Nefunguje Windows Update - chyba 8024402C (pokracovanie)
Napsal: 20 říj 2010 14:39
pokracujem v omylom zmazanej teme, chceli ste odo mna vypis z Combofixu... divne je, ze Combofix bezal 20 hodin, zrejme to nie je uplne bezne, aby to tolko trvalo (zas ale som nedokazal uplne vypnut Avast 5, iba rezidentne stity, kde sa to vobec vypina?)...
TU JE LOG:
ComboFix 10-10-18.05 - Evka Gočová . 10. 2010 17:29:30.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.421.1051.18.1470.798 [GMT 2:00]
Running from: c:\users\Evka Gočová\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081120-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 081120-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((( Files Created from 2010-09-20 to 2010-10-20 )))))))))))))))))))))))))))))))
.
2010-10-20 11:04 . 2010-10-20 11:30 -------- d-----w- c:\users\Evka Gočová\AppData\Local\temp
2010-10-20 11:04 . 2010-10-20 11:04 -------- d-----w- c:\users\EVKAGO~2\AppData\Local\temp
2010-10-20 11:04 . 2010-10-20 11:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-19 15:01 . 2010-10-19 15:02 85730 ----a-w- c:\windows\crpf_sdum.bin
2010-10-19 15:01 . 2010-10-19 15:02 103794 ----a-w- c:\windows\crpf.bin
2010-10-19 14:33 . 2010-10-19 15:05 -------- d-----w- C:\32788R22FWJFW
2010-10-18 13:28 . 2010-10-18 13:28 -------- d-----w- c:\users\Evka Gočová\AppData\Roaming\Malwarebytes
2010-10-18 13:27 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-18 13:27 . 2010-10-18 13:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-18 13:27 . 2010-10-18 13:27 -------- d-----w- c:\programdata\Malwarebytes
2010-10-18 13:27 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-17 09:46 . 2010-10-17 10:14 -------- d-----w- c:\program files\trend micro
2010-10-17 09:46 . 2010-10-17 09:47 -------- d-----w- C:\rsit
2010-10-16 16:26 . 2010-10-16 16:26 -------- d-----w- C:\TEMP
2010-10-16 14:40 . 2010-10-16 14:40 -------- d-----w- c:\users\Evka Gočová\AppData\Roaming\ComodoGroup
2010-10-16 14:37 . 2010-10-16 14:37 -------- d-----w- c:\program files\COMODO
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-04 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"VTTimer"="VTTimer.exe" [2006-09-14 53248]
"VTTrayp"="VTtrayp.exe" [2007-04-25 176128]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SoundMan"="SOUNDMAN.EXE" [2008-09-10 604704]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"COMODO System Cleaner Finalize All"="c:\program files\COMODO\COMODO System-Cleaner\CSC.EXE" [2010-03-11 6553352]
c:\users\Evka Goźov \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-95127698-2245150545-438509162-1004]
"EnableNotificationsRef"=dword:00000006
R0 CFRMD;CFRMD;c:\windows\System32\drivers\CFRMD.sys [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2008-11-21 16616]
S3 vmcam325av;Vimicro USB2.0 PC Camera(VC0323);c:\windows\system32\Drivers\vmcam323av.sys [2007-03-27 232448]
S3 vvftav323;vvftav323;c:\windows\system32\drivers\vvftav323.sys [2007-03-27 475136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-10-19 c:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-03-09 13:41]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Evka Gočová\AppData\Roaming\Mozilla\Firefox\Profiles\fqttzx4u.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://pobox.sk/\r
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\users\Evka Gočová\AppData\Roaming\Mozilla\Firefox\Profiles\fqttzx4u.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
Completion time: 2010-10-20 13:42:28
ComboFix-quarantined-files.txt 2010-10-20 11:41
Pre-Run: 26 183 200 768 bytes free
Post-Run: 26 601 349 120 bytes free
- - End Of File - - 1BD16742EA83CB8C0593F50B1CF30BC8
TU JE LOG:
ComboFix 10-10-18.05 - Evka Gočová . 10. 2010 17:29:30.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.421.1051.18.1470.798 [GMT 2:00]
Running from: c:\users\Evka Gočová\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081120-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 081120-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((( Files Created from 2010-09-20 to 2010-10-20 )))))))))))))))))))))))))))))))
.
2010-10-20 11:04 . 2010-10-20 11:30 -------- d-----w- c:\users\Evka Gočová\AppData\Local\temp
2010-10-20 11:04 . 2010-10-20 11:04 -------- d-----w- c:\users\EVKAGO~2\AppData\Local\temp
2010-10-20 11:04 . 2010-10-20 11:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-19 15:01 . 2010-10-19 15:02 85730 ----a-w- c:\windows\crpf_sdum.bin
2010-10-19 15:01 . 2010-10-19 15:02 103794 ----a-w- c:\windows\crpf.bin
2010-10-19 14:33 . 2010-10-19 15:05 -------- d-----w- C:\32788R22FWJFW
2010-10-18 13:28 . 2010-10-18 13:28 -------- d-----w- c:\users\Evka Gočová\AppData\Roaming\Malwarebytes
2010-10-18 13:27 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-18 13:27 . 2010-10-18 13:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-18 13:27 . 2010-10-18 13:27 -------- d-----w- c:\programdata\Malwarebytes
2010-10-18 13:27 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-17 09:46 . 2010-10-17 10:14 -------- d-----w- c:\program files\trend micro
2010-10-17 09:46 . 2010-10-17 09:47 -------- d-----w- C:\rsit
2010-10-16 16:26 . 2010-10-16 16:26 -------- d-----w- C:\TEMP
2010-10-16 14:40 . 2010-10-16 14:40 -------- d-----w- c:\users\Evka Gočová\AppData\Roaming\ComodoGroup
2010-10-16 14:37 . 2010-10-16 14:37 -------- d-----w- c:\program files\COMODO
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-04 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"VTTimer"="VTTimer.exe" [2006-09-14 53248]
"VTTrayp"="VTtrayp.exe" [2007-04-25 176128]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SoundMan"="SOUNDMAN.EXE" [2008-09-10 604704]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"COMODO System Cleaner Finalize All"="c:\program files\COMODO\COMODO System-Cleaner\CSC.EXE" [2010-03-11 6553352]
c:\users\Evka Goźov \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-95127698-2245150545-438509162-1004]
"EnableNotificationsRef"=dword:00000006
R0 CFRMD;CFRMD;c:\windows\System32\drivers\CFRMD.sys [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2008-11-21 16616]
S3 vmcam325av;Vimicro USB2.0 PC Camera(VC0323);c:\windows\system32\Drivers\vmcam323av.sys [2007-03-27 232448]
S3 vvftav323;vvftav323;c:\windows\system32\drivers\vvftav323.sys [2007-03-27 475136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-10-19 c:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-03-09 13:41]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Evka Gočová\AppData\Roaming\Mozilla\Firefox\Profiles\fqttzx4u.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://pobox.sk/\r
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\users\Evka Gočová\AppData\Roaming\Mozilla\Firefox\Profiles\fqttzx4u.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
Completion time: 2010-10-20 13:42:28
ComboFix-quarantined-files.txt 2010-10-20 11:41
Pre-Run: 26 183 200 768 bytes free
Post-Run: 26 601 349 120 bytes free
- - End Of File - - 1BD16742EA83CB8C0593F50B1CF30BC8
