prosim o kontrolu logu
rozliseni obr je stale 640x 480 pix, farb. 4 bity a nejde nastavit, pc je pomaly, vydava chyb. hlasenia, ze spusteny prog bude ukonceny, spustte ako administrator - aj ked ja som administraror a spustam ako admin.
MBAM je negativ
spybot je negativ
Dakujem
Logfile of random's system information tool 1.08 (written by random/random)
Run by europe at 2010-12-10 08:36:36
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 16 GB (11%) free of 146 GB
Total RAM: 2046 MB (45% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:37:21, on 10. 12. 2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\europe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\europe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\europe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\europe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\europe\Downloads\RSIT (1).exe
C:\Program Files\Trend Micro\HijackThis\europe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bing.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C3718A6-DD75-4B1A-B628-36FC48575DCC}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 11387 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-796638298-2559362022-2688697916-1003Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-796638298-2559362022-2688697916-1003UA.job
C:\Windows\tasks\User_Feed_Synchronization-{31DCA4EB-CAB0-4CED-A8DA-AFE4AA220AB7}.job
C:\Windows\tasks\User_Feed_Synchronization-{3C6F9F0F-B0CC-4309-9516-7E4D078D0473}.job
C:\Windows\tasks\User_Feed_Synchronization-{78F5F398-0C2F-4584-8E4C-DE0DC4FBE144}.job
C:\Windows\tasks\User_Feed_Synchronization-{DBCCA46E-DC2D-4EC9-8D73-B2464A42AE53}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23 1205560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-10-14 341600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-09-22 393600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-23 297648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-23 843832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll [2010-09-22 612616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
VeriSoft Access Manager - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll [2006-11-21 71192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2010-03-23 158520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll [2010-09-22 612616]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-23 297648]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23 1205560]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-10 317128]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-05-27 1721640]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-08-12 2215064]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-04-13 47392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD43]
C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe [2006-10-26 258560]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
c:\Program Files\HP\HP UT\bin\hppusg.exe [2007-05-04 36864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\Windows\KHALMNPR.EXE [2007-06-12 56080]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-08-20 2363392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe [2010-06-01 5252408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-09-22 4240760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-09-15 1094224]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
C:\Users\europe\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [2009-01-08 70936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Booster]
C:\Program Files\inKline Global\PC Booster\pcbooster.exe [2007-11-30 14450688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-13 159744]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
C:\Program Files\HP\QuickPlay\QPService.exe [2009-03-10 468264]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-17 39408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-10-14 202256]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2007-03-29 719664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpzrcv01.LNK]
C:\Program Files\HP\Temp\{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}\setup\hpzstub.exe -run C:\Program Files\HP\Temp\{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}\setup\hpzrcv01.exe -f ..\autorun.inf -recover []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2007-07-26 768528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^europe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orezávač obrazovky a spúšťač programu OneNote 2007.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2009-02-26 97680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\wpdshserviceobj.dll [2009-10-01 87552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\Program Files\DVD Region+CSS Free\DVDShell.dll [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"BindDirectlyToPropertySetStorage"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 months======
2010-12-10 08:18:51 ----D---- C:\Program Files\Lavalys
2010-12-09 22:47:27 ----ASH---- C:\hiberfil.sys
2010-12-09 12:29:01 ----D---- C:\Windows\temp
2010-12-09 12:15:27 ----A---- C:\Windows\SWSC.exe
2010-12-09 12:15:27 ----A---- C:\Windows\SWREG.exe
2010-12-09 12:15:27 ----A---- C:\Windows\sed.exe
2010-12-09 12:15:27 ----A---- C:\Windows\PEV.exe
2010-12-09 12:15:27 ----A---- C:\Windows\NIRCMD.exe
2010-12-09 12:15:27 ----A---- C:\Windows\MBR.exe
2010-12-09 12:15:27 ----A---- C:\Windows\grep.exe
2010-12-09 12:15:14 ----D---- C:\ComboFix
2010-12-09 12:14:40 ----A---- C:\Windows\SWXCACLS.exe
2010-12-09 07:11:29 ----D---- C:\Malwarebytes
2010-12-09 07:01:39 ----D---- C:\%APPDATA%
2010-12-03 17:08:04 ----D---- C:\BEST_OF_MEGAHITS_VOL_23
2010-11-25 12:18:33 ----D---- C:\Program Files\Sanmaxi Sim Card Data Recovery
======List of files/folders modified in the last 1 months======
2010-12-10 08:36:54 ----D---- C:\Windows\Prefetch
2010-12-10 08:18:51 ----D---- C:\Program Files
2010-12-10 06:47:11 ----SHD---- C:\System Volume Information
2010-12-09 23:10:56 ----SHD---- C:\Windows\Installer
2010-12-09 23:06:45 ----D---- C:\Windows\System32
2010-12-09 23:06:42 ----D---- C:\Windows\inf
2010-12-09 23:06:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-09 23:05:10 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-12-09 23:01:16 ----D---- C:\Windows\system32\catroot2
2010-12-09 22:58:08 ----D---- C:\Windows\system32\config
2010-12-09 22:57:55 ----D---- C:\Windows
2010-12-09 22:57:41 ----D---- C:\Windows\Tasks
2010-12-09 22:57:41 ----D---- C:\Windows\system32\Tasks
2010-12-09 22:57:41 ----D---- C:\Windows\system32\spool
2010-12-09 22:57:41 ----D---- C:\Windows\system32\Msdtc
2010-12-09 22:57:41 ----D---- C:\Windows\system32\drivers\etc
2010-12-09 22:57:41 ----D---- C:\Windows\system32\drivers
2010-12-09 22:57:41 ----D---- C:\Windows\system32\CodeIntegrity
2010-12-09 22:57:41 ----D---- C:\Windows\pss
2010-12-09 22:57:38 ----D---- C:\Users\europe\AppData\Roaming\vlc
2010-12-09 22:57:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-09 22:57:36 ----D---- C:\Windows\system32\wbem
2010-12-09 22:57:36 ----D---- C:\Qoobox
2010-12-09 22:57:35 ----D---- C:\Windows\registration
2010-12-09 22:55:44 ----SHD---- C:\$RECYCLE.BIN
2010-12-09 12:26:11 ----D---- C:\Windows\AppPatch
2010-12-09 12:26:11 ----D---- C:\Program Files\Common Files
2010-12-09 01:48:52 ----D---- C:\Windows\system32\LogFiles
2010-12-04 18:30:54 ----D---- C:\Program Files\ICQ6.5
2010-12-03 17:07:19 ----D---- C:\ProgramData\DVD Shrink
2010-12-01 22:35:12 ----D---- C:\Users\europe\AppData\Roaming\Skype
2010-12-01 16:49:53 ----D---- C:\Users\europe\AppData\Roaming\skypePM
2010-11-24 13:34:30 ----D---- C:\Windows\winsxs
2010-11-24 13:34:30 ----D---- C:\Program Files\Internet Explorer
2010-11-24 09:58:40 ----D---- C:\Windows\system32\catroot
2010-11-20 00:32:23 ----D---- C:\Windows\Debug
2010-11-19 23:57:53 ----D---- C:\ProgramData\Yahoo! Companion
2010-11-11 01:32:31 ----D---- C:\ProgramData\Microsoft Help
2010-11-11 01:31:44 ----D---- C:\Program Files\Windows Mail
2010-11-11 01:23:56 ----A---- C:\Windows\system32\mrt.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-04-10 44944]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R2 Aspi32;Aspi32; C:\Windows\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-07-29 134512]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-19 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-01-23 37376]
R2 RMCAST;Ovladač protokolu RMCAST (Pgm); C:\Windows\system32\DRIVERS\RMCAST.sys [2009-04-11 113664]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-03-28 140424]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-12-19 1331192]
R3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-04-18 79664]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-04-18 81200]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-04-18 16432]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]
R3 Dvd43;Dvd43; C:\Windows\System32\DRIVERS\Dvd43.sys [2010-10-15 35296]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-07-29 32608]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-03-07 1059112]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-07-09 7140800]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-17 12032]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-05-27 245936]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 92672]
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2008-01-19 45696]
S3 Avc;Zařízení AVC; C:\Windows\system32\DRIVERS\avc.sys [2008-01-19 40448]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-12-19 1331192]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 catchme;catchme; \??\C:\Users\europe\AppData\Local\Temp\catchme.sys []
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-22 39272]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-06-25 163328]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2007-06-12 35216]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2007-06-12 36496]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2007-06-12 28688]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-19 52608]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\Windows\system32\DRIVERS\MSIRCOMM.sys [2008-01-19 24064]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 se45bus;Sony Ericsson Device 069 driver (WDM); C:\Windows\system32\DRIVERS\se45bus.sys [2006-11-30 61536]
S3 se45obex;Sony Ericsson Device 069 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\se45obex.sys [2006-11-30 86432]
S3 sonypvs1;Sony Digital Imaging Video2; C:\Windows\system32\DRIVERS\sonypvs1.sys [2006-10-30 102220]
S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\Windows\system32\DRIVERS\irstusb.sys [2008-01-19 30208]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys []
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 132224]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ASBroker;Logon Session Broker; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASChannel;Local Communication Channel; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe [2007-07-26 121360]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-08-20 73728]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-10-03 219752]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2009-01-12 292216]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2009-01-12 116080]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-02-26 49152]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-01-09 110592]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-08-12 33584]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-22 1493352]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-17 182768]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
S4 IS360service;IS360service; C:\Program Files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
S4 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosim o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: prosim o kontrolu logu
toto je skor posahany system, ako virovy problem 
skus bud obnovu systemu k datumu, ked bolo vsetko OK, alebo preinstalovat ovladac ku graf. karte
skus bud obnovu systemu k datumu, ked bolo vsetko OK, alebo preinstalovat ovladac ku graf. karte
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: prosim o kontrolu logu
Este nefunguje spustenie systemu. Vzdy pri starte sa spusti oprava spustania systemu. Vcera som odstranil tieto virusy: Disabled.cryptsvc, Win32.Autorun.tmp, Microsoft windows security center_disabled.
Neviem, ci boli teda uspesne odstranene, lebo pc nefunguje spravne.
Obnova systemu nejde a ked sa pozeram cez tlacitko start, tak nie je k dispozicii ani hybernacia ani rezim spanku, ako to bolo predtym.
Mate nejaky navrh ako na to? dakujem
Neviem, ci boli teda uspesne odstranene, lebo pc nefunguje spravne.
Obnova systemu nejde a ked sa pozeram cez tlacitko start, tak nie je k dispozicii ani hybernacia ani rezim spanku, ako to bolo predtym.
Mate nejaky navrh ako na to? dakujem
Re: prosim o kontrolu logu
vidim to na opravnu instalaciu Windows
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: prosim o kontrolu logu
co to znamena?
nerad by som prisiel o nainstalovane programy. Nie je mozna ina cesta?
Diky
nerad by som prisiel o nainstalovane programy. Nie je mozna ina cesta?
Diky
Re: prosim o kontrolu logu
skusil som combofix
spustanie systemu je uz v poriadku
stale je tu problem ako na zaciatku s rozlisenim obrazovky 640x480 pix, 4 bity. rezim spanku a hybernace nefunkcne,
pri pokuse aktualizovat ovl. ku graf. karte - neuspesne
v spravcovi zariadeni, graficky adapter, nvidia gforce 8400M GS, v stave zariadenia je napisane: zar. bolo zastavene, pretoze oznamilo potize kod 43
co s tym?
tu je log z cfix(pri catchme vyhlasil chyb.hlas, ze neprebehol uspesne, inak ok):
ComboFix 10-12-09.04 - europe . 12. 2010 0:32.18.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1029.18.2046.1226 [GMT 1:00]
Running from: c:\users\europe\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AutoRun.inf
.
---- Previous Run -------
.
c:\program files\ICQ6.5\updates\ICQLRun.exe.f9cb5bbb98c818d0e6c63e8613a6d549
c:\windows\system32\AutoRun.inf
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\ntfs.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_monitor
((((((((((((((((((((((((( Files Created from 2010-11-10 to 2010-12-10 )))))))))))))))))))))))))))))))
.
2010-12-10 23:49 . 2010-12-10 23:49 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-12-10 23:49 . 2010-12-10 23:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-12-10 23:49 . 2010-12-10 23:49 -------- d-----w- c:\users\Kika\AppData\Local\temp
2010-12-10 23:49 . 2010-12-10 23:49 -------- d-----w- c:\users\Family\AppData\Local\temp
2010-12-10 23:49 . 2010-12-10 23:49 -------- d-----w- c:\users\Dušan\AppData\Local\temp
2010-12-10 23:49 . 2010-12-10 23:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-10 07:49 . 2010-12-10 07:49 -------- d-----w- c:\program files\SysJewel
2010-12-10 07:18 . 2010-12-10 07:18 -------- d-----w- c:\program files\Lavalys
2010-12-09 11:29 . 2010-12-10 23:54 -------- d-----w- c:\users\europe\AppData\Local\temp
2010-12-09 06:11 . 2010-12-09 06:11 -------- d-----w- C:\Malwarebytes
2010-12-09 06:01 . 2010-12-09 06:01 -------- d-----w- C:\%APPDATA%
2010-12-03 16:08 . 2010-12-03 16:08 -------- d-----w- C:\BEST_OF_MEGAHITS_VOL_23
2010-11-25 11:18 . 2010-11-25 11:18 -------- d-----w- c:\program files\Sanmaxi Sim Card Data Recovery
2010-11-24 11:42 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-17 12:19 . 2010-11-17 12:19 -------- d-----w- c:\users\europe\AppData\Local\Yahoo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-15 13:37 . 2010-10-08 23:36 35296 ----a-w- c:\windows\system32\drivers\Dvd43.sys
2010-10-15 10:43 . 2010-10-15 10:43 388096 ----a-r- c:\users\europe\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-14 11:41 . 2010-10-17 17:52 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{360F2EB1-399C-4F7C-9AEC-3119C05E5A8C}\mpengine.dll
2010-10-14 11:41 . 2010-10-15 12:52 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-07 15:40 . 2010-10-07 15:40 203776 ----a-w- c:\windows\system32\clrviddc.dll
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-22 22:21 . 2010-10-21 23:26 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-09-13 13:56 . 2010-10-13 16:08 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-13 00:04 . 2010-09-13 00:04 77824 ----a-w- C:\FaceControl.8bf
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]
c:\users\Duçan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Orez vaź obrazovky a spŁçśaź programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpzrcv01.LNK]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpzrcv01.LNK
backup=c:\windows\pss\hpzrcv01.LNK.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^europe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orezávač obrazovky a spúšťač programu OneNote 2007.lnk]
path=c:\users\europe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk
backup=c:\windows\pss\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-04-13 00:29 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD43]
2006-10-26 13:58 258560 ----a-w- c:\progra~1\DVDREG~1\DVDRegionFree.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 09:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2007-05-04 11:14 36864 ----a-w- c:\program files\HP\HP UT\bin\hppusg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 14:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-06-12 12:03 56080 ----a-w- c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-08-20 11:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 09:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 22:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-09-15 02:34 1094224 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\users\europe\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Booster]
2007-11-30 16:16 14450688 ----a-w- c:\program files\inKline Global\PC Booster\PCBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-02-13 09:38 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2009-03-10 19:19 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-16 23:19 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 00:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-10-14 15:44 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R4 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
S3 Dvd43;Dvd43;c:\windows\system32\DRIVERS\Dvd43.sys [2010-10-15 35296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:34]
2010-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:34]
2010-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796638298-2559362022-2688697916-1003Core.job
- c:\users\europe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 13:47]
2010-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796638298-2559362022-2688697916-1003UA.job
- c:\users\europe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 13:47]
2010-12-10 c:\windows\Tasks\User_Feed_Synchronization-{31DCA4EB-CAB0-4CED-A8DA-AFE4AA220AB7}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
2010-12-11 c:\windows\Tasks\User_Feed_Synchronization-{3C6F9F0F-B0CC-4309-9516-7E4D078D0473}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
2010-12-11 c:\windows\Tasks\User_Feed_Synchronization-{78F5F398-0C2F-4584-8E4C-DE0DC4FBE144}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
2010-12-11 c:\windows\Tasks\User_Feed_Synchronization-{DBCCA46E-DC2D-4EC9-8D73-B2464A42AE53}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bing.sk/
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
TCP: {4C3718A6-DD75-4B1A-B628-36FC48575DCC} = 192.168.2.1
FF - ProfilePath - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\europe\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-11 00:56
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,85,9c,67,03,8c,6f,40,bb,84,fa,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,85,9c,67,03,8c,6f,40,bb,84,fa,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000fb
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(4416)
c:\windows\system32\APSHook.dll
c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
c:\windows\system32\BTNCopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
c:\windows\system32\WLANExt.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2010-12-11 01:07:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-11 00:06
ComboFix2.txt 2010-11-05 21:14
ComboFix3.txt 2010-10-19 18:37
ComboFix4.txt 2010-10-14 21:26
ComboFix5.txt 2010-12-09 11:15
Pre-Run: Volných bajtů: 16 790 872 064
Post-Run: Volných bajtů: 16 612 323 328
- - End Of File - - C277B561DF095CB24ABC1950862485AC
spustanie systemu je uz v poriadku
stale je tu problem ako na zaciatku s rozlisenim obrazovky 640x480 pix, 4 bity. rezim spanku a hybernace nefunkcne,
pri pokuse aktualizovat ovl. ku graf. karte - neuspesne
v spravcovi zariadeni, graficky adapter, nvidia gforce 8400M GS, v stave zariadenia je napisane: zar. bolo zastavene, pretoze oznamilo potize kod 43
co s tym?
tu je log z cfix(pri catchme vyhlasil chyb.hlas, ze neprebehol uspesne, inak ok):
ComboFix 10-12-09.04 - europe . 12. 2010 0:32.18.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1029.18.2046.1226 [GMT 1:00]
Running from: c:\users\europe\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AutoRun.inf
.
---- Previous Run -------
.
c:\program files\ICQ6.5\updates\ICQLRun.exe.f9cb5bbb98c818d0e6c63e8613a6d549
c:\windows\system32\AutoRun.inf
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\ntfs.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_monitor
((((((((((((((((((((((((( Files Created from 2010-11-10 to 2010-12-10 )))))))))))))))))))))))))))))))
.
2010-12-10 23:49 . 2010-12-10 23:49 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-12-10 23:49 . 2010-12-10 23:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-12-10 23:49 . 2010-12-10 23:49 -------- d-----w- c:\users\Kika\AppData\Local\temp
2010-12-10 23:49 . 2010-12-10 23:49 -------- d-----w- c:\users\Family\AppData\Local\temp
2010-12-10 23:49 . 2010-12-10 23:49 -------- d-----w- c:\users\Dušan\AppData\Local\temp
2010-12-10 23:49 . 2010-12-10 23:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-10 07:49 . 2010-12-10 07:49 -------- d-----w- c:\program files\SysJewel
2010-12-10 07:18 . 2010-12-10 07:18 -------- d-----w- c:\program files\Lavalys
2010-12-09 11:29 . 2010-12-10 23:54 -------- d-----w- c:\users\europe\AppData\Local\temp
2010-12-09 06:11 . 2010-12-09 06:11 -------- d-----w- C:\Malwarebytes
2010-12-09 06:01 . 2010-12-09 06:01 -------- d-----w- C:\%APPDATA%
2010-12-03 16:08 . 2010-12-03 16:08 -------- d-----w- C:\BEST_OF_MEGAHITS_VOL_23
2010-11-25 11:18 . 2010-11-25 11:18 -------- d-----w- c:\program files\Sanmaxi Sim Card Data Recovery
2010-11-24 11:42 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-17 12:19 . 2010-11-17 12:19 -------- d-----w- c:\users\europe\AppData\Local\Yahoo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-15 13:37 . 2010-10-08 23:36 35296 ----a-w- c:\windows\system32\drivers\Dvd43.sys
2010-10-15 10:43 . 2010-10-15 10:43 388096 ----a-r- c:\users\europe\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-14 11:41 . 2010-10-17 17:52 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{360F2EB1-399C-4F7C-9AEC-3119C05E5A8C}\mpengine.dll
2010-10-14 11:41 . 2010-10-15 12:52 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-07 15:40 . 2010-10-07 15:40 203776 ----a-w- c:\windows\system32\clrviddc.dll
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-22 22:21 . 2010-10-21 23:26 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-09-13 13:56 . 2010-10-13 16:08 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-13 00:04 . 2010-09-13 00:04 77824 ----a-w- C:\FaceControl.8bf
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]
c:\users\Duçan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Orez vaź obrazovky a spŁçśaź programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpzrcv01.LNK]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpzrcv01.LNK
backup=c:\windows\pss\hpzrcv01.LNK.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^europe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orezávač obrazovky a spúšťač programu OneNote 2007.lnk]
path=c:\users\europe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk
backup=c:\windows\pss\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-04-13 00:29 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD43]
2006-10-26 13:58 258560 ----a-w- c:\progra~1\DVDREG~1\DVDRegionFree.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 09:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2007-05-04 11:14 36864 ----a-w- c:\program files\HP\HP UT\bin\hppusg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 14:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-06-12 12:03 56080 ----a-w- c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-08-20 11:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 09:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 22:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-09-15 02:34 1094224 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\users\europe\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Booster]
2007-11-30 16:16 14450688 ----a-w- c:\program files\inKline Global\PC Booster\PCBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-02-13 09:38 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2009-03-10 19:19 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-16 23:19 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 00:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-10-14 15:44 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R4 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
S3 Dvd43;Dvd43;c:\windows\system32\DRIVERS\Dvd43.sys [2010-10-15 35296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:34]
2010-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:34]
2010-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796638298-2559362022-2688697916-1003Core.job
- c:\users\europe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 13:47]
2010-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796638298-2559362022-2688697916-1003UA.job
- c:\users\europe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 13:47]
2010-12-10 c:\windows\Tasks\User_Feed_Synchronization-{31DCA4EB-CAB0-4CED-A8DA-AFE4AA220AB7}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
2010-12-11 c:\windows\Tasks\User_Feed_Synchronization-{3C6F9F0F-B0CC-4309-9516-7E4D078D0473}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
2010-12-11 c:\windows\Tasks\User_Feed_Synchronization-{78F5F398-0C2F-4584-8E4C-DE0DC4FBE144}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
2010-12-11 c:\windows\Tasks\User_Feed_Synchronization-{DBCCA46E-DC2D-4EC9-8D73-B2464A42AE53}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bing.sk/
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
TCP: {4C3718A6-DD75-4B1A-B628-36FC48575DCC} = 192.168.2.1
FF - ProfilePath - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\europe\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-11 00:56
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,85,9c,67,03,8c,6f,40,bb,84,fa,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,85,9c,67,03,8c,6f,40,bb,84,fa,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000fb
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(4416)
c:\windows\system32\APSHook.dll
c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
c:\windows\system32\BTNCopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
c:\windows\system32\WLANExt.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2010-12-11 01:07:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-11 00:06
ComboFix2.txt 2010-11-05 21:14
ComboFix3.txt 2010-10-19 18:37
ComboFix4.txt 2010-10-14 21:26
ComboFix5.txt 2010-12-09 11:15
Pre-Run: Volných bajtů: 16 790 872 064
Post-Run: Volných bajtů: 16 612 323 328
- - End Of File - - C277B561DF095CB24ABC1950862485AC
Re: prosim o kontrolu logu
Ešte tam musí byť infekcia. Dnes pri štarte sa samovoľne spustila služba oprava spúšťania systému. Myslel som - a tak to včera vyzeralo, že si s tým combofix poradil...čo mi ďalej odporučíte? Ďakujem
Re: prosim o kontrolu logu
odstran ovladac ku graf.karte - restart a nanovo ho nainstaluj
+
preventivne prescanuj PC s MBAM
+
preventivne prescanuj PC s MBAM
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: prosim o kontrolu logu
vyskusal som odinstal, restart a potom sa samovolne zacal instalovat ovl. ku graf. karte. nepomohlo to, je to take iste.
tych ovl. s rovnakym ozn ale s inym datumom tam mam viac. mal by som ich vsetky odstranit? ako na to?
tu je posledny scan cfix
ComboFix 10-12-09.04 - europe . 12. 2010 16:04:34.19.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1029.18.2046.1092 [GMT 1:00]
Running from: c:\users\europe\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\europe\Documents\cc_20101211_013034.reg
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\ntfs.sys
.
((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 )))))))))))))))))))))))))))))))
.
2010-12-11 15:22 . 2010-12-11 15:22 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-12-11 15:22 . 2010-12-11 15:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-12-11 15:22 . 2010-12-11 15:22 -------- d-----w- c:\users\Kika\AppData\Local\temp
2010-12-11 15:22 . 2010-12-11 15:22 -------- d-----w- c:\users\Family\AppData\Local\temp
2010-12-11 15:22 . 2010-12-11 15:22 -------- d-----w- c:\users\Dušan\AppData\Local\temp
2010-12-11 15:22 . 2010-12-11 15:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-10 07:49 . 2010-12-10 07:49 -------- d-----w- c:\program files\SysJewel
2010-12-10 07:18 . 2010-12-10 07:18 -------- d-----w- c:\program files\Lavalys
2010-12-09 11:29 . 2010-12-11 15:26 -------- d-----w- c:\users\europe\AppData\Local\temp
2010-12-09 06:11 . 2010-12-09 06:11 -------- d-----w- C:\Malwarebytes
2010-12-09 06:01 . 2010-12-09 06:01 -------- d-----w- C:\%APPDATA%
2010-12-03 16:08 . 2010-12-03 16:08 -------- d-----w- C:\BEST_OF_MEGAHITS_VOL_23
2010-11-25 11:18 . 2010-11-25 11:18 -------- d-----w- c:\program files\Sanmaxi Sim Card Data Recovery
2010-11-24 11:42 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-17 12:19 . 2010-11-17 12:19 -------- d-----w- c:\users\europe\AppData\Local\Yahoo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-15 13:37 . 2010-10-08 23:36 35296 ----a-w- c:\windows\system32\drivers\Dvd43.sys
2010-10-15 10:43 . 2010-10-15 10:43 388096 ----a-r- c:\users\europe\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-14 11:41 . 2010-10-17 17:52 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{360F2EB1-399C-4F7C-9AEC-3119C05E5A8C}\mpengine.dll
2010-10-14 11:41 . 2010-10-15 12:52 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-07 15:40 . 2010-10-07 15:40 203776 ----a-w- c:\windows\system32\clrviddc.dll
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-22 22:21 . 2010-10-21 23:26 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-09-13 13:56 . 2010-10-13 16:08 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-13 00:04 . 2010-09-13 00:04 77824 ----a-w- C:\FaceControl.8bf
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]
c:\users\Duçan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Orez vaź obrazovky a spŁçśaź programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpzrcv01.LNK]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpzrcv01.LNK
backup=c:\windows\pss\hpzrcv01.LNK.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^europe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orezávač obrazovky a spúšťač programu OneNote 2007.lnk]
path=c:\users\europe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk
backup=c:\windows\pss\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-04-13 00:29 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD43]
2006-10-26 13:58 258560 ----a-w- c:\progra~1\DVDREG~1\DVDRegionFree.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 09:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2007-05-04 11:14 36864 ----a-w- c:\program files\HP\HP UT\bin\hppusg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 14:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-06-12 12:03 56080 ----a-w- c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-08-20 11:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 09:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 22:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-09-15 02:34 1094224 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\users\europe\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Booster]
2007-11-30 16:16 14450688 ----a-w- c:\program files\inKline Global\PC Booster\PCBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-02-13 09:38 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2009-03-10 19:19 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-16 23:19 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 00:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-10-14 15:44 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R4 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
S3 Dvd43;Dvd43;c:\windows\system32\DRIVERS\Dvd43.sys [2010-10-15 35296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:34]
2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:34]
2010-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796638298-2559362022-2688697916-1003Core.job
- c:\users\europe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 13:47]
2010-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796638298-2559362022-2688697916-1003UA.job
- c:\users\europe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 13:47]
2010-12-11 c:\windows\Tasks\User_Feed_Synchronization-{31DCA4EB-CAB0-4CED-A8DA-AFE4AA220AB7}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
2010-12-11 c:\windows\Tasks\User_Feed_Synchronization-{3C6F9F0F-B0CC-4309-9516-7E4D078D0473}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
2010-12-11 c:\windows\Tasks\User_Feed_Synchronization-{78F5F398-0C2F-4584-8E4C-DE0DC4FBE144}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
2010-12-11 c:\windows\Tasks\User_Feed_Synchronization-{DBCCA46E-DC2D-4EC9-8D73-B2464A42AE53}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bing.sk/
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
TCP: {4C3718A6-DD75-4B1A-B628-36FC48575DCC} = 192.168.2.1
FF - ProfilePath - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\europe\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-11 16:26
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,85,9c,67,03,8c,6f,40,bb,84,fa,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,85,9c,67,03,8c,6f,40,bb,84,fa,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000fb
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(4100)
c:\windows\system32\APSHook.dll
c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
c:\windows\system32\BTNCopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
c:\windows\system32\WLANExt.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-12-11 16:38:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-11 15:38
ComboFix2.txt 2010-12-11 00:07
ComboFix3.txt 2010-11-05 21:14
ComboFix4.txt 2010-10-19 18:37
ComboFix5.txt 2010-12-11 15:02
Pre-Run: Volných bajtů: 15 903 981 568
Post-Run: Volných bajtů: 15 737 753 600
- - End Of File - - 5D184342C939F1C641D7689DCDCAF6C3
tych ovl. s rovnakym ozn ale s inym datumom tam mam viac. mal by som ich vsetky odstranit? ako na to?
tu je posledny scan cfix
ComboFix 10-12-09.04 - europe . 12. 2010 16:04:34.19.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1029.18.2046.1092 [GMT 1:00]
Running from: c:\users\europe\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\europe\Documents\cc_20101211_013034.reg
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\ntfs.sys
.
((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 )))))))))))))))))))))))))))))))
.
2010-12-11 15:22 . 2010-12-11 15:22 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-12-11 15:22 . 2010-12-11 15:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-12-11 15:22 . 2010-12-11 15:22 -------- d-----w- c:\users\Kika\AppData\Local\temp
2010-12-11 15:22 . 2010-12-11 15:22 -------- d-----w- c:\users\Family\AppData\Local\temp
2010-12-11 15:22 . 2010-12-11 15:22 -------- d-----w- c:\users\Dušan\AppData\Local\temp
2010-12-11 15:22 . 2010-12-11 15:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-10 07:49 . 2010-12-10 07:49 -------- d-----w- c:\program files\SysJewel
2010-12-10 07:18 . 2010-12-10 07:18 -------- d-----w- c:\program files\Lavalys
2010-12-09 11:29 . 2010-12-11 15:26 -------- d-----w- c:\users\europe\AppData\Local\temp
2010-12-09 06:11 . 2010-12-09 06:11 -------- d-----w- C:\Malwarebytes
2010-12-09 06:01 . 2010-12-09 06:01 -------- d-----w- C:\%APPDATA%
2010-12-03 16:08 . 2010-12-03 16:08 -------- d-----w- C:\BEST_OF_MEGAHITS_VOL_23
2010-11-25 11:18 . 2010-11-25 11:18 -------- d-----w- c:\program files\Sanmaxi Sim Card Data Recovery
2010-11-24 11:42 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-17 12:19 . 2010-11-17 12:19 -------- d-----w- c:\users\europe\AppData\Local\Yahoo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-15 13:37 . 2010-10-08 23:36 35296 ----a-w- c:\windows\system32\drivers\Dvd43.sys
2010-10-15 10:43 . 2010-10-15 10:43 388096 ----a-r- c:\users\europe\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-14 11:41 . 2010-10-17 17:52 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{360F2EB1-399C-4F7C-9AEC-3119C05E5A8C}\mpengine.dll
2010-10-14 11:41 . 2010-10-15 12:52 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-07 15:40 . 2010-10-07 15:40 203776 ----a-w- c:\windows\system32\clrviddc.dll
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-22 22:21 . 2010-10-21 23:26 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-09-13 13:56 . 2010-10-13 16:08 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-13 00:04 . 2010-09-13 00:04 77824 ----a-w- C:\FaceControl.8bf
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]
c:\users\Duçan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Orez vaź obrazovky a spŁçśaź programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpzrcv01.LNK]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpzrcv01.LNK
backup=c:\windows\pss\hpzrcv01.LNK.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^europe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orezávač obrazovky a spúšťač programu OneNote 2007.lnk]
path=c:\users\europe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk
backup=c:\windows\pss\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-04-13 00:29 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD43]
2006-10-26 13:58 258560 ----a-w- c:\progra~1\DVDREG~1\DVDRegionFree.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 09:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2007-05-04 11:14 36864 ----a-w- c:\program files\HP\HP UT\bin\hppusg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 14:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-06-12 12:03 56080 ----a-w- c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-08-20 11:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 09:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 22:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-09-15 02:34 1094224 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\users\europe\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Booster]
2007-11-30 16:16 14450688 ----a-w- c:\program files\inKline Global\PC Booster\PCBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-02-13 09:38 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2009-03-10 19:19 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-16 23:19 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 00:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-10-14 15:44 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R4 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
S3 Dvd43;Dvd43;c:\windows\system32\DRIVERS\Dvd43.sys [2010-10-15 35296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:34]
2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:34]
2010-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796638298-2559362022-2688697916-1003Core.job
- c:\users\europe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 13:47]
2010-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796638298-2559362022-2688697916-1003UA.job
- c:\users\europe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 13:47]
2010-12-11 c:\windows\Tasks\User_Feed_Synchronization-{31DCA4EB-CAB0-4CED-A8DA-AFE4AA220AB7}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
2010-12-11 c:\windows\Tasks\User_Feed_Synchronization-{3C6F9F0F-B0CC-4309-9516-7E4D078D0473}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
2010-12-11 c:\windows\Tasks\User_Feed_Synchronization-{78F5F398-0C2F-4584-8E4C-DE0DC4FBE144}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
2010-12-11 c:\windows\Tasks\User_Feed_Synchronization-{DBCCA46E-DC2D-4EC9-8D73-B2464A42AE53}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bing.sk/
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
TCP: {4C3718A6-DD75-4B1A-B628-36FC48575DCC} = 192.168.2.1
FF - ProfilePath - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\europe\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-11 16:26
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,85,9c,67,03,8c,6f,40,bb,84,fa,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,85,9c,67,03,8c,6f,40,bb,84,fa,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000fb
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(4100)
c:\windows\system32\APSHook.dll
c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
c:\windows\system32\BTNCopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
c:\windows\system32\WLANExt.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-12-11 16:38:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-11 15:38
ComboFix2.txt 2010-12-11 00:07
ComboFix3.txt 2010-11-05 21:14
ComboFix4.txt 2010-10-19 18:37
ComboFix5.txt 2010-12-11 15:02
Pre-Run: Volných bajtů: 15 903 981 568
Post-Run: Volných bajtů: 15 737 753 600
- - End Of File - - 5D184342C939F1C641D7689DCDCAF6C3
-
Rudy
- Site Admin
- Příspěvky: 119430
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim o kontrolu logu
Omlouvám se za vstup, píši na výslovnou žádost návštěvníka. Infikovaný soubor ntfs.sys byl nahrazen čistým ze zálohy. Zbytek logu vypadá OK. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosim o kontrolu logu
pri pokusech o opravu ovladace grafiky:
- nelze nacist software ovladace
- graficke adaptery ge force 8400M GS stav zarizeni: zarizeni bylo zastaveno protoze oznamilo potize (kod 43)
-------------------------------------------
rozliseni neni mozne nastavit na jinou moznost
novy log z cfix - zase neco nasel
diky
ComboFix 10-12-09.04 - europe . 12. 2010 12:20:37.19.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1029.18.2046.1346 [GMT 1:00]
Running from: c:\users\europe\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\europe\Documents\cc_20101211_013034.reg
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy6_!Windows!System32!userinit.exe
.
((((((((((((((((((((((((( Files Created from 2010-11-12 to 2010-12-12 )))))))))))))))))))))))))))))))
.
2010-12-12 11:38 . 2010-12-12 11:38 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-12-12 11:38 . 2010-12-12 11:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-12-12 11:38 . 2010-12-12 11:38 -------- d-----w- c:\users\Kika\AppData\Local\temp
2010-12-12 11:38 . 2010-12-12 11:38 -------- d-----w- c:\users\Family\AppData\Local\temp
2010-12-12 11:38 . 2010-12-12 11:38 -------- d-----w- c:\users\Dušan\AppData\Local\temp
2010-12-12 11:38 . 2010-12-12 11:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-12 11:00 . 2009-10-03 04:02 584296 ----a-w- c:\windows\system32\nvuninst.exe
2010-12-10 07:49 . 2010-12-10 07:49 -------- d-----w- c:\program files\SysJewel
2010-12-10 07:18 . 2010-12-10 07:18 -------- d-----w- c:\program files\Lavalys
2010-12-09 11:29 . 2010-12-12 11:41 -------- d-----w- c:\users\europe\AppData\Local\temp
2010-12-09 06:11 . 2010-12-09 06:11 -------- d-----w- C:\Malwarebytes
2010-12-09 06:01 . 2010-12-09 06:01 -------- d-----w- C:\%APPDATA%
2010-12-03 16:08 . 2010-12-03 16:08 -------- d-----w- C:\BEST_OF_MEGAHITS_VOL_23
2010-11-25 11:18 . 2010-11-25 11:18 -------- d-----w- c:\program files\Sanmaxi Sim Card Data Recovery
2010-11-24 11:42 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-17 12:19 . 2010-11-17 12:19 -------- d-----w- c:\users\europe\AppData\Local\Yahoo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-15 13:37 . 2010-10-08 23:36 35296 ----a-w- c:\windows\system32\drivers\Dvd43.sys
2010-10-15 10:43 . 2010-10-15 10:43 388096 ----a-r- c:\users\europe\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-14 11:41 . 2010-10-17 17:52 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{360F2EB1-399C-4F7C-9AEC-3119C05E5A8C}\mpengine.dll
2010-10-14 11:41 . 2010-10-15 12:52 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-07 15:40 . 2010-10-07 15:40 203776 ----a-w- c:\windows\system32\clrviddc.dll
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-22 22:21 . 2010-10-21 23:26 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-09-13 13:56 . 2010-10-13 16:08 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]
c:\users\Duçan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Orez vaź obrazovky a spŁçśaź programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpzrcv01.LNK]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpzrcv01.LNK
backup=c:\windows\pss\hpzrcv01.LNK.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^europe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orezávač obrazovky a spúšťač programu OneNote 2007.lnk]
path=c:\users\europe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk
backup=c:\windows\pss\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-04-13 00:29 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD43]
2006-10-26 13:58 258560 ----a-w- c:\progra~1\DVDREG~1\DVDRegionFree.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 09:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2007-05-04 11:14 36864 ----a-w- c:\program files\HP\HP UT\bin\hppusg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 14:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-06-12 12:03 56080 ----a-w- c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-08-20 11:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 09:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 22:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-09-15 02:34 1094224 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\users\europe\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Booster]
2007-11-30 16:16 14450688 ----a-w- c:\program files\inKline Global\PC Booster\PCBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-02-13 09:38 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2009-03-10 19:19 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-16 23:19 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 00:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-10-14 15:44 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R4 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
S3 Dvd43;Dvd43;c:\windows\system32\DRIVERS\Dvd43.sys [2010-10-15 35296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:34]
2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:34]
2010-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796638298-2559362022-2688697916-1003Core.job
- c:\users\europe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 13:47]
2010-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796638298-2559362022-2688697916-1003UA.job
- c:\users\europe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 13:47]
2010-12-12 c:\windows\Tasks\User_Feed_Synchronization-{31DCA4EB-CAB0-4CED-A8DA-AFE4AA220AB7}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
2010-12-12 c:\windows\Tasks\User_Feed_Synchronization-{3C6F9F0F-B0CC-4309-9516-7E4D078D0473}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
2010-12-12 c:\windows\Tasks\User_Feed_Synchronization-{78F5F398-0C2F-4584-8E4C-DE0DC4FBE144}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
2010-12-12 c:\windows\Tasks\User_Feed_Synchronization-{DBCCA46E-DC2D-4EC9-8D73-B2464A42AE53}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bing.sk/
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
TCP: {4C3718A6-DD75-4B1A-B628-36FC48575DCC} = 192.168.2.1
FF - ProfilePath - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\europe\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-12 12:49
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,85,9c,67,03,8c,6f,40,bb,84,fa,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,85,9c,67,03,8c,6f,40,bb,84,fa,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000fb
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(4796)
c:\windows\system32\APSHook.dll
c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
c:\windows\system32\BTNCopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
c:\windows\system32\WLANExt.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-12-12 12:53:59 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-12 11:53
ComboFix2.txt 2010-12-11 15:38
ComboFix3.txt 2010-12-11 00:07
ComboFix4.txt 2010-11-05 21:14
ComboFix5.txt 2010-12-12 11:18
Pre-Run: Volných bajtů: 15 521 611 776
Post-Run: Volných bajtů: 15 360 307 200
- - End Of File - - 97CDB885AACBA9B4A4F8BF31D8C7D33A
- nelze nacist software ovladace
- graficke adaptery ge force 8400M GS stav zarizeni: zarizeni bylo zastaveno protoze oznamilo potize (kod 43)
-------------------------------------------
rozliseni neni mozne nastavit na jinou moznost
novy log z cfix - zase neco nasel
diky
ComboFix 10-12-09.04 - europe . 12. 2010 12:20:37.19.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1029.18.2046.1346 [GMT 1:00]
Running from: c:\users\europe\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\europe\Documents\cc_20101211_013034.reg
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy6_!Windows!System32!userinit.exe
.
((((((((((((((((((((((((( Files Created from 2010-11-12 to 2010-12-12 )))))))))))))))))))))))))))))))
.
2010-12-12 11:38 . 2010-12-12 11:38 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-12-12 11:38 . 2010-12-12 11:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-12-12 11:38 . 2010-12-12 11:38 -------- d-----w- c:\users\Kika\AppData\Local\temp
2010-12-12 11:38 . 2010-12-12 11:38 -------- d-----w- c:\users\Family\AppData\Local\temp
2010-12-12 11:38 . 2010-12-12 11:38 -------- d-----w- c:\users\Dušan\AppData\Local\temp
2010-12-12 11:38 . 2010-12-12 11:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-12 11:00 . 2009-10-03 04:02 584296 ----a-w- c:\windows\system32\nvuninst.exe
2010-12-10 07:49 . 2010-12-10 07:49 -------- d-----w- c:\program files\SysJewel
2010-12-10 07:18 . 2010-12-10 07:18 -------- d-----w- c:\program files\Lavalys
2010-12-09 11:29 . 2010-12-12 11:41 -------- d-----w- c:\users\europe\AppData\Local\temp
2010-12-09 06:11 . 2010-12-09 06:11 -------- d-----w- C:\Malwarebytes
2010-12-09 06:01 . 2010-12-09 06:01 -------- d-----w- C:\%APPDATA%
2010-12-03 16:08 . 2010-12-03 16:08 -------- d-----w- C:\BEST_OF_MEGAHITS_VOL_23
2010-11-25 11:18 . 2010-11-25 11:18 -------- d-----w- c:\program files\Sanmaxi Sim Card Data Recovery
2010-11-24 11:42 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-17 12:19 . 2010-11-17 12:19 -------- d-----w- c:\users\europe\AppData\Local\Yahoo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-15 13:37 . 2010-10-08 23:36 35296 ----a-w- c:\windows\system32\drivers\Dvd43.sys
2010-10-15 10:43 . 2010-10-15 10:43 388096 ----a-r- c:\users\europe\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-14 11:41 . 2010-10-17 17:52 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{360F2EB1-399C-4F7C-9AEC-3119C05E5A8C}\mpengine.dll
2010-10-14 11:41 . 2010-10-15 12:52 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-07 15:40 . 2010-10-07 15:40 203776 ----a-w- c:\windows\system32\clrviddc.dll
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-22 22:21 . 2010-10-21 23:26 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-09-13 13:56 . 2010-10-13 16:08 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]
c:\users\Duçan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Orez vaź obrazovky a spŁçśaź programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpzrcv01.LNK]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpzrcv01.LNK
backup=c:\windows\pss\hpzrcv01.LNK.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^europe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orezávač obrazovky a spúšťač programu OneNote 2007.lnk]
path=c:\users\europe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk
backup=c:\windows\pss\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-04-13 00:29 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD43]
2006-10-26 13:58 258560 ----a-w- c:\progra~1\DVDREG~1\DVDRegionFree.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 09:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2007-05-04 11:14 36864 ----a-w- c:\program files\HP\HP UT\bin\hppusg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 14:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-06-12 12:03 56080 ----a-w- c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-08-20 11:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 09:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 22:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-09-15 02:34 1094224 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\users\europe\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Booster]
2007-11-30 16:16 14450688 ----a-w- c:\program files\inKline Global\PC Booster\PCBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-02-13 09:38 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2009-03-10 19:19 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-16 23:19 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 00:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-10-14 15:44 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R4 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
S3 Dvd43;Dvd43;c:\windows\system32\DRIVERS\Dvd43.sys [2010-10-15 35296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:34]
2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:34]
2010-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796638298-2559362022-2688697916-1003Core.job
- c:\users\europe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 13:47]
2010-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796638298-2559362022-2688697916-1003UA.job
- c:\users\europe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 13:47]
2010-12-12 c:\windows\Tasks\User_Feed_Synchronization-{31DCA4EB-CAB0-4CED-A8DA-AFE4AA220AB7}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
2010-12-12 c:\windows\Tasks\User_Feed_Synchronization-{3C6F9F0F-B0CC-4309-9516-7E4D078D0473}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
2010-12-12 c:\windows\Tasks\User_Feed_Synchronization-{78F5F398-0C2F-4584-8E4C-DE0DC4FBE144}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
2010-12-12 c:\windows\Tasks\User_Feed_Synchronization-{DBCCA46E-DC2D-4EC9-8D73-B2464A42AE53}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bing.sk/
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
TCP: {4C3718A6-DD75-4B1A-B628-36FC48575DCC} = 192.168.2.1
FF - ProfilePath - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\europe\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-12 12:49
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,85,9c,67,03,8c,6f,40,bb,84,fa,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,85,9c,67,03,8c,6f,40,bb,84,fa,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000fb
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(4796)
c:\windows\system32\APSHook.dll
c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
c:\windows\system32\BTNCopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
c:\windows\system32\WLANExt.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-12-12 12:53:59 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-12 11:53
ComboFix2.txt 2010-12-11 15:38
ComboFix3.txt 2010-12-11 00:07
ComboFix4.txt 2010-11-05 21:14
ComboFix5.txt 2010-12-12 11:18
Pre-Run: Volných bajtů: 15 521 611 776
Post-Run: Volných bajtů: 15 360 307 200
- - End Of File - - 97CDB885AACBA9B4A4F8BF31D8C7D33A
-
Rudy
- Site Admin
- Příspěvky: 119430
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim o kontrolu logu
Našel další infikovaný soubor, který nahradil. Jak pravil pan kolega, vidím to rovněž na poškozený systém. Možná tam budou i viry. Zkuste udělat sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dát log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosim o kontrolu logu
Diky Rudy za pomoc, je to pre mna nova skusenost. Bol som v koncoch a
myslel som, ze to zachrani len preinstalacia windows a vsetkych programov.
Kaspersky virus removal tool je VITAZ!!!
Stav pred kaspersky scan:
Pc hlasil chybu spustania sys, automaticky spustal opravu spustania,
hlasil problemy s grafikou a mal nastavene len minimalne rozlisenie bez moznosti upravit to.
MBAM, Spybot, IObitSec 360, AS care hlasili 0 infekcii! (vsetky boli aktualizovane)
cfix odstranil 2 infekcie a oznamil uspesne vycistenie.
Pc znovu hlasil chybu spustania sys, automaticky spustal opravu spustania,
hlasil problemy s grafikou a mal nastavene len minimalne rozlisenie bez moznosti upravit to
Kaspersky log:
Automatická kontrola: zastaveno před 17 hod. (události: 2, objekty: 40349, čas: 00:16:52)
12. 12. 2010 23:25:27 Úloha byla spuštěna
12. 12. 2010 23:42:19 Úloha byla zastavena
Automatická kontrola: dokončeno před 12 min. (události: 14, objekty: 509234, čas: 00:00:09)
12. 12. 2010 23:42:24 Úloha byla spuštěna
13. 12. 2010 1:37:07 Zjištěno: Trojan-Downloader.Win32.Banload.ayds C:\Documents and Settings\Downloads\pareto logic reg cure\ParetoLogic RegCure 3.0.2.0 Final Portable.rar/ParetoLogic RegCure 3.0.2.0 Final Portable/RegCure.exe
13. 12. 2010 5:09:59 Odstraněno: Trojan-Downloader.Win32.Banload.ayds C:\Documents and Settings\Downloads\pareto logic reg cure\ParetoLogic RegCure 3.0.2.0 Final Portable.rar
13. 12. 2010 5:10:19 Zjištěno: Trojan-GameThief.Win32.Lmir.pgf C:\Documents and Settings\Downloads\sim rec\simrecovery.exe/data0000
13. 12. 2010 5:10:19 Zjištěno: Trojan-GameThief.Win32.Lmir.pgf C:\Documents and Settings\Downloads\sim rec\simrecovery.zip/simrecovery.exe/data0000
13. 12. 2010 5:11:33 Odstraněno: Trojan-GameThief.Win32.Lmir.pgf C:\Documents and Settings\Downloads\sim rec\simrecovery.zip/simrecovery.exe
13. 12. 2010 5:11:33 Odstraněno: Trojan-GameThief.Win32.Lmir.pgf C:\Documents and Settings\Downloads\sim rec\simrecovery.exe
13. 12. 2010 5:34:04 Úloha byla zastavena
13. 12. 2010 15:51:17 Úloha byla spuštěna
13. 12. 2010 16:39:39 Zjištěno: Trojan-GameThief.Win32.Lmir.pgf C:\Program Files\Sanmaxi Sim Card Data Recovery\SimRecoverer.exe
13. 12. 2010 16:43:07 Úloha byla zastavena
13. 12. 2010 17:27:37 Úloha byla spuštěna
13. 12. 2010 17:27:46 Úloha byla dokončena
Dezinfikovat aktivní hrozby: dokončeno před 34 min. (události: 4, objekty: 6501, čas: 00:22:28)
13. 12. 2010 16:43:07 Úloha byla spuštěna
13. 12. 2010 16:43:15 Zjištěno: Trojan-GameThief.Win32.Lmir.pgf C:\Program Files\Sanmaxi Sim Card Data Recovery\SimRecoverer.exe
13. 12. 2010 16:43:42 Odstraněno: Trojan-GameThief.Win32.Lmir.pgf C:\Program Files\Sanmaxi Sim Card Data Recovery\SimRecoverer.exe
13. 12. 2010 17:05:36 Úloha byla dokončena
Automatická kontrola: dokončeno před 1 min. (události: 4, objekty: 3522, čas: 00:06:48)
13. 12. 2010 17:28:00 Úloha byla spuštěna
13. 12. 2010 17:28:18 Úloha byla zastavena
------------------------------------------------------------------------------------
Po ukonceni kaspersky scanu sa pc automaticky restartoval, nabehol system bez zavad a funguje doteraz.
Este som urobil niekolko testov, pc funguje ok.
D I K Y
Rudy, este mam 2 otazky:
Pri analyze pricin zavirenia ma napadaju dve veci.
Pred nedavnom som presiel z Panda security 2009 na ESET smart security 4 (reg vers) (4.2.64.12.)
Napriek opakovanej preinstalacii esetu, mi jeho scanner asi nefunguje spravne a asi ani firewall nie je spolahlivy.
Scan prebehne na nejakych 60% a zastavi sa na nejakom subore napr.: Prog.files/java/jr6lib/rtjar alebo subore z hp a dalej nepokracuje.
V podrobnych vypisoch je potom toto:
C:\Program Files\Java\jre6\lib\rt.jar » ZIP » com/sun/servicetag/Util.class - dekompresia neprebehla,
preverte, či je dostatok pamäte a voľného miesta na disku. (pamat mam 2G a na disku okolo 7G volneho miesta)
Je mozna oprava alebo zmena nastaveni eset, pripadne mi odporucate prejst na avast?
Asi pred 2 tyzdnami mi kamarat ponukol subor Ppt z USB kluca. Pri preberani som neskontroloval usb kluc na pritomnost virusov.
Ako postupovat teraz, aby uz pri vlozeni toho usb kluca (ktory je mozno infikovany) do pc neprislo k infekcii, este pred moznou jeho kontrolou?
Dakujem
myslel som, ze to zachrani len preinstalacia windows a vsetkych programov.
Kaspersky virus removal tool je VITAZ!!!
Stav pred kaspersky scan:
Pc hlasil chybu spustania sys, automaticky spustal opravu spustania,
hlasil problemy s grafikou a mal nastavene len minimalne rozlisenie bez moznosti upravit to.
MBAM, Spybot, IObitSec 360, AS care hlasili 0 infekcii! (vsetky boli aktualizovane)
cfix odstranil 2 infekcie a oznamil uspesne vycistenie.
Pc znovu hlasil chybu spustania sys, automaticky spustal opravu spustania,
hlasil problemy s grafikou a mal nastavene len minimalne rozlisenie bez moznosti upravit to
Kaspersky log:
Automatická kontrola: zastaveno před 17 hod. (události: 2, objekty: 40349, čas: 00:16:52)
12. 12. 2010 23:25:27 Úloha byla spuštěna
12. 12. 2010 23:42:19 Úloha byla zastavena
Automatická kontrola: dokončeno před 12 min. (události: 14, objekty: 509234, čas: 00:00:09)
12. 12. 2010 23:42:24 Úloha byla spuštěna
13. 12. 2010 1:37:07 Zjištěno: Trojan-Downloader.Win32.Banload.ayds C:\Documents and Settings\Downloads\pareto logic reg cure\ParetoLogic RegCure 3.0.2.0 Final Portable.rar/ParetoLogic RegCure 3.0.2.0 Final Portable/RegCure.exe
13. 12. 2010 5:09:59 Odstraněno: Trojan-Downloader.Win32.Banload.ayds C:\Documents and Settings\Downloads\pareto logic reg cure\ParetoLogic RegCure 3.0.2.0 Final Portable.rar
13. 12. 2010 5:10:19 Zjištěno: Trojan-GameThief.Win32.Lmir.pgf C:\Documents and Settings\Downloads\sim rec\simrecovery.exe/data0000
13. 12. 2010 5:10:19 Zjištěno: Trojan-GameThief.Win32.Lmir.pgf C:\Documents and Settings\Downloads\sim rec\simrecovery.zip/simrecovery.exe/data0000
13. 12. 2010 5:11:33 Odstraněno: Trojan-GameThief.Win32.Lmir.pgf C:\Documents and Settings\Downloads\sim rec\simrecovery.zip/simrecovery.exe
13. 12. 2010 5:11:33 Odstraněno: Trojan-GameThief.Win32.Lmir.pgf C:\Documents and Settings\Downloads\sim rec\simrecovery.exe
13. 12. 2010 5:34:04 Úloha byla zastavena
13. 12. 2010 15:51:17 Úloha byla spuštěna
13. 12. 2010 16:39:39 Zjištěno: Trojan-GameThief.Win32.Lmir.pgf C:\Program Files\Sanmaxi Sim Card Data Recovery\SimRecoverer.exe
13. 12. 2010 16:43:07 Úloha byla zastavena
13. 12. 2010 17:27:37 Úloha byla spuštěna
13. 12. 2010 17:27:46 Úloha byla dokončena
Dezinfikovat aktivní hrozby: dokončeno před 34 min. (události: 4, objekty: 6501, čas: 00:22:28)
13. 12. 2010 16:43:07 Úloha byla spuštěna
13. 12. 2010 16:43:15 Zjištěno: Trojan-GameThief.Win32.Lmir.pgf C:\Program Files\Sanmaxi Sim Card Data Recovery\SimRecoverer.exe
13. 12. 2010 16:43:42 Odstraněno: Trojan-GameThief.Win32.Lmir.pgf C:\Program Files\Sanmaxi Sim Card Data Recovery\SimRecoverer.exe
13. 12. 2010 17:05:36 Úloha byla dokončena
Automatická kontrola: dokončeno před 1 min. (události: 4, objekty: 3522, čas: 00:06:48)
13. 12. 2010 17:28:00 Úloha byla spuštěna
13. 12. 2010 17:28:18 Úloha byla zastavena
------------------------------------------------------------------------------------
Po ukonceni kaspersky scanu sa pc automaticky restartoval, nabehol system bez zavad a funguje doteraz.
Este som urobil niekolko testov, pc funguje ok.
D I K Y
Rudy, este mam 2 otazky:
Pri analyze pricin zavirenia ma napadaju dve veci.
Pred nedavnom som presiel z Panda security 2009 na ESET smart security 4 (reg vers) (4.2.64.12.)
Napriek opakovanej preinstalacii esetu, mi jeho scanner asi nefunguje spravne a asi ani firewall nie je spolahlivy.
Scan prebehne na nejakych 60% a zastavi sa na nejakom subore napr.: Prog.files/java/jr6lib/rtjar alebo subore z hp a dalej nepokracuje.
V podrobnych vypisoch je potom toto:
C:\Program Files\Java\jre6\lib\rt.jar » ZIP » com/sun/servicetag/Util.class - dekompresia neprebehla,
preverte, či je dostatok pamäte a voľného miesta na disku. (pamat mam 2G a na disku okolo 7G volneho miesta)
Je mozna oprava alebo zmena nastaveni eset, pripadne mi odporucate prejst na avast?
Asi pred 2 tyzdnami mi kamarat ponukol subor Ppt z USB kluca. Pri preberani som neskontroloval usb kluc na pritomnost virusov.
Ako postupovat teraz, aby uz pri vlozeni toho usb kluca (ktory je mozno infikovany) do pc neprislo k infekcii, este pred moznou jeho kontrolou?
Dakujem
-
Rudy
- Site Admin
- Příspěvky: 119430
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosim o kontrolu logu
1. Soubor C:\Program Files\Java\jre6\lib\rt.jar můžete online zkontrolovat na www.virustotal.com . Také je možné, že je soubor poškozen.
2. To, zda je USB FlashDisk zavirován, těžko poznáte na první pohled. Je třeba provést kontrolu antivirem. Pokud je zavirován, obvykle pomůže FlashDisinfector: http://www.myantispyware.com/2009/01/08 ... oval-tool/ .
2. To, zda je USB FlashDisk zavirován, těžko poznáte na první pohled. Je třeba provést kontrolu antivirem. Pokud je zavirován, obvykle pomůže FlashDisinfector: http://www.myantispyware.com/2009/01/08 ... oval-tool/ .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?