Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Procesor
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
sxewarrior
- Návštěvník
- Příspěvky: 85
- Registrován: 10 lis 2009 13:39
Re: Procesor
Combofix /Uninstall - system windows nemôže nájsť súbor skontrolujte... dal som ho vyhladat cez hladat, a naslo mi v documents and setting/uzivatel/doctorweb/quarantine ..a este tri txt dokumenty z kombofixom. ..ale nejde to cez štart odinštalovať je to v poriadku?
Re: Procesor
Je, já zapoměla že webcureit Vám ho smazal, falešná detekce na něj 
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
sxewarrior
- Návštěvník
- Příspěvky: 85
- Registrován: 10 lis 2009 13:39
Re: Procesor
TFC použite, prečistené CC cleanerom, T-cleaner som nepoužil, kvôli tej detekcii antivirom falošnej.. ešte ten log z RSIT prikladám.
-
sxewarrior
- Návštěvník
- Příspěvky: 85
- Registrován: 10 lis 2009 13:39
Re: Procesor
Logfile of random's system information tool 1.06 (written by random/random)
Run by marek at 2009-12-25 22:56:41
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 6 GB (8%) free of 78 GB
Total RAM: 2047 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:47, on 25.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\marek\Desktop\RSIT.exe
C:\Program Files\trend micro\marek.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP8095\QIP\qip.exe (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C1879CD-9BA0-470B-BC87-E8AC105BE642}: NameServer = 62.128.126.10,62.168.96.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3D8BE3F-1CD4-40AF-A411-FABAAB0CD979}: NameServer = 193.93.72.10,193.93.72.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1C1879CD-9BA0-470B-BC87-E8AC105BE642}: NameServer = 62.128.126.10,62.168.96.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{1C1879CD-9BA0-470B-BC87-E8AC105BE642}: NameServer = 62.128.126.10,62.168.96.4
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\xampp\apache\bin\apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampp\service.exe
--
End of file - 7528 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-08-03 577536]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-02-07 71216]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-02-07 54832]
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe [2005-05-10 11776]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-05-14 35328]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=c:\program files\valve\steam\steam.exe [2009-10-24 1217808]
C:\Documents and Settings\marek\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\condition zero\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\condition zero deleted scenes\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Non Steam\hl.exe"="C:\Program Files\Non Steam\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Non Steam\hlds.exe"="C:\Program Files\Non Steam\hlds.exe:*:Enabled:HLDS Launcher"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\Program Files\Non Steam\hltv.exe"="C:\Program Files\Non Steam\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Program Files\xampp\apache\bin\apache.exe"="C:\Program Files\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\QIP8080\qip.exe"="C:\Program Files\QIP8080\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\day of defeat\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\QIP8082\qip.exe"="C:\Program Files\QIP8082\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\QIP8092\qip.exe"="C:\Program Files\QIP8092\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\QIP8095\qip.exe"="C:\Program Files\QIP8095\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\EA GAMES\Need for Speed Underground 2\speed2.exe"="C:\Program Files\EA GAMES\Need for Speed Underground 2\speed2.exe:*:Enabled:speed2"
"C:\Program Files\QIP8095\QIP\qip.exe"="C:\Program Files\QIP8095\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\totalcmd7,5\TOTALCMD.EXE"="C:\Program Files\totalcmd7,5\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======File associations======
.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"
======List of files/folders created in the last 1 months======
2009-12-25 22:52:47 ----D---- C:\WINDOWS\LastGood
2009-12-25 22:44:05 ----SHD---- C:\RECYCLER
2009-12-25 19:12:33 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-12-25 03:05:17 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-12-23 20:31:11 ----A---- C:\ComboFix.txt
2009-12-23 20:10:53 ----A---- C:\WINDOWS\zip.exe
2009-12-23 20:10:53 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-12-23 20:10:53 ----A---- C:\WINDOWS\SWSC.exe
2009-12-23 20:10:53 ----A---- C:\WINDOWS\SWREG.exe
2009-12-23 20:10:53 ----A---- C:\WINDOWS\sed.exe
2009-12-23 20:10:53 ----A---- C:\WINDOWS\PEV.exe
2009-12-23 20:10:53 ----A---- C:\WINDOWS\NIRCMD.exe
2009-12-23 20:10:53 ----A---- C:\WINDOWS\MBR.exe
2009-12-23 20:10:53 ----A---- C:\WINDOWS\grep.exe
2009-12-23 20:08:22 ----D---- C:\Qoobox
2009-12-23 11:56:08 ----D---- C:\WINDOWS\ERDNT
2009-12-22 12:36:23 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-12-10 22:41:26 ----D---- C:\Program Files\totalcmd7,5
======List of files/folders modified in the last 1 months======
2009-12-25 22:56:42 ----D---- C:\Program Files\trend micro
2009-12-25 22:56:06 ----D---- C:\WINDOWS\Prefetch
2009-12-25 22:53:11 ----D---- C:\WINDOWS
2009-12-25 22:53:04 ----HD---- C:\WINDOWS\inf
2009-12-25 22:52:46 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-25 22:51:58 ----D---- C:\WINDOWS\Minidump
2009-12-25 22:51:25 ----D---- C:\WINDOWS\Temp
2009-12-25 22:16:15 ----D---- C:\Program Files\Mozilla Firefox
2009-12-25 22:13:06 ----D---- C:\WINDOWS\AppPatch
2009-12-25 19:12:41 ----D---- C:\Program Files\Messenger
2009-12-25 19:12:37 ----D---- C:\WINDOWS\system32
2009-12-25 19:12:00 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-25 03:10:16 ----RD---- C:\Program Files
2009-12-25 03:10:16 ----D---- C:\Program Files\Windows Media Player
2009-12-25 03:05:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-24 23:37:07 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-12-24 23:37:06 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-23 21:15:47 ----D---- C:\WINDOWS\system32\drivers
2009-12-23 20:40:33 ----D---- C:\WINDOWS\Help
2009-12-23 20:33:00 ----D---- C:\Program Files\DNA
2009-12-23 20:25:11 ----A---- C:\WINDOWS\system.ini
2009-12-23 20:22:50 ----D---- C:\WINDOWS\system32\config
2009-12-23 20:19:26 ----D---- C:\Program Files\Common Files
2009-12-23 18:33:26 ----SHD---- C:\System Volume Information
2009-12-23 18:33:26 ----D---- C:\WINDOWS\system32\Restore
2009-12-23 12:30:54 ----SD---- C:\WINDOWS\Tasks
2009-12-22 18:15:22 ----D---- C:\Program Files\MyDefrag v4.2.5
2009-12-17 18:03:53 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-17 18:00:36 ----A---- C:\WINDOWS\wincmd.ini
2009-12-17 17:53:05 ----A---- C:\WINDOWS\wcx_ftp.ini
2009-12-11 11:33:39 ----D---- C:\Documents and Settings\marek\Application Data\Web Page Maker
2009-12-11 11:24:43 ----D---- C:\Program Files\Non Steam
2009-12-11 10:43:04 ----D---- C:\Program Files\Graffiti Studio 2.0
2009-12-06 18:28:52 ----A---- C:\WINDOWS\win.ini
2009-11-26 19:00:22 ----SHD---- C:\WINDOWS\Installer
2009-11-26 19:00:16 ----D---- C:\Config.Msi
2009-11-26 18:59:59 ----D---- C:\Program Files\Vstplugins
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 acedrv10;acedrv10; \??\C:\WINDOWS\system32\drivers\acedrv10.sys []
R2 acehlp10;acehlp10; \??\C:\WINDOWS\system32\drivers\acehlp10.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2004-07-28 9856]
R2 LF30FS;LF30FS; \??\C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-09-20 4019072]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2004-08-04 105984]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2004-06-08 3968]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2004-08-04 13824]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-08-06 25280]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\WINDOWS\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264]
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); C:\WINDOWS\system32\DRIVERS\s117nd5.sys [2007-06-25 22952]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\WINDOWS\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apache2.2;Apache2.2; C:\Program Files\xampp\apache\bin\apache.exe [2008-06-14 17408]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 mysql;mysql; C:\Program Files\xampp\mysql\bin\mysqld-nt.exe [2008-08-04 5779456]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-02-07 173616]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S2 XAMPP;XAMPP Service; C:\Program Files\xampp\service.exe [2007-12-21 60928]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-31 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 wampapache;wampapache; C:\Program Files\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
S3 wampmysqld;wampmysqld; C:\Program Files\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe [2009-06-17 6582912]
-----------------EOF-----------------
Run by marek at 2009-12-25 22:56:41
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 6 GB (8%) free of 78 GB
Total RAM: 2047 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:47, on 25.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\xampp\apache\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\marek\Desktop\RSIT.exe
C:\Program Files\trend micro\marek.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP8095\QIP\qip.exe (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C1879CD-9BA0-470B-BC87-E8AC105BE642}: NameServer = 62.128.126.10,62.168.96.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3D8BE3F-1CD4-40AF-A411-FABAAB0CD979}: NameServer = 193.93.72.10,193.93.72.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1C1879CD-9BA0-470B-BC87-E8AC105BE642}: NameServer = 62.128.126.10,62.168.96.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{1C1879CD-9BA0-470B-BC87-E8AC105BE642}: NameServer = 62.128.126.10,62.168.96.4
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\xampp\apache\bin\apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampp\service.exe
--
End of file - 7528 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-08-03 577536]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-02-07 71216]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-02-07 54832]
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe [2005-05-10 11776]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-05-14 35328]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=c:\program files\valve\steam\steam.exe [2009-10-24 1217808]
C:\Documents and Settings\marek\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\condition zero\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\condition zero deleted scenes\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Non Steam\hl.exe"="C:\Program Files\Non Steam\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Non Steam\hlds.exe"="C:\Program Files\Non Steam\hlds.exe:*:Enabled:HLDS Launcher"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\Program Files\Non Steam\hltv.exe"="C:\Program Files\Non Steam\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Program Files\xampp\apache\bin\apache.exe"="C:\Program Files\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\QIP8080\qip.exe"="C:\Program Files\QIP8080\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\day of defeat\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\trojanskinhead69\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\QIP8082\qip.exe"="C:\Program Files\QIP8082\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\QIP8092\qip.exe"="C:\Program Files\QIP8092\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\QIP8095\qip.exe"="C:\Program Files\QIP8095\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\EA GAMES\Need for Speed Underground 2\speed2.exe"="C:\Program Files\EA GAMES\Need for Speed Underground 2\speed2.exe:*:Enabled:speed2"
"C:\Program Files\QIP8095\QIP\qip.exe"="C:\Program Files\QIP8095\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\totalcmd7,5\TOTALCMD.EXE"="C:\Program Files\totalcmd7,5\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======File associations======
.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"
======List of files/folders created in the last 1 months======
2009-12-25 22:52:47 ----D---- C:\WINDOWS\LastGood
2009-12-25 22:44:05 ----SHD---- C:\RECYCLER
2009-12-25 19:12:33 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-12-25 03:05:17 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-12-23 20:31:11 ----A---- C:\ComboFix.txt
2009-12-23 20:10:53 ----A---- C:\WINDOWS\zip.exe
2009-12-23 20:10:53 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-12-23 20:10:53 ----A---- C:\WINDOWS\SWSC.exe
2009-12-23 20:10:53 ----A---- C:\WINDOWS\SWREG.exe
2009-12-23 20:10:53 ----A---- C:\WINDOWS\sed.exe
2009-12-23 20:10:53 ----A---- C:\WINDOWS\PEV.exe
2009-12-23 20:10:53 ----A---- C:\WINDOWS\NIRCMD.exe
2009-12-23 20:10:53 ----A---- C:\WINDOWS\MBR.exe
2009-12-23 20:10:53 ----A---- C:\WINDOWS\grep.exe
2009-12-23 20:08:22 ----D---- C:\Qoobox
2009-12-23 11:56:08 ----D---- C:\WINDOWS\ERDNT
2009-12-22 12:36:23 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-12-10 22:41:26 ----D---- C:\Program Files\totalcmd7,5
======List of files/folders modified in the last 1 months======
2009-12-25 22:56:42 ----D---- C:\Program Files\trend micro
2009-12-25 22:56:06 ----D---- C:\WINDOWS\Prefetch
2009-12-25 22:53:11 ----D---- C:\WINDOWS
2009-12-25 22:53:04 ----HD---- C:\WINDOWS\inf
2009-12-25 22:52:46 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-25 22:51:58 ----D---- C:\WINDOWS\Minidump
2009-12-25 22:51:25 ----D---- C:\WINDOWS\Temp
2009-12-25 22:16:15 ----D---- C:\Program Files\Mozilla Firefox
2009-12-25 22:13:06 ----D---- C:\WINDOWS\AppPatch
2009-12-25 19:12:41 ----D---- C:\Program Files\Messenger
2009-12-25 19:12:37 ----D---- C:\WINDOWS\system32
2009-12-25 19:12:00 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-25 03:10:16 ----RD---- C:\Program Files
2009-12-25 03:10:16 ----D---- C:\Program Files\Windows Media Player
2009-12-25 03:05:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-24 23:37:07 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-12-24 23:37:06 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-23 21:15:47 ----D---- C:\WINDOWS\system32\drivers
2009-12-23 20:40:33 ----D---- C:\WINDOWS\Help
2009-12-23 20:33:00 ----D---- C:\Program Files\DNA
2009-12-23 20:25:11 ----A---- C:\WINDOWS\system.ini
2009-12-23 20:22:50 ----D---- C:\WINDOWS\system32\config
2009-12-23 20:19:26 ----D---- C:\Program Files\Common Files
2009-12-23 18:33:26 ----SHD---- C:\System Volume Information
2009-12-23 18:33:26 ----D---- C:\WINDOWS\system32\Restore
2009-12-23 12:30:54 ----SD---- C:\WINDOWS\Tasks
2009-12-22 18:15:22 ----D---- C:\Program Files\MyDefrag v4.2.5
2009-12-17 18:03:53 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-17 18:00:36 ----A---- C:\WINDOWS\wincmd.ini
2009-12-17 17:53:05 ----A---- C:\WINDOWS\wcx_ftp.ini
2009-12-11 11:33:39 ----D---- C:\Documents and Settings\marek\Application Data\Web Page Maker
2009-12-11 11:24:43 ----D---- C:\Program Files\Non Steam
2009-12-11 10:43:04 ----D---- C:\Program Files\Graffiti Studio 2.0
2009-12-06 18:28:52 ----A---- C:\WINDOWS\win.ini
2009-11-26 19:00:22 ----SHD---- C:\WINDOWS\Installer
2009-11-26 19:00:16 ----D---- C:\Config.Msi
2009-11-26 18:59:59 ----D---- C:\Program Files\Vstplugins
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 acedrv10;acedrv10; \??\C:\WINDOWS\system32\drivers\acedrv10.sys []
R2 acehlp10;acehlp10; \??\C:\WINDOWS\system32\drivers\acehlp10.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2004-07-28 9856]
R2 LF30FS;LF30FS; \??\C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-09-20 4019072]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2004-08-04 105984]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2004-06-08 3968]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2004-08-04 13824]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-08-06 25280]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\WINDOWS\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264]
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); C:\WINDOWS\system32\DRIVERS\s117nd5.sys [2007-06-25 22952]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\WINDOWS\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apache2.2;Apache2.2; C:\Program Files\xampp\apache\bin\apache.exe [2008-06-14 17408]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 mysql;mysql; C:\Program Files\xampp\mysql\bin\mysqld-nt.exe [2008-08-04 5779456]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-02-07 173616]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S2 XAMPP;XAMPP Service; C:\Program Files\xampp\service.exe [2007-12-21 60928]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-31 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 wampapache;wampapache; C:\Program Files\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
S3 wampmysqld;wampmysqld; C:\Program Files\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe [2009-06-17 6582912]
-----------------EOF-----------------
Re: Procesor
Vypněte na chvilku rezidentní štít avastu a t-cleaner použijte, dočistí po combofixu 
Nemáte firewall,k čemu je užitečný se dozvíte zde http://www.viry.cz/forum/viewtopic.php?f=41&t=20980
Nemáte sp3 http://www.viry.cz/forum/viewtopic.php?f=46&t=86100
Pokud nejsou problémy, je to vše
Nemáte firewall,k čemu je užitečný se dozvíte zde http://www.viry.cz/forum/viewtopic.php?f=41&t=20980 Nemáte sp3 http://www.viry.cz/forum/viewtopic.php?f=46&t=86100Pokud nejsou problémy, je to vše
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
sxewarrior
- Návštěvník
- Příspěvky: 85
- Registrován: 10 lis 2009 13:39
Re: Procesor
Oukej, tak pojdem to dočistiť t-cleanerom, ktorý z SP3 ten prvý alebo to iso? .. ponahadzujem to všetko , dočístim .
velmi pekne ďakujem za pomoc!
velmi pekne ďakujem za pomoc!
Re: Procesor
sp3 by Vám měly nabídnout aktualizace.Není zač, kdyy se bjevili problémy, ozvěte se
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
sxewarrior
- Návštěvník
- Příspěvky: 85
- Registrován: 10 lis 2009 13:39
Re: Procesor
takže aktualizacie som spravil, sp3 aj ten kerio som tam dal. lenže tiež sa dlho spusta pc pri pusteni, potom som skusil pustit jeden film čo mam na hdd, a procesor pri pozerani filmu stale je vyťaženy na 90 - 100 % tak problém pretrváva.
Další probléém windows vyhodil chybu v modrom velkom okne
a problem has been detected and windows has been shut down 0x0000004E (0x00000099, 0x00062B39, 0x00000001, 0x00000000 a tieto kody tam boli pritom.
Další probléém windows vyhodil chybu v modrom velkom okne
a problem has been detected and windows has been shut down 0x0000004E (0x00000099, 0x00062B39, 0x00000001, 0x00000000 a tieto kody tam boli pritom.
Re: Procesor
Podívejte se jestli máte v počítači ve složce windows složku minidump a v ní soubory. Pokud ano, uploadněte je na www.leteckaposta.cz a sem vložte link.
Při Bsod by se měl právě ve složce minidump utvořit soubor s popisem chyby.
Při Bsod by se měl právě ve složce minidump utvořit soubor s popisem chyby.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
sxewarrior
- Návštěvník
- Příspěvky: 85
- Registrován: 10 lis 2009 13:39
Re: Procesor
zložka minidump sa nachádza, ale nie su v nej žiadne súbory.
Re: Procesor
Jsou pořád stejné problémy? Objevila se Vám znovu modrá obrazovka?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
sxewarrior
- Návštěvník
- Příspěvky: 85
- Registrován: 10 lis 2009 13:39
Re: Procesor
stále pretrvávajú problémy s procesorom na 90-100%.. tabulka sa znovu zatial neobjavila, ale nechám ten PC bežať a uvidíme.. poprípade možno bude dobré aj reinstal win. už dlhšiu dobu nebol. tak snaď by to mohlo problém vyriešiť.
Re: Procesor
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe - ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
sxewarrior
- Návštěvník
- Příspěvky: 85
- Registrován: 10 lis 2009 13:39
Re: Procesor
Combofix:
ComboFix 09-12-29.06 - marek 30.12.2009 17:55:04.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1540 [GMT 1:00]
Running from: c:\documents and settings\marek\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091226-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
-- Previous Run --
Infected copy of c:\windows\system32\mspaint.exe was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\mspaint.exe
--------
.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-30 )))))))))))))))))))))))))))))))
.
2009-12-26 18:41 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-26 18:41 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-26 18:41 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-26 18:41 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-26 18:41 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-26 18:41 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-12-26 18:41 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-26 18:41 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-26 18:41 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-26 18:39 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-26 18:29 . 2009-12-26 18:29 -------- d-----w- c:\windows\system32\scripting
2009-12-26 18:29 . 2009-12-26 18:29 -------- d-----w- c:\windows\l2schemas
2009-12-26 18:29 . 2009-12-26 18:29 -------- d-----w- c:\windows\system32\en
2009-12-26 18:29 . 2009-12-26 18:29 -------- d-----w- c:\windows\system32\bits
2009-12-26 18:25 . 2009-12-26 18:29 -------- d-----w- c:\windows\ServicePackFiles
2009-12-26 18:22 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-26 17:37 . 2008-10-31 06:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2009-12-26 17:37 . 2008-06-21 03:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2009-12-26 17:37 . 2009-12-26 17:37 -------- d-----w- c:\program files\Sunbelt Software
2009-12-24 23:06 . 2009-12-25 01:08 -------- d-----w- c:\documents and settings\marek\DoctorWeb
2009-12-24 22:38 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-12-24 22:38 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-12-11 09:16 . 2009-12-11 09:16 -------- d-----w- c:\documents and settings\marek\Local Settings\Application Data\GHISLER
2009-12-10 21:41 . 2009-12-10 21:41 -------- d-----w- c:\program files\totalcmd7,5
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-26 18:57 . 2008-05-17 11:26 829168 ----a-w- c:\documents and settings\marek\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-26 18:33 . 2008-05-17 11:02 5938 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-12-26 18:32 . 2008-05-17 11:02 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-25 21:56 . 2009-11-10 14:40 -------- d-----w- c:\program files\trend micro
2009-12-23 19:33 . 2008-09-01 08:13 -------- d-----w- c:\program files\DNA
2009-12-22 17:15 . 2009-11-10 19:59 -------- d-----w- c:\program files\MyDefrag v4.2.5
2009-12-22 00:03 . 2009-12-22 00:03 16 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat
2009-12-11 10:33 . 2009-11-09 16:35 -------- d-----w- c:\documents and settings\marek\Application Data\Web Page Maker
2009-12-11 10:24 . 2008-07-28 13:55 -------- d-----w- c:\program files\Non Steam
2009-12-11 09:43 . 2008-10-03 13:55 -------- d-----w- c:\program files\Graffiti Studio 2.0
2009-11-26 17:59 . 2009-02-17 14:08 -------- d-----w- c:\program files\Vstplugins
2009-11-24 23:54 . 2008-05-17 11:32 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-05-17 11:32 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-05-17 11:32 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-05-17 11:48 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-05-17 11:48 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-05-17 11:32 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-05-17 11:32 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-05-17 11:32 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-05-17 11:32 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-17 08:59 . 2009-05-05 12:17 -------- d-----w- c:\program files\Elaborate Bytes
2009-11-15 10:18 . 2009-11-15 10:16 -------- d-----w- c:\program files\Common Files\Macromedia
2009-11-15 10:16 . 2009-11-15 10:16 -------- d-----w- c:\program files\Macromedia
2009-11-10 20:32 . 2009-11-10 20:32 117760 ----a-w- c:\documents and settings\marek\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-10 20:28 . 2009-11-10 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-10 20:28 . 2009-11-10 20:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-10 20:28 . 2009-11-10 20:28 -------- d-----w- c:\documents and settings\marek\Application Data\SUPERAntiSpyware.com
2009-11-10 20:27 . 2009-11-10 20:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-10 19:27 . 2009-11-10 19:27 -------- d-----w- c:\program files\CCleaner
2009-11-10 19:07 . 2009-11-10 17:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-10 17:03 . 2009-11-10 17:03 -------- d-----w- c:\documents and settings\marek\Application Data\Malwarebytes
2009-11-10 17:03 . 2009-11-10 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-10 16:15 . 2009-02-02 14:36 -------- d-----w- c:\documents and settings\marek\Application Data\U3
2009-11-10 15:18 . 2008-12-08 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-09 16:35 . 2009-11-09 16:35 -------- d-----w- c:\program files\Web Page Maker
2009-11-09 16:30 . 2009-11-09 16:28 -------- d-----w- c:\program files\wamp
2009-11-07 08:55 . 2009-11-06 11:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-05 21:56 . 2009-09-07 11:47 -------- d-----w- c:\program files\QIP8095
2009-11-03 21:20 . 2009-11-03 21:19 -------- d-----w- c:\program files\VDOWNLOADER
2009-11-01 14:45 . 2008-09-01 08:13 -------- d-----w- c:\documents and settings\marek\Application Data\BitTorrent
2009-10-31 07:31 . 2009-11-10 19:59 926720 ----a-w- c:\windows\system32\MyDefragScreenSaver.exe
2009-10-28 08:58 . 2009-11-10 19:59 93696 ----a-w- c:\windows\system32\MyDefragScreenSaver.scr
2009-10-25 08:07 . 2009-10-25 08:07 483 ----a-w- c:\windows\eReg.dat
2009-10-24 09:59 . 2009-10-24 09:59 293 ----a-w- c:\windows\EReg072.dat
2009-10-13 10:30 . 2004-08-03 23:56 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-03 23:56 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-03 23:56 79872 ----a-w- c:\windows\system32\raschap.dll
2003-03-02 00:57 . 2003-03-02 00:57 21019 ----a-w- c:\program files\uninstallBFL
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\valve\steam\steam.exe" [2009-10-24 1217808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-05-10 11776]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\marek\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\trojanskinhead69\\condition zero\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\trojanskinhead69\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\trojanskinhead69\\condition zero deleted scenes\\hl.exe"=
"c:\\Program Files\\Non Steam\\hl.exe"=
"c:\\Program Files\\Non Steam\\hlds.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Non Steam\\hltv.exe"=
"c:\\Program Files\\xampp\\apache\\bin\\apache.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\QIP8080\\qip.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\trojanskinhead69\\day of defeat\\hl.exe"=
"c:\\Program Files\\QIP8082\\qip.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\QIP8092\\qip.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\QIP8095\\qip.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=
"c:\\Program Files\\QIP8095\\QIP\\qip.exe"=
"c:\\Program Files\\totalcmd7,5\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [17.5.2008 12:48 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12.10.2009 21:24 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.10.2009 21:24 74480]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [26.12.2009 18:37 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [24.7.2007 8:45 328824]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [11.7.2007 9:20 201848]
R2 Apache2.2;Apache2.2;c:\program files\xampp\apache\bin\apache.exe [14.6.2008 18:02 17408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.5.2008 12:48 20560]
R2 LF30FS;LF30FS;c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [19.11.2004 17:07 101488]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [26.12.2009 18:37 65576]
S2 XAMPP;XAMPP Service;c:\program files\xampp\service.exe [21.12.2007 3:01 60928]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12.10.2009 21:24 7408]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
Trusted Zone: musicmatch.com\online
TCP: {1C1879CD-9BA0-470B-BC87-E8AC105BE642} = 62.128.126.10,62.168.96.4
TCP: {E3D8BE3F-1CD4-40AF-A411-FABAAB0CD979} = 193.93.72.10,193.93.72.1
FF - ProfilePath - c:\documents and settings\marek\Application Data\Mozilla\Firefox\Profiles\m9fcc630.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-30 18:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(840)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(416)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2009-12-30 18:10:10
ComboFix-quarantined-files.txt 2009-12-30 17:10
Pre-Run: 1 950 380 032 bytes free
Post-Run: 1 908 453 376 voľných bajtov
- - End Of File - - 68C4B4058C383E645E565CC0237546B8
ComboFix 09-12-29.06 - marek 30.12.2009 17:55:04.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1540 [GMT 1:00]
Running from: c:\documents and settings\marek\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091226-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
-- Previous Run --
Infected copy of c:\windows\system32\mspaint.exe was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\mspaint.exe
--------
.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-30 )))))))))))))))))))))))))))))))
.
2009-12-26 18:41 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-26 18:41 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-26 18:41 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-26 18:41 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-26 18:41 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-26 18:41 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-12-26 18:41 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-26 18:41 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-26 18:41 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-26 18:39 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-26 18:29 . 2009-12-26 18:29 -------- d-----w- c:\windows\system32\scripting
2009-12-26 18:29 . 2009-12-26 18:29 -------- d-----w- c:\windows\l2schemas
2009-12-26 18:29 . 2009-12-26 18:29 -------- d-----w- c:\windows\system32\en
2009-12-26 18:29 . 2009-12-26 18:29 -------- d-----w- c:\windows\system32\bits
2009-12-26 18:25 . 2009-12-26 18:29 -------- d-----w- c:\windows\ServicePackFiles
2009-12-26 18:22 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-26 17:37 . 2008-10-31 06:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2009-12-26 17:37 . 2008-06-21 03:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2009-12-26 17:37 . 2009-12-26 17:37 -------- d-----w- c:\program files\Sunbelt Software
2009-12-24 23:06 . 2009-12-25 01:08 -------- d-----w- c:\documents and settings\marek\DoctorWeb
2009-12-24 22:38 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-12-24 22:38 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-12-11 09:16 . 2009-12-11 09:16 -------- d-----w- c:\documents and settings\marek\Local Settings\Application Data\GHISLER
2009-12-10 21:41 . 2009-12-10 21:41 -------- d-----w- c:\program files\totalcmd7,5
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-26 18:57 . 2008-05-17 11:26 829168 ----a-w- c:\documents and settings\marek\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-26 18:33 . 2008-05-17 11:02 5938 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-12-26 18:32 . 2008-05-17 11:02 166455 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-25 21:56 . 2009-11-10 14:40 -------- d-----w- c:\program files\trend micro
2009-12-23 19:33 . 2008-09-01 08:13 -------- d-----w- c:\program files\DNA
2009-12-22 17:15 . 2009-11-10 19:59 -------- d-----w- c:\program files\MyDefrag v4.2.5
2009-12-22 00:03 . 2009-12-22 00:03 16 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat
2009-12-11 10:33 . 2009-11-09 16:35 -------- d-----w- c:\documents and settings\marek\Application Data\Web Page Maker
2009-12-11 10:24 . 2008-07-28 13:55 -------- d-----w- c:\program files\Non Steam
2009-12-11 09:43 . 2008-10-03 13:55 -------- d-----w- c:\program files\Graffiti Studio 2.0
2009-11-26 17:59 . 2009-02-17 14:08 -------- d-----w- c:\program files\Vstplugins
2009-11-24 23:54 . 2008-05-17 11:32 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-05-17 11:32 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-05-17 11:32 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-05-17 11:48 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-05-17 11:48 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-05-17 11:32 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-05-17 11:32 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-05-17 11:32 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-05-17 11:32 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-17 08:59 . 2009-05-05 12:17 -------- d-----w- c:\program files\Elaborate Bytes
2009-11-15 10:18 . 2009-11-15 10:16 -------- d-----w- c:\program files\Common Files\Macromedia
2009-11-15 10:16 . 2009-11-15 10:16 -------- d-----w- c:\program files\Macromedia
2009-11-10 20:32 . 2009-11-10 20:32 117760 ----a-w- c:\documents and settings\marek\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-10 20:28 . 2009-11-10 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-10 20:28 . 2009-11-10 20:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-10 20:28 . 2009-11-10 20:28 -------- d-----w- c:\documents and settings\marek\Application Data\SUPERAntiSpyware.com
2009-11-10 20:27 . 2009-11-10 20:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-10 19:27 . 2009-11-10 19:27 -------- d-----w- c:\program files\CCleaner
2009-11-10 19:07 . 2009-11-10 17:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-10 17:03 . 2009-11-10 17:03 -------- d-----w- c:\documents and settings\marek\Application Data\Malwarebytes
2009-11-10 17:03 . 2009-11-10 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-10 16:15 . 2009-02-02 14:36 -------- d-----w- c:\documents and settings\marek\Application Data\U3
2009-11-10 15:18 . 2008-12-08 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-09 16:35 . 2009-11-09 16:35 -------- d-----w- c:\program files\Web Page Maker
2009-11-09 16:30 . 2009-11-09 16:28 -------- d-----w- c:\program files\wamp
2009-11-07 08:55 . 2009-11-06 11:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-05 21:56 . 2009-09-07 11:47 -------- d-----w- c:\program files\QIP8095
2009-11-03 21:20 . 2009-11-03 21:19 -------- d-----w- c:\program files\VDOWNLOADER
2009-11-01 14:45 . 2008-09-01 08:13 -------- d-----w- c:\documents and settings\marek\Application Data\BitTorrent
2009-10-31 07:31 . 2009-11-10 19:59 926720 ----a-w- c:\windows\system32\MyDefragScreenSaver.exe
2009-10-28 08:58 . 2009-11-10 19:59 93696 ----a-w- c:\windows\system32\MyDefragScreenSaver.scr
2009-10-25 08:07 . 2009-10-25 08:07 483 ----a-w- c:\windows\eReg.dat
2009-10-24 09:59 . 2009-10-24 09:59 293 ----a-w- c:\windows\EReg072.dat
2009-10-13 10:30 . 2004-08-03 23:56 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-03 23:56 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-03 23:56 79872 ----a-w- c:\windows\system32\raschap.dll
2003-03-02 00:57 . 2003-03-02 00:57 21019 ----a-w- c:\program files\uninstallBFL
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\valve\steam\steam.exe" [2009-10-24 1217808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-05-10 11776]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\marek\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\trojanskinhead69\\condition zero\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\trojanskinhead69\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\trojanskinhead69\\condition zero deleted scenes\\hl.exe"=
"c:\\Program Files\\Non Steam\\hl.exe"=
"c:\\Program Files\\Non Steam\\hlds.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Non Steam\\hltv.exe"=
"c:\\Program Files\\xampp\\apache\\bin\\apache.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\QIP8080\\qip.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\trojanskinhead69\\day of defeat\\hl.exe"=
"c:\\Program Files\\QIP8082\\qip.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\QIP8092\\qip.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\QIP8095\\qip.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=
"c:\\Program Files\\QIP8095\\QIP\\qip.exe"=
"c:\\Program Files\\totalcmd7,5\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [17.5.2008 12:48 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12.10.2009 21:24 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.10.2009 21:24 74480]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [26.12.2009 18:37 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [24.7.2007 8:45 328824]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [11.7.2007 9:20 201848]
R2 Apache2.2;Apache2.2;c:\program files\xampp\apache\bin\apache.exe [14.6.2008 18:02 17408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.5.2008 12:48 20560]
R2 LF30FS;LF30FS;c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [19.11.2004 17:07 101488]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [26.12.2009 18:37 65576]
S2 XAMPP;XAMPP Service;c:\program files\xampp\service.exe [21.12.2007 3:01 60928]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12.10.2009 21:24 7408]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
Trusted Zone: musicmatch.com\online
TCP: {1C1879CD-9BA0-470B-BC87-E8AC105BE642} = 62.128.126.10,62.168.96.4
TCP: {E3D8BE3F-1CD4-40AF-A411-FABAAB0CD979} = 193.93.72.10,193.93.72.1
FF - ProfilePath - c:\documents and settings\marek\Application Data\Mozilla\Firefox\Profiles\m9fcc630.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-30 18:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(840)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(416)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2009-12-30 18:10:10
ComboFix-quarantined-files.txt 2009-12-30 17:10
Pre-Run: 1 950 380 032 bytes free
Post-Run: 1 908 453 376 voľných bajtov
- - End Of File - - 68C4B4058C383E645E565CC0237546B8
-
sxewarrior
- Návštěvník
- Příspěvky: 85
- Registrován: 10 lis 2009 13:39
Re: Procesor
Gmer1:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2009-12-30 18:53:36
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\marek\LOCALS~1\Temp\uxtdypog.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs LF30XP.sys
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Fastfat \Fat LF30XP.sys
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2009-12-30 18:53:36
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\marek\LOCALS~1\Temp\uxtdypog.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs LF30XP.sys
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Fastfat \Fat LF30XP.sys
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.15 ----
Přispějete na provoz fóra?