Este pred instalaciou noveho ovladaca a direct x som spustil cfix. Tu je log. Prosim o kontrolu. Moj antivir. program este hlasi jednu infekciu, ktoru sam nemoze zmazat, ale navrhuje mi, aby som ju zmazal manualne. To mi vsak nejde ziadnym sposobom. Prosim o radu. Je to v: Users\europe\appdata\Roaming\Microsoft\Installer\{5977A284-6ADB-4CC1-BEC5-1CDE7908ACA3}\SystemFolder_msiexec.exe
a vola sa: Adware.SpyZooka.R.10134
Diky
ComboFix 11-01-09.03 - europe . 01. 2011 17:48:25.21.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1029.18.2046.1239 [GMT 1:00]
Running from: c:\users\europe\Desktop\ComboFix.exe
AV: HAURI AntiVirus ViRobot *Disabled/Updated* {ECA667F4-6D59-8F37-51FD-B7AA9FB8A987}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_RKHIT
((((((((((((((((((((((((( Files Created from 2010-12-10 to 2011-01-10 )))))))))))))))))))))))))))))))
.
2011-01-10 17:09 . 2011-01-10 17:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-01-09 20:09 . 2010-11-16 11:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4708DB26-38D7-47EF-9362-8E08347F9497}\mpengine.dll
2011-01-09 14:24 . 2011-01-09 14:24 -------- d-----w- c:\programdata\Kaspersky Lab
2011-01-09 12:09 . 2011-01-09 12:37 -------- d-----w- c:\program files\trend micro
2011-01-09 12:08 . 2011-01-09 12:11 -------- d-----w- C:\rsit
2011-01-09 00:49 . 2011-01-09 00:49 -------- d-----w- c:\users\europe\AppData\Roaming\HAURI
2011-01-09 00:18 . 2011-01-09 00:18 -------- d-----w- c:\users\europe\AppData\Roaming\CheckPoint
2011-01-09 00:17 . 2011-01-09 00:17 -------- d-----w- c:\program files\Conduit
2011-01-09 00:17 . 2011-01-09 00:17 -------- d-----w- c:\program files\ZoneAlarm_Security
2011-01-09 00:16 . 2011-01-09 00:16 -------- d-----w- c:\program files\CheckPoint
2011-01-09 00:15 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-09 00:13 . 2010-05-15 15:30 457304 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2011-01-09 00:13 . 2011-01-09 00:13 -------- d-----w- c:\program files\Zone Labs
2011-01-09 00:12 . 2011-01-09 00:12 -------- d-----w- c:\programdata\CheckPoint
2011-01-09 00:12 . 2011-01-10 17:19 -------- d-----w- c:\windows\Internet Logs
2011-01-09 00:03 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-09 00:03 . 2011-01-09 19:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-09 00:03 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-08 23:32 . 2011-01-08 23:32 -------- d-----w- c:\users\europe\AppData\Local\eSupport.com
2011-01-08 23:32 . 2011-01-08 23:32 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-01-07 00:13 . 2011-01-07 00:13 11264 ----a-w- c:\windows\DCEBoot.exe
2011-01-07 00:13 . 2011-01-07 00:13 102400 ----a-w- c:\windows\RegBootClean.exe
2011-01-06 22:56 . 2011-01-06 22:56 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Trend Micro
2011-01-05 22:51 . 2011-01-09 20:36 -------- d-----w- C:\HAURI
2011-01-05 11:16 . 2010-11-08 13:00 91760 ----a-w- c:\windows\system32\drivers\vrptcomn.sys
2011-01-05 10:58 . 2010-12-20 12:00 45152 ----a-w- c:\windows\system32\drivers\VRFWNTD6.SYS
2011-01-05 10:58 . 2010-12-07 08:00 46544 ------w- c:\windows\system32\drivers\vracfil.sys
2011-01-05 10:58 . 2010-11-02 14:00 28528 ------w- c:\windows\system32\drivers\VRsecos.sys
2011-01-05 10:58 . 2011-01-05 11:18 118576 ----a-w- c:\windows\system32\drivers\vradfil.sys
2011-01-05 10:56 . 2011-01-05 10:56 -------- d-----w- c:\program files\Hauri
2011-01-05 02:08 . 2011-01-08 00:45 -------- d-----w- c:\program files\SpywareRemovalToolkit
2011-01-02 13:59 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\98392182.sys
2011-01-02 13:59 . 2009-10-09 21:31 311312 ----a-w- c:\windows\system32\drivers\9839218.sys
2011-01-02 13:59 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\98392181.sys
2011-01-02 11:46 . 2011-01-02 12:04 -------- d-----w- c:\program files\Driver Sweeper
2011-01-01 12:29 . 2011-01-06 17:20 -------- d-----w- c:\programdata\Alwil Software
2011-01-01 12:29 . 2011-01-01 12:29 -------- d-----w- c:\program files\Alwil Software
2011-01-01 02:47 . 2010-11-09 19:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{584F51DB-8B9B-4C3D-A1B6-AD31C622457D}\mpengine.dll
2010-12-29 19:48 . 2010-12-29 19:48 -------- d-----w- c:\users\europe\AppData\Roaming\SUPERAntiSpyware.com
2010-12-29 19:48 . 2010-12-29 19:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-28 00:21 . 2010-12-28 00:23 -------- d-----w- c:\users\europe\{672c3b43-4498-4d81-8d2e-adbe47e27a28}
2010-12-15 15:38 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-16 16:45 . 2011-01-09 00:14 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-11-16 16:45 . 2011-01-09 00:14 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-11-16 16:45 . 2011-01-09 00:14 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2010-11-09 19:33 . 2010-10-15 12:52 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-11-04 18:56 . 2010-12-15 15:44 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-15 15:44 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-15 15:44 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-15 15:44 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-15 15:44 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01 . 2010-12-15 15:44 916480 ----a-w- c:\windows\system32\wininet.dll
2010-10-28 13:20 . 2010-12-15 15:43 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-19 09:41 . 2009-10-09 15:04 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-18 13:31 . 2010-12-15 15:45 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-15 13:37 . 2010-10-08 23:36 35296 ----a-w- c:\windows\system32\drivers\Dvd43.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2010-12-01 10:27 2735200 ----a-w- c:\program files\ZoneAlarm_Security\tbZone.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-16 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-10-14 202256]
"Vrmon"="c:\program files\Hauri\Common\Base\VRMONNT.EXE" [2009-12-16 314080]
"HEProtect"="c:\program files\Hauri\ViRobot Desktop 5.5\AntiSpam\HSockPE.exe" [2008-10-29 385112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-11-05 738808]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [2010-11-07 232912]
c:\users\Duçan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Orez vaź obrazovky a spŁçśaź programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpzrcv01.LNK]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpzrcv01.LNK
backup=c:\windows\pss\hpzrcv01.LNK.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^europe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orezávač obrazovky a spúšťač programu OneNote 2007.lnk]
path=c:\users\europe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk
backup=c:\windows\pss\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-04-13 00:29 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
2010-11-18 09:44 9221024 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD43]
2006-10-26 13:58 258560 ----a-w- c:\progra~1\DVDREG~1\DVDRegionFree.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 09:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2007-05-04 11:14 36864 ----a-w- c:\program files\HP\HP UT\bin\hppusg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 14:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-06-12 12:03 56080 ----a-w- c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-08-20 11:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-20 17:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 09:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 22:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\users\europe\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Booster]
2007-11-30 16:16 14450688 ----a-w- c:\program files\inKline Global\PC Booster\PCBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-02-13 09:38 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2009-03-10 19:19 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-12-14 20:02 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-16 23:19 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 00:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-10-14 15:44 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2011-01-08 23456]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 RegKernelHelp;RegKernelHelp;c:\program files\Safe Returner\RegKernelHelp.sys [x]
R3 VrAdUtil;VrAdUtil;c:\program files\Hauri\Common\Base\VrAdUtil.sys [2011-01-05 79480]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 98392182;98392182 Boot Guard Driver;c:\windows\system32\DRIVERS\98392182.sys [2009-10-22 37392]
S1 98392181;98392181;c:\windows\system32\DRIVERS\98392181.sys [2009-09-25 128016]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vrptcomn;vrptcomn;c:\windows\system32\drivers\vrptcomn.sys [2010-11-08 91760]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 hpcsvc;ViRobot Communication Service;c:\program files\Hauri\ViRobot Desktop 5.5\hpcsvc.exe [2009-11-30 513616]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-11-05 26872]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-11-05 488952]
S2 ViRobot Common Scan Service;ViRobot Common Scan Service;c:\program files\Hauri\Common\Base\vrscan.exe [2011-01-05 176128]
S2 vrptself;vrptself;c:\program files\Hauri\ViRobot Desktop 5.5\AccessControl\vrptself.sys [2010-11-08 330992]
S2 vrptsvc;Hauri Self Protect Service;c:\program files\Hauri\ViRobot Desktop 5.5\AccessControl\vrptsvc.exe [2010-11-25 251248]
S3 Dvd43;Dvd43;c:\windows\system32\DRIVERS\Dvd43.sys [2010-10-15 35296]
S3 VRFWNTD6;VRFWNTD6 Hauri Network Driver; [x]
S3 vrrepair;ViRobot Repairing Service;c:\program files\Hauri\Common\Base\vrrepair.exe [2011-01-05 510576]
S3 VRsecos;VRsecos;c:\windows\system32\drivers\VRsecos.sys [2010-11-02 28528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:34]
2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:34]
2011-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796638298-2559362022-2688697916-1003Core.job
- c:\users\europe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 13:47]
2011-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796638298-2559362022-2688697916-1003UA.job
- c:\users\europe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 13:47]
2011-01-10 c:\windows\Tasks\User_Feed_Synchronization-{31DCA4EB-CAB0-4CED-A8DA-AFE4AA220AB7}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
2011-01-10 c:\windows\Tasks\User_Feed_Synchronization-{3C6F9F0F-B0CC-4309-9516-7E4D078D0473}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
2011-01-10 c:\windows\Tasks\User_Feed_Synchronization-{78F5F398-0C2F-4584-8E4C-DE0DC4FBE144}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
2011-01-10 c:\windows\Tasks\User_Feed_Synchronization-{DBCCA46E-DC2D-4EC9-8D73-B2464A42AE53}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bing.sk/
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
TCP: {4C3718A6-DD75-4B1A-B628-36FC48575DCC} = 192.168.2.1
FF - ProfilePath - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-NvCplDaemon - c:\windows\system32\NvCpl.dll
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-01-10 18:18
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000fb
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(724)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
- - - - - - - > 'Explorer.exe'(1736)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\system32\APSHook.dll
c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
c:\windows\system32\BTNCopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
c:\windows\system32\WLANExt.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hauri\ViRobot Desktop 5.5\AccessControl\HFACSvc.exe
c:\program files\Hauri\Common\hsvcmod.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Hauri\ViRobot Desktop 5.5\PCFirewall\vrfwsvc.exe
c:\program files\Hauri\Common\Base\vrmonsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Internet Explorer\IELowutil.exe
c:\program files\HAURI\VIROBOT DESKTOP 5.5\ANTIVIRUS\VRRW32.EXE
.
**************************************************************************
.
Completion time: 2011-01-10 18:41:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-10 17:41
Pre-Run: 6 319 841 280
Post-Run: 5 582 774 272
- - End Of File - - A45A4EF235BBD68AFC2FF905A6A8B5BE
Pokud nemáte, přesuňte Combofix na plochu