167808]
--- Other Services/Drivers In Memory ---
*Deregistered* - NDISRD
.
Contents of the 'Scheduled Tasks' folder
2010-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-23 01:12]
2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-23 01:12]
2010-11-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4235665694-360910871-2595321805-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]
2010-11-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4235665694-360910871-2595321805-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]
2010-11-24 c:\windows\Tasks\User_Feed_Synchronization-{74C6652E-80B1-4D9F-B200-45A6923F4AD2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://googleure.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=d ... bd=6060906
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Sarka\Application Data\Mozilla\Firefox\Profiles\hyzi8ibq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
Notify-khfETnmj - khfETnmj.dll
SafeBoot-fggjptxe.sys
SafeBoot-jcqmaucu.sys
SafeBoot-jgudoheo.sys
SafeBoot-whtymcat.sys
SafeBoot-whxrfufm.sys
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-24 19:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2848)
c:\windows\system32\WININET.dll
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\UpsPilot\Winpower.exe
c:\program files\UpsPilot\jre\bin\javaw.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\progra~1\UpsPilot\monitor.exe
c:\program files\UpsPilot\jre\bin\javaw.exe
c:\windows\stsystra.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\UpsPilot\wpRMI.exe
c:\program files\UpsPilot\jre\bin\javaw.exe
c:\program files\Dell Network Assistant\ezi_hnm2.exe
.
**************************************************************************
.
Completion time: 2010-11-24 19:10:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-24 19:09
Pre-Run: 66,468,720,640 bytes free
Post-Run: 67,133,362,176 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 55F67791F752D1413B7BD1138C1357AE
-
Rudy
- Site Admin
- Příspěvky: 119428
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu.
Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Collect::
c:\windows\system32\Drivers\haemtoft.sys
Driver::
fggjptxe
haemtoft
jcqmaucu
jgudoheo
whxrfufm
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu.
ComboFix 10-11-23.05 - Sarka 24/11/2010 20:39:42.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1423 [GMT 0:00]
Running from: c:\documents and settings\Sarka\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Sarka\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FGGJPTXE
-------\Legacy_HAEMTOFT
-------\Legacy_JCQMAUCU
-------\Legacy_JGUDOHEO
-------\Legacy_WHXRFUFM
-------\Service_fggjptxe
-------\Service_haemtoft
-------\Service_jcqmaucu
-------\Service_jgudoheo
-------\Service_whxrfufm
((((((((((((((((((((((((( Files Created from 2010-10-24 to 2010-11-24 )))))))))))))))))))))))))))))))
.
2010-11-24 19:00 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-11-24 19:00 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2010-11-24 18:31 . 2010-11-24 18:31 -------- d-----w- c:\program files\ESET
2010-11-24 17:33 . 2010-11-24 17:33 -------- d-----w- c:\program files\trend micro
2010-11-24 17:33 . 2010-11-24 17:33 -------- d-----w- C:\rsit
2010-11-24 17:10 . 2010-11-24 17:10 -------- d-----w- c:\documents and settings\Sarka\Application Data\QuickScan
2010-11-24 15:32 . 2010-11-24 15:32 -------- d-----w- c:\documents and settings\Sarka\Application Data\Avira
2010-11-24 15:30 . 2010-11-24 15:30 -------- d-----w- c:\documents and settings\Sarka\Application Data\Malwarebytes
2010-11-24 15:30 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-24 15:30 . 2010-11-24 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-24 15:30 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-24 15:30 . 2010-11-24 15:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-24 15:18 . 2010-11-24 17:18 -------- d-----w- c:\windows\system32\NtmsData
2010-11-24 15:17 . 2010-11-24 15:17 -------- d-----w- c:\documents and settings\Sarka\Local Settings\Application Data\VS Revo Group
2010-11-24 15:17 . 2009-12-30 11:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-11-24 15:17 . 2010-11-24 15:17 -------- d-----w- c:\program files\VS Revo Group
2010-11-24 15:01 . 2010-11-24 15:01 -------- d-----w- c:\program files\COMODO
2010-11-24 14:49 . 2010-11-24 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2010-11-24 14:06 . 2010-08-02 16:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-24 14:06 . 2010-08-02 16:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-24 14:06 . 2010-06-17 15:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-11-24 14:06 . 2010-06-17 15:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-24 14:06 . 2010-11-24 14:06 -------- d-----w- c:\program files\Avira
2010-11-24 14:06 . 2010-11-24 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-11-22 11:13 . 2010-09-15 04:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-22 11:13 . 2010-09-15 04:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-14 18:44 . 2010-11-14 18:44 -------- d-----w- c:\documents and settings\Sarka\Application Data\dvdcss
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 11:23 . 2004-08-10 11:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 11:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 11:51 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 11:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 02:29 . 2007-05-25 09:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 23:41 . 2010-09-10 23:41 285480 ----a-w- c:\windows\system32\guard32.dll
2010-09-10 23:40 . 2010-09-10 23:40 91560 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-09-10 23:40 . 2010-09-10 23:40 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-09-10 23:40 . 2010-09-10 23:40 239240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-09-10 23:40 . 2010-09-10 23:40 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-09-10 05:58 . 2004-08-10 11:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-10 11:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-10 11:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 22:39 . 2010-09-09 22:39 2826240 ----a-w- c:\windows\system32\GPhotos.scr
2010-09-01 11:51 . 2004-08-10 11:50 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-10 11:51 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-10 11:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-10 11:51 99840 ----a-w- c:\windows\system32\srvsvc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-16 389120]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 282624]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7561216]
"nwiz"="nwiz.exe" [2006-03-21 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-21 86016]
"HostManager"="c:\program files\Common Files\AOL\1166043706\ee\AOLSoftware.exe" [2006-11-17 50736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"WinVNC"="c:\program files\UltraVnc\WinVNC.exe" [2008-09-08 712704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-25 202256]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-10 2500552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2006-9-6 156784]
Belkin Wireless G Notebook Card Client Utility.lnk - c:\program files\Belkin\Cardbus F5D701F\Wireless Utility\Belkinwcui.exe [2008-9-30 1556480]
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-9-6 7168]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1166043706\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.com"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10/09/2010 23:40 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10/09/2010 23:40 25240]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [24/11/2010 14:06 135336]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [01/01/2010 00:00 112592]
R2 N-able Technologies Windows Remote Control Agent;Windows Remote Control Agent;c:\progra~1\N-ABLE~1\REMOTE~1\RemoteControlAgent.exe [19/05/2009 23:25 197272]
R3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\drivers\CamSuiteVAC.sys [12/10/2010 13:59 37560]
S2 gupdate1c9db4396e77414;Google Update Service (gupdate1c9db4396e77414);c:\program files\Google\Update\GoogleUpdate.exe [23/05/2009 01:12 133104]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [24/11/2010 15:17 27064]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [27/03/2006 17:53 167808]
--- Other Services/Drivers In Memory ---
*Deregistered* - NDISRD
.
Contents of the 'Scheduled Tasks' folder
2010-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-23 01:12]
2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-23 01:12]
2010-11-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4235665694-360910871-2595321805-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]
2010-11-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4235665694-360910871-2595321805-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]
2010-11-24 c:\windows\Tasks\User_Feed_Synchronization-{74C6652E-80B1-4D9F-B200-45A6923F4AD2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://googleure.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=d ... bd=6060906
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Sarka\Application Data\Mozilla\Firefox\Profiles\hyzi8ibq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-haemtoft.sys
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-24 20:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1712)
c:\windows\system32\WININET.dll
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\UpsPilot\Winpower.exe
c:\program files\UpsPilot\jre\bin\javaw.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\progra~1\UpsPilot\monitor.exe
c:\program files\UpsPilot\jre\bin\javaw.exe
c:\progra~1\UpsPilot\wpRMI.exe
c:\program files\UpsPilot\jre\bin\javaw.exe
c:\windows\stsystra.exe
c:\windows\system32\wscntfy.exe
c:\program files\Dell Network Assistant\ezi_hnm2.exe
.
**************************************************************************
.
Completion time: 2010-11-24 20:53:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-24 20:53
ComboFix2.txt 2010-11-24 19:10
Pre-Run: 67,126,960,128 bytes free
Post-Run: 67,117,133,824 bytes free
- - End Of File - - 0A859A2AFF31176CC82B40AAAB61E712
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1423 [GMT 0:00]
Running from: c:\documents and settings\Sarka\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Sarka\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FGGJPTXE
-------\Legacy_HAEMTOFT
-------\Legacy_JCQMAUCU
-------\Legacy_JGUDOHEO
-------\Legacy_WHXRFUFM
-------\Service_fggjptxe
-------\Service_haemtoft
-------\Service_jcqmaucu
-------\Service_jgudoheo
-------\Service_whxrfufm
((((((((((((((((((((((((( Files Created from 2010-10-24 to 2010-11-24 )))))))))))))))))))))))))))))))
.
2010-11-24 19:00 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-11-24 19:00 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2010-11-24 18:31 . 2010-11-24 18:31 -------- d-----w- c:\program files\ESET
2010-11-24 17:33 . 2010-11-24 17:33 -------- d-----w- c:\program files\trend micro
2010-11-24 17:33 . 2010-11-24 17:33 -------- d-----w- C:\rsit
2010-11-24 17:10 . 2010-11-24 17:10 -------- d-----w- c:\documents and settings\Sarka\Application Data\QuickScan
2010-11-24 15:32 . 2010-11-24 15:32 -------- d-----w- c:\documents and settings\Sarka\Application Data\Avira
2010-11-24 15:30 . 2010-11-24 15:30 -------- d-----w- c:\documents and settings\Sarka\Application Data\Malwarebytes
2010-11-24 15:30 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-24 15:30 . 2010-11-24 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-24 15:30 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-24 15:30 . 2010-11-24 15:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-24 15:18 . 2010-11-24 17:18 -------- d-----w- c:\windows\system32\NtmsData
2010-11-24 15:17 . 2010-11-24 15:17 -------- d-----w- c:\documents and settings\Sarka\Local Settings\Application Data\VS Revo Group
2010-11-24 15:17 . 2009-12-30 11:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-11-24 15:17 . 2010-11-24 15:17 -------- d-----w- c:\program files\VS Revo Group
2010-11-24 15:01 . 2010-11-24 15:01 -------- d-----w- c:\program files\COMODO
2010-11-24 14:49 . 2010-11-24 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2010-11-24 14:06 . 2010-08-02 16:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-24 14:06 . 2010-08-02 16:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-24 14:06 . 2010-06-17 15:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-11-24 14:06 . 2010-06-17 15:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-24 14:06 . 2010-11-24 14:06 -------- d-----w- c:\program files\Avira
2010-11-24 14:06 . 2010-11-24 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-11-22 11:13 . 2010-09-15 04:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-22 11:13 . 2010-09-15 04:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-14 18:44 . 2010-11-14 18:44 -------- d-----w- c:\documents and settings\Sarka\Application Data\dvdcss
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 11:23 . 2004-08-10 11:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 11:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 11:51 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 11:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 02:29 . 2007-05-25 09:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 23:41 . 2010-09-10 23:41 285480 ----a-w- c:\windows\system32\guard32.dll
2010-09-10 23:40 . 2010-09-10 23:40 91560 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-09-10 23:40 . 2010-09-10 23:40 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-09-10 23:40 . 2010-09-10 23:40 239240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-09-10 23:40 . 2010-09-10 23:40 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-09-10 05:58 . 2004-08-10 11:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-10 11:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-10 11:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 22:39 . 2010-09-09 22:39 2826240 ----a-w- c:\windows\system32\GPhotos.scr
2010-09-01 11:51 . 2004-08-10 11:50 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-10 11:51 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-10 11:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-10 11:51 99840 ----a-w- c:\windows\system32\srvsvc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-16 389120]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 282624]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7561216]
"nwiz"="nwiz.exe" [2006-03-21 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-21 86016]
"HostManager"="c:\program files\Common Files\AOL\1166043706\ee\AOLSoftware.exe" [2006-11-17 50736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"WinVNC"="c:\program files\UltraVnc\WinVNC.exe" [2008-09-08 712704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-25 202256]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-10 2500552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2006-9-6 156784]
Belkin Wireless G Notebook Card Client Utility.lnk - c:\program files\Belkin\Cardbus F5D701F\Wireless Utility\Belkinwcui.exe [2008-9-30 1556480]
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-9-6 7168]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1166043706\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.com"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10/09/2010 23:40 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10/09/2010 23:40 25240]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [24/11/2010 14:06 135336]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [01/01/2010 00:00 112592]
R2 N-able Technologies Windows Remote Control Agent;Windows Remote Control Agent;c:\progra~1\N-ABLE~1\REMOTE~1\RemoteControlAgent.exe [19/05/2009 23:25 197272]
R3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\drivers\CamSuiteVAC.sys [12/10/2010 13:59 37560]
S2 gupdate1c9db4396e77414;Google Update Service (gupdate1c9db4396e77414);c:\program files\Google\Update\GoogleUpdate.exe [23/05/2009 01:12 133104]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [24/11/2010 15:17 27064]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [27/03/2006 17:53 167808]
--- Other Services/Drivers In Memory ---
*Deregistered* - NDISRD
.
Contents of the 'Scheduled Tasks' folder
2010-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-23 01:12]
2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-23 01:12]
2010-11-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4235665694-360910871-2595321805-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]
2010-11-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4235665694-360910871-2595321805-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]
2010-11-24 c:\windows\Tasks\User_Feed_Synchronization-{74C6652E-80B1-4D9F-B200-45A6923F4AD2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://googleure.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=d ... bd=6060906
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Sarka\Application Data\Mozilla\Firefox\Profiles\hyzi8ibq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-haemtoft.sys
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-24 20:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1712)
c:\windows\system32\WININET.dll
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\UpsPilot\Winpower.exe
c:\program files\UpsPilot\jre\bin\javaw.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\progra~1\UpsPilot\monitor.exe
c:\program files\UpsPilot\jre\bin\javaw.exe
c:\progra~1\UpsPilot\wpRMI.exe
c:\program files\UpsPilot\jre\bin\javaw.exe
c:\windows\stsystra.exe
c:\windows\system32\wscntfy.exe
c:\program files\Dell Network Assistant\ezi_hnm2.exe
.
**************************************************************************
.
Completion time: 2010-11-24 20:53:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-24 20:53
ComboFix2.txt 2010-11-24 19:10
Pre-Run: 67,126,960,128 bytes free
Post-Run: 67,117,133,824 bytes free
- - End Of File - - 0A859A2AFF31176CC82B40AAAB61E712
-
Rudy
- Site Admin
- Příspěvky: 119428
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu.
Smazáno, log již vypadá čistý. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu.
Zdá sa, že je to v poriadku. Ďakujeme mnohokrát a zdravíme do Plzne, Šárka špeciálne. 
-
Rudy
- Site Admin
- Příspěvky: 119428
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu.
Také zdravím Zvolen a nemáte zač! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?