Zdravim mam problem s pc. Bol zavireny a po instalacii esetu nastali problemy so services.exe nieco, ze na 0x000000 nemozno zapisovat. Momentalne mi vyhadzuje dialogove okna s talcitko NEODESILAT. A obcas po starte BSoD.
Uz som skusil aj scan Comboxifom, odstranilo asi 5 exe suborov, ale nepomohlo.
Prosim o pomoc. Vopred vdaka.
Prikladam log z RSIT
Logfile of random's system information tool 1.08 (written by random/random)
Run by Marianka at 2010-12-22 12:22:53
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 129 GB (89%) free of 144 GB
Total RAM: 1014 MB (38% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:22:58, on 22.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\Marianka\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marianka\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marianka\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marianka\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marianka\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Marianka\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Marianka.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://googleure.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 0&m=ao751h
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://homepage.acer.com/rdr.aspx?b=ACA ... 0&m=ao751h
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Pridať do blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Pridať do blogu v programe Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DDD8574-197D-4CED-AECE-CFB4F965D351}: NameServer = 192.168.1.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
O20 - Winlogon Notify: igdlogin - igdlogin.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: RUMBA AS/400 Shared Folders (ayaoekguy8l6oiv) - Unknown owner - C:\WINDOWS\system32\limet.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
--
End of file - 6796 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v sieti Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-12-01 297648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-26 843832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-12-01 297648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-11-04 2219184]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-06-12 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [2006-07-17 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fyloo]
C:\WINDOWS\system32\wouzod.exe [2010-11-15 201216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-04-18 24064]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2009-05-01 354840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2009-05-01 137752]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\Program Files\Launch Manager\LManager.exe [2009-02-20 817672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-06-10 1218008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
C:\Documents and Settings\Marianka\vyr.exe \u []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-12-02 3882312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-14 59392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA driver monitor]
C:\WINDOWS\nvsvc32.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PersistenceThread]
C:\WINDOWS\system32\PersistenceThread.exe [2009-05-01 92696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
C:\WINDOWS\PLFSetL.exe [2008-07-03 94208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductReg]
C:\Program Files\Acer\WR_PopUp\ProductReg.exe [2008-11-17 135168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-10-17 91432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2009-03-24 17567744]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2uvc]
C:\WINDOWS\system32\csnp2uvc.dll [2008-11-03 196608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-06-12 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-02-27 1434920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Firewall]
C:\DOCUME~1\Marianka\LOCALS~1\Temp\lsass.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Z810PNP]
C:\Program Files\Connection Manager\SamsungPnPServiceManager.exe [2008-09-09 122880]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Z810SysStart]
C:\Program Files\Connection Manager\sysctrl.exe [2008-09-01 307200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer VCM.lnk]
C:\PROGRA~1\Acer\ACERVC~1\AcerVCM.exe [2009-02-11 565248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2009-03-23 603488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^T-Mobile Communication Center.lnk]
C:\PROGRA~1\T-MOBI~1\TMCC.exe [2009-10-23 761856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^0ii73aa.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\0ii73aa.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^0kkfwwr.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\0kkfwwr.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^0mh1ote.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\0mh1ote.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^0mndo9p.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\0mndo9p.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^0rid0jf.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\0rid0jf.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^1gb0xsi.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\1gb0xsi.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^23uv31m.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\23uv31m.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^26uuvwr.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\26uuvwr.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^2nii6uv.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\2nii6uv.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^2ozqa6m.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\2ozqa6m.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^2rhhyyo.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\2rhhyyo.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^3dtpaa1.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\3dtpaa1.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^5rr0ii7.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\5rr0ii7.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^6aa6mm6.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\6aa6mm6.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^6j0zfgg.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\6j0zfgg.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^6kk6ww6.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\6kk6ww6.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^6mm6yy6.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\6mm6yy6.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^70ii73a.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\70ii73a.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^70plgg6.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\70plgg6.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^7xdzpgw.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\7xdzpgw.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^8lrw6dj.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\8lrw6dj.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^9c3ek0g.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\9c3ek0g.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^9g1cyyz.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\9g1cyyz.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^9q1mitp.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\9q1mitp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^9w1sooj.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\9w1sooj.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^a3h6t1eaagg.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\a3h6t1eaagg.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^aagbcdot.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\aagbcdot.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^aavmmhydzp.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\aavmmhydzp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^bww6ii6uu.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\bww6ii6uu.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^bww6ii6uu6g.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\bww6ii6uu6g.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^bxndze9a.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\bxndze9a.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^cxotzpqbmm.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\cxotzpqbmm.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^dd9p80mm80e.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\dd9p80mm80e.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^dyuupa6mm6.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\dyuupa6mm6.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^e3ggbssneez.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\e3ggbssneez.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^eezqqlcc.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\eezqqlcc.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^f0lhh0dzu.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\f0lhh0dzu.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^ffwwriid.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\ffwwriid.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^fqb2x0tj.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\fqb2x0tj.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^fvvrhhdt.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\fvvrhhdt.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^fwwm2t87agg.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\fwwm2t87agg.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^g9c1oj1kllh.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\g9c1oj1kllh.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^g9c1yuuvql.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\g9c1yuuvql.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^glhsxtoef.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\glhsxtoef.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^h0njee6qq.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\h0njee6qq.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^hdooeplb.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\hdooeplb.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^hyy6zvglhm3.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\hyy6zvglhm3.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^idz5qgmhc4.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\idz5qgmhc4.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^ijop4lhxxt.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\ijop4lhxxt.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^kflb3dtja.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\kflb3dtja.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^l1mitppgg.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\l1mitppgg.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^lgmsitzpql.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\lgmsitzpql.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^m9i1eaavmm.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\m9i1eaavmm.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^neezqqlccxo.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\neezqqlccxo.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^nii6kpal2xs.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\nii6kpal2xs.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^nnjzzvllhxx.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\nnjzzvllhxx.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^o3qqlccxooj.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\o3qqlccxooj.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^p0vrmm6oz.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\p0vrmm6oz.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^pkk6mrnii.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\pkk6mrnii.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^qbhx26upp.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\qbhx26upp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^qlccxoojaa.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\qlccxoojaa.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^r23dtpaa.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\r23dtpaa.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^riiduupg.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\riiduupg.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^rndttkkf2h.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\rndttkkf2h.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^s9o1ka6mm6.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\s9o1ka6mm6.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^sneep2bw.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\sneep2bw.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tejuvvmmh.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\tejuvvmmh.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tjjfvvrh.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\tjjfvvrh.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tjpvg49yez.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\tjpvg49yez.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tpffbrrn.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\tpffbrrn.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tpkk6ww6.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\tpkk6ww6.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tufk3mmhdd.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\tufk3mmhdd.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^u3wm0n1e.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\u3wm0n1e.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^ufbww6ii.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\ufbww6ii.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^uk1l9xiye5.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\uk1l9xiye5.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^upggbssnee.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\upggbssnee.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^vmrnddz2vqg.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\vmrnddz2vqg.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^vqq3m3oojaa.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\vqq3m3oojaa.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^vqq6cc6oo6a.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\vqq6cc6oo6a.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^vr9xiye5.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\vr9xiye5.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^wwriiduupg.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\wwriiduupg.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^wwriiduuvq.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\wwriiduuvq.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^xijuqwwm.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\xijuqwwm.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^xojkpllc.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\xojkpllc.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^xs1t9kbbc3t.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\xs1t9kbbc3t.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^y0f3w0h6.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\y0f3w0h6.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^y3aavmmhyyt.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\y3aavmmhyyt.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^y70zvqq6c.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\y70zvqq6c.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^z3wwriidukf.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\z3wwriidukf.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^zvllhxxt.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\zvllhxxt.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^zzvllhxsi9e.exe]
C:\Documents and Settings\Marianka\Start Menu\Programs\Startup\zzvllhxsi9e.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2
"McSysmon"=3
"McShield"=2
"McProxy"=2
"McODS"=3
"McNASvc"=2
"mcmscsvc"=2
"McAfee SiteAdvisor Service"=2
"gusvc"=3
"gupdate"=2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igdlogin]
C:\WINDOWS\system32\igdlogin.dll [2009-04-28 65536]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hqfjmugi]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xqdluecg.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hqfjmugi]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\xqdluecg.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Documents and Settings\Marianka\Local Settings\Temporary Internet Files\Content.IE5\L110IBBL\P1876832.JPG-www.facebook[1].exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\DOCUME~1\Marianka\LOCALS~1\Temp\46463.exe"="C:\DOCUME~1\Marianka\LOCALS~1\Temp\46463.exe:*:Enabled:Microsoft Office"
"C:\WINDOWS\system32\spool\drivers\Distributed.exe"="C:\WINDOWS\system32\spool\drivers\Distributed.exe:*:Enabled:BWProxyClient"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
======List of files/folders created in the last 1 months======
2010-12-22 12:22:54 ----D---- C:\Program Files\trend micro
2010-12-22 12:22:53 ----D---- C:\rsit
2010-12-22 12:03:27 ----ASH---- C:\hiberfil.sys
2010-12-22 12:00:57 ----D---- C:\WINDOWS\temp
2010-12-22 11:46:03 ----A---- C:\WINDOWS\ntbtlog.txt
2010-12-22 11:08:57 ----A---- C:\Boot.bak
2010-12-22 11:08:45 ----RASHD---- C:\cmdcons
2010-12-22 10:32:54 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2010-12-17 19:08:09 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2010-12-17 18:48:45 ----D---- C:\WINDOWS\pss
2010-12-17 18:45:09 ----D---- C:\Program Files\CCleaner
2010-12-17 18:39:58 ----D---- C:\Program Files\ESET
2010-12-17 13:29:32 ----A---- C:\WINDOWS\ModemLog_SAMSUNG Mobile Modem #2.txt
2010-12-15 21:52:15 ----A---- C:\WINDOWS\ModemLog_ZTE Proprietary USB Modem.txt
2010-12-15 21:51:56 ----D---- C:\Documents and Settings\Marianka\Application Data\Paradoxx
2010-12-15 21:51:44 ----D---- C:\Documents and Settings\All Users\Application Data\Paradoxx
2010-12-15 21:51:44 ----A---- C:\WINDOWS\system32\SkinCrafter3_vs2005.dll
2010-12-15 21:51:42 ----A---- C:\WINDOWS\system32\gdiplus.dll
2010-12-15 21:48:30 ----A---- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys
2010-12-15 21:48:30 ----A---- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys
2010-12-15 21:48:29 ----A---- C:\WINDOWS\system32\drivers\ZTEusbnet.sys
2010-12-15 21:48:29 ----A---- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys
2010-12-15 21:48:29 ----A---- C:\WINDOWS\system32\drivers\massfilter.sys
2010-12-15 21:48:05 ----D---- C:\Program Files\T-Mobile Communication Center
2010-11-27 18:03:00 ----A---- C:\WINDOWS\system32\drivers\hqfjmugi.sys
2010-11-23 20:55:59 ----RA---- C:\Documents and Settings\Marianka\Application Data\hDlkH.txt
======List of files/folders modified in the last 1 months======
2010-12-22 12:22:54 ----RD---- C:\Program Files
2010-12-22 12:16:41 ----D---- C:\WINDOWS\Minidump
2010-12-22 12:16:39 ----D---- C:\WINDOWS\Prefetch
2010-12-22 12:15:43 ----D---- C:\WINDOWS
2010-12-22 12:09:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-22 12:04:11 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-22 12:03:26 ----D---- C:\WINDOWS\system32\drivers
2010-12-22 12:03:10 ----AD---- C:\WINDOWS\system32
2010-12-22 12:02:29 ----D---- C:\WINDOWS\system32\config
2010-12-22 11:57:04 ----D---- C:\WINDOWS\AppPatch
2010-12-22 11:57:00 ----D---- C:\Program Files\Common Files
2010-12-22 11:51:01 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-22 11:46:47 ----D---- C:\Documents and Settings
2010-12-22 11:08:58 ----RASH---- C:\boot.ini
2010-12-22 10:39:55 ----D---- C:\Program Files\Connection Manager
2010-12-17 20:24:19 ----A---- C:\WINDOWS\win.ini
2010-12-17 20:24:09 ----A---- C:\WINDOWS\system.ini
2010-12-17 20:03:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-17 19:10:07 ----SHD---- C:\WINDOWS\Installer
2010-12-17 19:09:51 ----HD---- C:\WINDOWS\inf
2010-12-17 18:59:06 ----D---- C:\WINDOWS\Debug
2010-12-17 17:39:23 ----SD---- C:\Documents and Settings\Marianka\Application Data\Microsoft
2010-12-15 21:48:35 ----D---- C:\WINDOWS\system32\CatRoot
2010-12-04 16:11:03 ----D---- C:\WINDOWS\system32\FxsTmp
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-08-03 95896]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2010-02-17 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-12-30 1346464]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2009-03-19 991136]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 igd;igd; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-04-28 5096544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-24 5056000]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-04-16 132480]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-02-27 205360]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S1 damc842;damc842; C:\WINDOWS\System32\drivers\damc842.sys []
S1 oqsa23b;oqsa23b; C:\WINDOWS\System32\drivers\oqsa23b.sys []
S1 sac253b;sac253b; C:\WINDOWS\System32\drivers\sac253b.sys []
S2 hqfjmugi;hqfjmugi; C:\WINDOWS\system32\drivers\hqfjmugi.sys [2010-11-27 82944]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2009-02-18 534312]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-07-24 156816]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2008-03-10 57384]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-10-30 47272]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 GTUHSBUS;GT UHS BUS; C:\WINDOWS\system32\DRIVERS\gtuhsbus.sys [2008-11-07 62592]
S3 GTUHSNDISIPXP;GT UHS IP NDIS; C:\WINDOWS\system32\DRIVERS\gtuhs51.sys [2008-11-07 105984]
S3 GTUHSSER;GT UHS SER; C:\WINDOWS\system32\DRIVERS\gtuhsser.sys [2008-11-07 8064]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys []
S3 liyjkchp;liyjkchp; \??\C:\WINDOWS\System32\Drivers\liyjkchp.sys []
S3 massfilter;ZTE Mass Storage Filter Driver; C:\WINDOWS\system32\drivers\massfilter.sys [2010-12-15 9728]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2010-02-17 79816]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2010-02-17 35272]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2010-02-17 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2010-02-17 40552]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 otxkekdu;otxkekdu; \??\C:\WINDOWS\System32\Drivers\otxkekdu.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RtsUStor.sys [2009-03-12 164864]
S3 RtsUIR;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2008-02-22 87936]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2008-02-22 14976]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2008-02-22 114304]
S3 sscdserd;SAMSUNG Mobile Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2008-02-22 94336]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 uldxfeju;uldxfeju; \??\C:\WINDOWS\System32\Drivers\uldxfeju.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\RtsUCcid.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2010-12-15 105088]
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2010-12-15 105088]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2010-12-15 105088]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2008-04-14 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2009-03-23 349528]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-11-04 810144]
R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2009-02-05 237568]
S2 ayaoekguy8l6oiv;RUMBA AS/400 Shared Folders; C:\WINDOWS\system32\limet.exe []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2010-02-17 144704]
S2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
S2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-10-02 26640]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-11-04 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-04-18 24064]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-18 135664]
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-18 182768]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2010-04-16 93320]
S4 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2010-06-10 865832]
S4 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
S4 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2010-02-24 365072]
S4 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2010-02-17 606736]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Obcasne restarty, spomaleny pc, predtym kryptik
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
BiELEPiKOLO
- Návštěvník
- Příspěvky: 5
- Registrován: 22 pro 2010 12:24
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Obcasne restarty, spomaleny pc, predtym kryptik
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
BiELEPiKOLO
- Návštěvník
- Příspěvky: 5
- Registrován: 22 pro 2010 12:24
Re: Obcasne restarty, spomaleny pc, predtym kryptik
Tak skusal som vytvorit log pomocou Combofixu, ale pri scanovani naskoci BSoD.
Neviem si s tym dat rady. Staci ked spravim log cez nudzovy rezim? Pretoze tam to ide az po restart v pohode.
Potom to uklada na C: , ze?
Dakujem.
Neviem si s tym dat rady. Staci ked spravim log cez nudzovy rezim? Pretoze tam to ide az po restart v pohode.
Potom to uklada na C: , ze?
Dakujem.
-
BiELEPiKOLO
- Návštěvník
- Příspěvky: 5
- Registrován: 22 pro 2010 12:24
Re: Obcasne restarty, spomaleny pc, predtym kryptik
Som v nudzovom rezime so sietou, kde sa mi podarilo spustit combofix, ktory vytvoril nasledujuci log:
ComboFix 10-12-21.04 - Administrator 22.12.2010 15:50:40.4.2 - x86 NETWORK
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1014.804 [GMT 1:00]
Running from: c:\documents and settings\Marianka\My Documents\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\common.data
c:\windows\system32\wouzod.exe
.
((((((((((((((((((((((((( Files Created from 2010-11-22 to 2010-12-22 )))))))))))))))))))))))))))))))
.
2010-12-22 11:22 . 2010-12-22 11:22 -------- d-----w- c:\program files\trend micro
2010-12-22 11:22 . 2010-12-22 11:23 -------- d-----w- C:\rsit
2010-12-22 10:46 . 2010-12-22 10:46 -------- d-----w- c:\documents and settings\Administrator
2010-12-17 18:11 . 2010-12-17 18:11 -------- d-----w- c:\documents and settings\Marianka\Local Settings\Application Data\ESET
2010-12-17 18:08 . 2010-12-17 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-12-17 17:45 . 2010-12-17 17:45 -------- d-----w- c:\program files\CCleaner
2010-12-17 17:39 . 2010-12-17 18:08 -------- d-----w- c:\program files\ESET
2010-12-15 20:51 . 2010-12-15 20:51 -------- d-----w- c:\documents and settings\Marianka\Application Data\Paradoxx
2010-12-15 20:51 . 2010-12-15 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Paradoxx
2010-12-15 20:51 . 2009-07-13 12:23 880640 ----a-w- c:\windows\system32\SkinCrafter3_vs2005.dll
2010-12-15 20:51 . 2008-04-15 17:47 1724416 ----a-w- c:\windows\system32\gdiplus.dll
2010-12-15 20:48 . 2010-12-15 20:48 105088 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2010-12-15 20:48 . 2010-12-15 20:48 105088 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2010-12-15 20:48 . 2010-12-15 20:48 9728 ----a-w- c:\windows\system32\drivers\massfilter.sys
2010-12-15 20:48 . 2010-12-15 20:48 114688 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys
2010-12-15 20:48 . 2010-12-15 20:48 105088 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2010-12-15 20:48 . 2010-12-15 20:51 -------- d-----w- c:\program files\T-Mobile Communication Center
2010-11-27 17:03 . 2010-11-27 17:03 82944 ----a-w- c:\windows\system32\drivers\hqfjmugi.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-21 19:38 . 2010-10-21 19:38 97881 ----a-w- c:\windows\cold_night_for_alligators.zip
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2009-04-28 03:44 65536 ----a-w- c:\windows\system32\igdlogin.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^T-Mobile Communication Center.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\T-Mobile Communication Center.lnk
backup=c:\windows\pss\T-Mobile Communication Center.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^0ii73aa.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\0ii73aa.exe
backup=c:\windows\pss\0ii73aa.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^0kkfwwr.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\0kkfwwr.exe
backup=c:\windows\pss\0kkfwwr.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^0mh1ote.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\0mh1ote.exe
backup=c:\windows\pss\0mh1ote.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^0mndo9p.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\0mndo9p.exe
backup=c:\windows\pss\0mndo9p.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^0rid0jf.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\0rid0jf.exe
backup=c:\windows\pss\0rid0jf.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^1gb0xsi.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\1gb0xsi.exe
backup=c:\windows\pss\1gb0xsi.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^23uv31m.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\23uv31m.exe
backup=c:\windows\pss\23uv31m.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^26uuvwr.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\26uuvwr.exe
backup=c:\windows\pss\26uuvwr.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^2nii6uv.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\2nii6uv.exe
backup=c:\windows\pss\2nii6uv.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^2ozqa6m.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\2ozqa6m.exe
backup=c:\windows\pss\2ozqa6m.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^2rhhyyo.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\2rhhyyo.exe
backup=c:\windows\pss\2rhhyyo.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^3dtpaa1.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\3dtpaa1.exe
backup=c:\windows\pss\3dtpaa1.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^5rr0ii7.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\5rr0ii7.exe
backup=c:\windows\pss\5rr0ii7.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^6aa6mm6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\6aa6mm6.exe
backup=c:\windows\pss\6aa6mm6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^6j0zfgg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\6j0zfgg.exe
backup=c:\windows\pss\6j0zfgg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^6kk6ww6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\6kk6ww6.exe
backup=c:\windows\pss\6kk6ww6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^6mm6yy6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\6mm6yy6.exe
backup=c:\windows\pss\6mm6yy6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^70ii73a.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\70ii73a.exe
backup=c:\windows\pss\70ii73a.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^70plgg6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\70plgg6.exe
backup=c:\windows\pss\70plgg6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^7xdzpgw.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\7xdzpgw.exe
backup=c:\windows\pss\7xdzpgw.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^8lrw6dj.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\8lrw6dj.exe
backup=c:\windows\pss\8lrw6dj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^9c3ek0g.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\9c3ek0g.exe
backup=c:\windows\pss\9c3ek0g.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^9g1cyyz.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\9g1cyyz.exe
backup=c:\windows\pss\9g1cyyz.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^9q1mitp.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\9q1mitp.exe
backup=c:\windows\pss\9q1mitp.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^9w1sooj.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\9w1sooj.exe
backup=c:\windows\pss\9w1sooj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^a3h6t1eaagg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\a3h6t1eaagg.exe
backup=c:\windows\pss\a3h6t1eaagg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^aagbcdot.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\aagbcdot.exe
backup=c:\windows\pss\aagbcdot.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^aavmmhydzp.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\aavmmhydzp.exe
backup=c:\windows\pss\aavmmhydzp.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^bww6ii6uu.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\bww6ii6uu.exe
backup=c:\windows\pss\bww6ii6uu.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^bww6ii6uu6g.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\bww6ii6uu6g.exe
backup=c:\windows\pss\bww6ii6uu6g.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^bxndze9a.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\bxndze9a.exe
backup=c:\windows\pss\bxndze9a.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^cxotzpqbmm.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\cxotzpqbmm.exe
backup=c:\windows\pss\cxotzpqbmm.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^dd9p80mm80e.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\dd9p80mm80e.exe
backup=c:\windows\pss\dd9p80mm80e.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^dyuupa6mm6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\dyuupa6mm6.exe
backup=c:\windows\pss\dyuupa6mm6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^e3ggbssneez.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\e3ggbssneez.exe
backup=c:\windows\pss\e3ggbssneez.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^eezqqlcc.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\eezqqlcc.exe
backup=c:\windows\pss\eezqqlcc.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^f0lhh0dzu.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\f0lhh0dzu.exe
backup=c:\windows\pss\f0lhh0dzu.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^ffwwriid.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\ffwwriid.exe
backup=c:\windows\pss\ffwwriid.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^fqb2x0tj.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\fqb2x0tj.exe
backup=c:\windows\pss\fqb2x0tj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^fvvrhhdt.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\fvvrhhdt.exe
backup=c:\windows\pss\fvvrhhdt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^fwwm2t87agg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\fwwm2t87agg.exe
backup=c:\windows\pss\fwwm2t87agg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^g9c1oj1kllh.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\g9c1oj1kllh.exe
backup=c:\windows\pss\g9c1oj1kllh.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^g9c1yuuvql.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\g9c1yuuvql.exe
backup=c:\windows\pss\g9c1yuuvql.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^glhsxtoef.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\glhsxtoef.exe
backup=c:\windows\pss\glhsxtoef.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^h0njee6qq.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\h0njee6qq.exe
backup=c:\windows\pss\h0njee6qq.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^hdooeplb.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\hdooeplb.exe
backup=c:\windows\pss\hdooeplb.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^hyy6zvglhm3.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\hyy6zvglhm3.exe
backup=c:\windows\pss\hyy6zvglhm3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^idz5qgmhc4.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\idz5qgmhc4.exe
backup=c:\windows\pss\idz5qgmhc4.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^ijop4lhxxt.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\ijop4lhxxt.exe
backup=c:\windows\pss\ijop4lhxxt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^kflb3dtja.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\kflb3dtja.exe
backup=c:\windows\pss\kflb3dtja.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^l1mitppgg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\l1mitppgg.exe
backup=c:\windows\pss\l1mitppgg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^lgmsitzpql.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\lgmsitzpql.exe
backup=c:\windows\pss\lgmsitzpql.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^m9i1eaavmm.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\m9i1eaavmm.exe
backup=c:\windows\pss\m9i1eaavmm.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^neezqqlccxo.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\neezqqlccxo.exe
backup=c:\windows\pss\neezqqlccxo.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^nii6kpal2xs.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\nii6kpal2xs.exe
backup=c:\windows\pss\nii6kpal2xs.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^nnjzzvllhxx.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\nnjzzvllhxx.exe
backup=c:\windows\pss\nnjzzvllhxx.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^o3qqlccxooj.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\o3qqlccxooj.exe
backup=c:\windows\pss\o3qqlccxooj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^p0vrmm6oz.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\p0vrmm6oz.exe
backup=c:\windows\pss\p0vrmm6oz.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^pkk6mrnii.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\pkk6mrnii.exe
backup=c:\windows\pss\pkk6mrnii.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^qbhx26upp.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\qbhx26upp.exe
backup=c:\windows\pss\qbhx26upp.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^qlccxoojaa.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\qlccxoojaa.exe
backup=c:\windows\pss\qlccxoojaa.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^r23dtpaa.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\r23dtpaa.exe
backup=c:\windows\pss\r23dtpaa.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^riiduupg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\riiduupg.exe
backup=c:\windows\pss\riiduupg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^rndttkkf2h.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\rndttkkf2h.exe
backup=c:\windows\pss\rndttkkf2h.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^s9o1ka6mm6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\s9o1ka6mm6.exe
backup=c:\windows\pss\s9o1ka6mm6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^sneep2bw.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\sneep2bw.exe
backup=c:\windows\pss\sneep2bw.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tejuvvmmh.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\tejuvvmmh.exe
backup=c:\windows\pss\tejuvvmmh.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tjjfvvrh.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\tjjfvvrh.exe
backup=c:\windows\pss\tjjfvvrh.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tjpvg49yez.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\tjpvg49yez.exe
backup=c:\windows\pss\tjpvg49yez.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tpffbrrn.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\tpffbrrn.exe
backup=c:\windows\pss\tpffbrrn.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tpkk6ww6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\tpkk6ww6.exe
backup=c:\windows\pss\tpkk6ww6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tufk3mmhdd.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\tufk3mmhdd.exe
backup=c:\windows\pss\tufk3mmhdd.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^u3wm0n1e.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\u3wm0n1e.exe
backup=c:\windows\pss\u3wm0n1e.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^ufbww6ii.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\ufbww6ii.exe
backup=c:\windows\pss\ufbww6ii.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^uk1l9xiye5.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\uk1l9xiye5.exe
backup=c:\windows\pss\uk1l9xiye5.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^upggbssnee.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\upggbssnee.exe
backup=c:\windows\pss\upggbssnee.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^vmrnddz2vqg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\vmrnddz2vqg.exe
backup=c:\windows\pss\vmrnddz2vqg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^vqq3m3oojaa.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\vqq3m3oojaa.exe
backup=c:\windows\pss\vqq3m3oojaa.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^vqq6cc6oo6a.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\vqq6cc6oo6a.exe
backup=c:\windows\pss\vqq6cc6oo6a.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^vr9xiye5.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\vr9xiye5.exe
backup=c:\windows\pss\vr9xiye5.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^wwriiduupg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\wwriiduupg.exe
backup=c:\windows\pss\wwriiduupg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^wwriiduuvq.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\wwriiduuvq.exe
backup=c:\windows\pss\wwriiduuvq.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^xijuqwwm.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\xijuqwwm.exe
backup=c:\windows\pss\xijuqwwm.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^xojkpllc.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\xojkpllc.exe
backup=c:\windows\pss\xojkpllc.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^xs1t9kbbc3t.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\xs1t9kbbc3t.exe
backup=c:\windows\pss\xs1t9kbbc3t.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^y0f3w0h6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\y0f3w0h6.exe
backup=c:\windows\pss\y0f3w0h6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^y3aavmmhyyt.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\y3aavmmhyyt.exe
backup=c:\windows\pss\y3aavmmhyyt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^y70zvqq6c.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\y70zvqq6c.exe
backup=c:\windows\pss\y70zvqq6c.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^z3wwriidukf.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\z3wwriidukf.exe
backup=c:\windows\pss\z3wwriidukf.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^zvllhxxt.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\zvllhxxt.exe
backup=c:\windows\pss\zvllhxxt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^zzvllhxsi9e.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\zzvllhxsi9e.exe
backup=c:\windows\pss\zzvllhxsi9e.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
c:\documents and settings\Marianka\vyr.exe \u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-07-17 14:40 53248 ----a-w- c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-04-18 01:41 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-05-01 03:13 354840 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-05-01 03:13 137752 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2009-02-20 01:52 817672 ----a-w- c:\program files\Launch Manager\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2010-06-10 04:58 1218008 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-02 20:32 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 09:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PersistenceThread]
2009-05-01 03:13 92696 ----a-w- c:\windows\system32\PersistenceThread.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
2008-07-03 13:58 94208 ----a-w- c:\windows\PLFSetL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductReg]
2008-11-17 07:47 135168 ----a-w- c:\program files\Acer\WR_PopUp\ProductReg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-10-17 08:44 91432 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-03-24 11:10 17567744 ----a-w- c:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2uvc]
2008-11-03 17:00 196608 ----a-w- c:\windows\system32\csnp2uvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-06-12 12:21 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-02-27 08:20 1434920 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Z810PNP]
2008-09-09 11:40 122880 ----a-w- c:\program files\Connection Manager\SamsungPnPServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Z810SysStart]
2008-09-01 13:47 307200 ----a-w- c:\program files\Connection Manager\sysctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3.8.2010 12:28 95896]
S1 damc842;damc842;c:\windows\system32\drivers\damc842.sys --> c:\windows\system32\drivers\damc842.sys [?]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 12:31 115008]
S1 oqsa23b;oqsa23b;c:\windows\system32\drivers\oqsa23b.sys --> c:\windows\system32\drivers\oqsa23b.sys [?]
S1 sac253b;sac253b;c:\windows\system32\drivers\sac253b.sys --> c:\windows\system32\drivers\sac253b.sys [?]
S2 ayaoekguy8l6oiv;RUMBA AS/400 Shared Folders;c:\windows\system32\limet.exe --> c:\windows\system32\limet.exe [?]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [4.11.2010 17:15 810144]
S2 hqfjmugi;hqfjmugi;c:\windows\system32\drivers\hqfjmugi.sys [27.11.2010 18:03 82944]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [18.4.2009 3:33 237568]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [13.9.2010 22:20 2368]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [18.4.2009 2:27 1684736]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [18.4.2009 2:40 24064]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [18.4.2009 10:56 62592]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [18.4.2009 10:56 105984]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [18.4.2009 10:56 8064]
S3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [18.4.2009 2:25 5096544]
S3 liyjkchp;liyjkchp;\??\c:\windows\System32\Drivers\liyjkchp.sys --> c:\windows\System32\Drivers\liyjkchp.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [15.12.2010 21:48 9728]
S3 otxkekdu;otxkekdu;\??\c:\windows\System32\Drivers\otxkekdu.sys --> c:\windows\System32\Drivers\otxkekdu.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [18.4.2009 2:28 164864]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 uldxfeju;uldxfeju;\??\c:\windows\System32\Drivers\uldxfeju.sys --> c:\windows\System32\Drivers\uldxfeju.sys [?]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18.6.2010 22:33 135664]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [18.4.2009 3:12 93320]
.
Contents of the 'Scheduled Tasks' folder
2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 21:32]
2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 21:32]
2010-07-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-18 10:22]
2010-09-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-18 10:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://global.acer.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041b&s=0&o=xph&d=0610&m=ao751h
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {7DDD8574-197D-4CED-AECE-CFB4F965D351} = 192.168.1.3
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-hqfjmugi
SafeBoot-xqdluecg.sys
MSConfigStartUp-fyloo - c:\windows\system32\wouzod.exe
MSConfigStartUp-NVIDIA driver monitor - c:\windows\nvsvc32.exe
MSConfigStartUp-Windows Firewall - c:\docume~1\Marianka\LOCALS~1\Temp\lsass.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-22 15:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-12-22 15:59:21
ComboFix-quarantined-files.txt 2010-12-22 14:59
Pre-Run: 136 425 615 360 bytes free
Post-Run: 15 adresárov, 136 386 306 048 voľných bajtov
- - End Of File - - 29F3D9D5F16B92E021ABFBF89D13B522
ComboFix 10-12-21.04 - Administrator 22.12.2010 15:50:40.4.2 - x86 NETWORK
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1014.804 [GMT 1:00]
Running from: c:\documents and settings\Marianka\My Documents\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\common.data
c:\windows\system32\wouzod.exe
.
((((((((((((((((((((((((( Files Created from 2010-11-22 to 2010-12-22 )))))))))))))))))))))))))))))))
.
2010-12-22 11:22 . 2010-12-22 11:22 -------- d-----w- c:\program files\trend micro
2010-12-22 11:22 . 2010-12-22 11:23 -------- d-----w- C:\rsit
2010-12-22 10:46 . 2010-12-22 10:46 -------- d-----w- c:\documents and settings\Administrator
2010-12-17 18:11 . 2010-12-17 18:11 -------- d-----w- c:\documents and settings\Marianka\Local Settings\Application Data\ESET
2010-12-17 18:08 . 2010-12-17 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-12-17 17:45 . 2010-12-17 17:45 -------- d-----w- c:\program files\CCleaner
2010-12-17 17:39 . 2010-12-17 18:08 -------- d-----w- c:\program files\ESET
2010-12-15 20:51 . 2010-12-15 20:51 -------- d-----w- c:\documents and settings\Marianka\Application Data\Paradoxx
2010-12-15 20:51 . 2010-12-15 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Paradoxx
2010-12-15 20:51 . 2009-07-13 12:23 880640 ----a-w- c:\windows\system32\SkinCrafter3_vs2005.dll
2010-12-15 20:51 . 2008-04-15 17:47 1724416 ----a-w- c:\windows\system32\gdiplus.dll
2010-12-15 20:48 . 2010-12-15 20:48 105088 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2010-12-15 20:48 . 2010-12-15 20:48 105088 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2010-12-15 20:48 . 2010-12-15 20:48 9728 ----a-w- c:\windows\system32\drivers\massfilter.sys
2010-12-15 20:48 . 2010-12-15 20:48 114688 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys
2010-12-15 20:48 . 2010-12-15 20:48 105088 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2010-12-15 20:48 . 2010-12-15 20:51 -------- d-----w- c:\program files\T-Mobile Communication Center
2010-11-27 17:03 . 2010-11-27 17:03 82944 ----a-w- c:\windows\system32\drivers\hqfjmugi.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-21 19:38 . 2010-10-21 19:38 97881 ----a-w- c:\windows\cold_night_for_alligators.zip
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2009-04-28 03:44 65536 ----a-w- c:\windows\system32\igdlogin.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^T-Mobile Communication Center.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\T-Mobile Communication Center.lnk
backup=c:\windows\pss\T-Mobile Communication Center.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^0ii73aa.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\0ii73aa.exe
backup=c:\windows\pss\0ii73aa.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^0kkfwwr.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\0kkfwwr.exe
backup=c:\windows\pss\0kkfwwr.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^0mh1ote.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\0mh1ote.exe
backup=c:\windows\pss\0mh1ote.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^0mndo9p.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\0mndo9p.exe
backup=c:\windows\pss\0mndo9p.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^0rid0jf.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\0rid0jf.exe
backup=c:\windows\pss\0rid0jf.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^1gb0xsi.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\1gb0xsi.exe
backup=c:\windows\pss\1gb0xsi.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^23uv31m.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\23uv31m.exe
backup=c:\windows\pss\23uv31m.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^26uuvwr.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\26uuvwr.exe
backup=c:\windows\pss\26uuvwr.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^2nii6uv.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\2nii6uv.exe
backup=c:\windows\pss\2nii6uv.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^2ozqa6m.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\2ozqa6m.exe
backup=c:\windows\pss\2ozqa6m.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^2rhhyyo.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\2rhhyyo.exe
backup=c:\windows\pss\2rhhyyo.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^3dtpaa1.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\3dtpaa1.exe
backup=c:\windows\pss\3dtpaa1.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^5rr0ii7.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\5rr0ii7.exe
backup=c:\windows\pss\5rr0ii7.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^6aa6mm6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\6aa6mm6.exe
backup=c:\windows\pss\6aa6mm6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^6j0zfgg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\6j0zfgg.exe
backup=c:\windows\pss\6j0zfgg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^6kk6ww6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\6kk6ww6.exe
backup=c:\windows\pss\6kk6ww6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^6mm6yy6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\6mm6yy6.exe
backup=c:\windows\pss\6mm6yy6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^70ii73a.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\70ii73a.exe
backup=c:\windows\pss\70ii73a.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^70plgg6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\70plgg6.exe
backup=c:\windows\pss\70plgg6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^7xdzpgw.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\7xdzpgw.exe
backup=c:\windows\pss\7xdzpgw.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^8lrw6dj.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\8lrw6dj.exe
backup=c:\windows\pss\8lrw6dj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^9c3ek0g.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\9c3ek0g.exe
backup=c:\windows\pss\9c3ek0g.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^9g1cyyz.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\9g1cyyz.exe
backup=c:\windows\pss\9g1cyyz.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^9q1mitp.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\9q1mitp.exe
backup=c:\windows\pss\9q1mitp.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^9w1sooj.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\9w1sooj.exe
backup=c:\windows\pss\9w1sooj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^a3h6t1eaagg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\a3h6t1eaagg.exe
backup=c:\windows\pss\a3h6t1eaagg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^aagbcdot.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\aagbcdot.exe
backup=c:\windows\pss\aagbcdot.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^aavmmhydzp.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\aavmmhydzp.exe
backup=c:\windows\pss\aavmmhydzp.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^bww6ii6uu.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\bww6ii6uu.exe
backup=c:\windows\pss\bww6ii6uu.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^bww6ii6uu6g.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\bww6ii6uu6g.exe
backup=c:\windows\pss\bww6ii6uu6g.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^bxndze9a.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\bxndze9a.exe
backup=c:\windows\pss\bxndze9a.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^cxotzpqbmm.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\cxotzpqbmm.exe
backup=c:\windows\pss\cxotzpqbmm.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^dd9p80mm80e.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\dd9p80mm80e.exe
backup=c:\windows\pss\dd9p80mm80e.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^dyuupa6mm6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\dyuupa6mm6.exe
backup=c:\windows\pss\dyuupa6mm6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^e3ggbssneez.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\e3ggbssneez.exe
backup=c:\windows\pss\e3ggbssneez.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^eezqqlcc.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\eezqqlcc.exe
backup=c:\windows\pss\eezqqlcc.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^f0lhh0dzu.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\f0lhh0dzu.exe
backup=c:\windows\pss\f0lhh0dzu.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^ffwwriid.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\ffwwriid.exe
backup=c:\windows\pss\ffwwriid.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^fqb2x0tj.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\fqb2x0tj.exe
backup=c:\windows\pss\fqb2x0tj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^fvvrhhdt.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\fvvrhhdt.exe
backup=c:\windows\pss\fvvrhhdt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^fwwm2t87agg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\fwwm2t87agg.exe
backup=c:\windows\pss\fwwm2t87agg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^g9c1oj1kllh.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\g9c1oj1kllh.exe
backup=c:\windows\pss\g9c1oj1kllh.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^g9c1yuuvql.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\g9c1yuuvql.exe
backup=c:\windows\pss\g9c1yuuvql.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^glhsxtoef.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\glhsxtoef.exe
backup=c:\windows\pss\glhsxtoef.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^h0njee6qq.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\h0njee6qq.exe
backup=c:\windows\pss\h0njee6qq.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^hdooeplb.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\hdooeplb.exe
backup=c:\windows\pss\hdooeplb.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^hyy6zvglhm3.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\hyy6zvglhm3.exe
backup=c:\windows\pss\hyy6zvglhm3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^idz5qgmhc4.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\idz5qgmhc4.exe
backup=c:\windows\pss\idz5qgmhc4.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^ijop4lhxxt.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\ijop4lhxxt.exe
backup=c:\windows\pss\ijop4lhxxt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^kflb3dtja.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\kflb3dtja.exe
backup=c:\windows\pss\kflb3dtja.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^l1mitppgg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\l1mitppgg.exe
backup=c:\windows\pss\l1mitppgg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^lgmsitzpql.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\lgmsitzpql.exe
backup=c:\windows\pss\lgmsitzpql.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^m9i1eaavmm.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\m9i1eaavmm.exe
backup=c:\windows\pss\m9i1eaavmm.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^neezqqlccxo.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\neezqqlccxo.exe
backup=c:\windows\pss\neezqqlccxo.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^nii6kpal2xs.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\nii6kpal2xs.exe
backup=c:\windows\pss\nii6kpal2xs.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^nnjzzvllhxx.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\nnjzzvllhxx.exe
backup=c:\windows\pss\nnjzzvllhxx.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^o3qqlccxooj.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\o3qqlccxooj.exe
backup=c:\windows\pss\o3qqlccxooj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^p0vrmm6oz.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\p0vrmm6oz.exe
backup=c:\windows\pss\p0vrmm6oz.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^pkk6mrnii.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\pkk6mrnii.exe
backup=c:\windows\pss\pkk6mrnii.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^qbhx26upp.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\qbhx26upp.exe
backup=c:\windows\pss\qbhx26upp.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^qlccxoojaa.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\qlccxoojaa.exe
backup=c:\windows\pss\qlccxoojaa.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^r23dtpaa.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\r23dtpaa.exe
backup=c:\windows\pss\r23dtpaa.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^riiduupg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\riiduupg.exe
backup=c:\windows\pss\riiduupg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^rndttkkf2h.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\rndttkkf2h.exe
backup=c:\windows\pss\rndttkkf2h.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^s9o1ka6mm6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\s9o1ka6mm6.exe
backup=c:\windows\pss\s9o1ka6mm6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^sneep2bw.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\sneep2bw.exe
backup=c:\windows\pss\sneep2bw.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tejuvvmmh.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\tejuvvmmh.exe
backup=c:\windows\pss\tejuvvmmh.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tjjfvvrh.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\tjjfvvrh.exe
backup=c:\windows\pss\tjjfvvrh.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tjpvg49yez.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\tjpvg49yez.exe
backup=c:\windows\pss\tjpvg49yez.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tpffbrrn.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\tpffbrrn.exe
backup=c:\windows\pss\tpffbrrn.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tpkk6ww6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\tpkk6ww6.exe
backup=c:\windows\pss\tpkk6ww6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tufk3mmhdd.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\tufk3mmhdd.exe
backup=c:\windows\pss\tufk3mmhdd.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^u3wm0n1e.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\u3wm0n1e.exe
backup=c:\windows\pss\u3wm0n1e.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^ufbww6ii.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\ufbww6ii.exe
backup=c:\windows\pss\ufbww6ii.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^uk1l9xiye5.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\uk1l9xiye5.exe
backup=c:\windows\pss\uk1l9xiye5.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^upggbssnee.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\upggbssnee.exe
backup=c:\windows\pss\upggbssnee.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^vmrnddz2vqg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\vmrnddz2vqg.exe
backup=c:\windows\pss\vmrnddz2vqg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^vqq3m3oojaa.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\vqq3m3oojaa.exe
backup=c:\windows\pss\vqq3m3oojaa.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^vqq6cc6oo6a.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\vqq6cc6oo6a.exe
backup=c:\windows\pss\vqq6cc6oo6a.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^vr9xiye5.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\vr9xiye5.exe
backup=c:\windows\pss\vr9xiye5.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^wwriiduupg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\wwriiduupg.exe
backup=c:\windows\pss\wwriiduupg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^wwriiduuvq.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\wwriiduuvq.exe
backup=c:\windows\pss\wwriiduuvq.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^xijuqwwm.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\xijuqwwm.exe
backup=c:\windows\pss\xijuqwwm.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^xojkpllc.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\xojkpllc.exe
backup=c:\windows\pss\xojkpllc.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^xs1t9kbbc3t.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\xs1t9kbbc3t.exe
backup=c:\windows\pss\xs1t9kbbc3t.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^y0f3w0h6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\y0f3w0h6.exe
backup=c:\windows\pss\y0f3w0h6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^y3aavmmhyyt.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\y3aavmmhyyt.exe
backup=c:\windows\pss\y3aavmmhyyt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^y70zvqq6c.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\y70zvqq6c.exe
backup=c:\windows\pss\y70zvqq6c.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^z3wwriidukf.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\z3wwriidukf.exe
backup=c:\windows\pss\z3wwriidukf.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^zvllhxxt.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\zvllhxxt.exe
backup=c:\windows\pss\zvllhxxt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^zzvllhxsi9e.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\zzvllhxsi9e.exe
backup=c:\windows\pss\zzvllhxsi9e.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
c:\documents and settings\Marianka\vyr.exe \u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-07-17 14:40 53248 ----a-w- c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-04-18 01:41 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-05-01 03:13 354840 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-05-01 03:13 137752 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2009-02-20 01:52 817672 ----a-w- c:\program files\Launch Manager\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2010-06-10 04:58 1218008 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-02 20:32 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 09:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PersistenceThread]
2009-05-01 03:13 92696 ----a-w- c:\windows\system32\PersistenceThread.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
2008-07-03 13:58 94208 ----a-w- c:\windows\PLFSetL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductReg]
2008-11-17 07:47 135168 ----a-w- c:\program files\Acer\WR_PopUp\ProductReg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-10-17 08:44 91432 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-03-24 11:10 17567744 ----a-w- c:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2uvc]
2008-11-03 17:00 196608 ----a-w- c:\windows\system32\csnp2uvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-06-12 12:21 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-02-27 08:20 1434920 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Z810PNP]
2008-09-09 11:40 122880 ----a-w- c:\program files\Connection Manager\SamsungPnPServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Z810SysStart]
2008-09-01 13:47 307200 ----a-w- c:\program files\Connection Manager\sysctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3.8.2010 12:28 95896]
S1 damc842;damc842;c:\windows\system32\drivers\damc842.sys --> c:\windows\system32\drivers\damc842.sys [?]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 12:31 115008]
S1 oqsa23b;oqsa23b;c:\windows\system32\drivers\oqsa23b.sys --> c:\windows\system32\drivers\oqsa23b.sys [?]
S1 sac253b;sac253b;c:\windows\system32\drivers\sac253b.sys --> c:\windows\system32\drivers\sac253b.sys [?]
S2 ayaoekguy8l6oiv;RUMBA AS/400 Shared Folders;c:\windows\system32\limet.exe --> c:\windows\system32\limet.exe [?]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [4.11.2010 17:15 810144]
S2 hqfjmugi;hqfjmugi;c:\windows\system32\drivers\hqfjmugi.sys [27.11.2010 18:03 82944]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [18.4.2009 3:33 237568]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [13.9.2010 22:20 2368]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [18.4.2009 2:27 1684736]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [18.4.2009 2:40 24064]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [18.4.2009 10:56 62592]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [18.4.2009 10:56 105984]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [18.4.2009 10:56 8064]
S3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [18.4.2009 2:25 5096544]
S3 liyjkchp;liyjkchp;\??\c:\windows\System32\Drivers\liyjkchp.sys --> c:\windows\System32\Drivers\liyjkchp.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [15.12.2010 21:48 9728]
S3 otxkekdu;otxkekdu;\??\c:\windows\System32\Drivers\otxkekdu.sys --> c:\windows\System32\Drivers\otxkekdu.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [18.4.2009 2:28 164864]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 uldxfeju;uldxfeju;\??\c:\windows\System32\Drivers\uldxfeju.sys --> c:\windows\System32\Drivers\uldxfeju.sys [?]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18.6.2010 22:33 135664]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [18.4.2009 3:12 93320]
.
Contents of the 'Scheduled Tasks' folder
2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 21:32]
2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 21:32]
2010-07-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-18 10:22]
2010-09-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-18 10:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://global.acer.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041b&s=0&o=xph&d=0610&m=ao751h
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {7DDD8574-197D-4CED-AECE-CFB4F965D351} = 192.168.1.3
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-hqfjmugi
SafeBoot-xqdluecg.sys
MSConfigStartUp-fyloo - c:\windows\system32\wouzod.exe
MSConfigStartUp-NVIDIA driver monitor - c:\windows\nvsvc32.exe
MSConfigStartUp-Windows Firewall - c:\docume~1\Marianka\LOCALS~1\Temp\lsass.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-22 15:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-12-22 15:59:21
ComboFix-quarantined-files.txt 2010-12-22 14:59
Pre-Run: 136 425 615 360 bytes free
Post-Run: 15 adresárov, 136 386 306 048 voľných bajtov
- - End Of File - - 29F3D9D5F16B92E021ABFBF89D13B522
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Obcasne restarty, spomaleny pc, predtym kryptik
Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Po této akci dále ručně smažte celý obsah složky c:\documents and settings\Marianka\Start Menu\Programs\Startup a soubor c:\documents and settings\Marianka\vyr.exe otestujte online na www.virustotal.com .
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Collect::
c:\windows\system32\drivers\hqfjmugi.sys
c:\windows\system32\drivers\damc842.sys
c:\windows\system32\drivers\oqsa23b.sys
c:\windows\system32\drivers\sac253b.sys
c:\windows\system32\limet.exe
c:\windows\System32\Drivers\liyjkchp.sys
c:\windows\System32\Drivers\otxkekdu.sys
c:\windows\System32\Drivers\uldxfeju.sys
Driver::
damc842
oqsa23b
sac253b
ayaoekguy8l6oiv
hqfjmugi
liyjkchp
otxkekdu
uldxfeju
Po této akci dále ručně smažte celý obsah složky c:\documents and settings\Marianka\Start Menu\Programs\Startup a soubor c:\documents and settings\Marianka\vyr.exe otestujte online na www.virustotal.com .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
BiELEPiKOLO
- Návštěvník
- Příspěvky: 5
- Registrován: 22 pro 2010 12:24
Re: Obcasne restarty, spomaleny pc, predtym kryptik
Vykonal som combofix so scriptom, prebehlo a vyplulo log:
Este idem zmazat tu zlozku a overit to .execko.
Dakujem ak to je uz komplet...
//EDIT: to .execko sa tam nenachadza... nejde ani vzhladat vlozenim cesty.
Tak nic idem reset...
ComboFix 10-12-22.01 - Administrator 22.12.2010 23:48:27.6.2 - x86 NETWORK
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1014.808 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((( Files Created from 2010-11-22 to 2010-12-22 )))))))))))))))))))))))))))))))
.
2010-12-22 21:20 . 2010-12-22 21:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-12-22 11:22 . 2010-12-22 11:22 -------- d-----w- c:\program files\trend micro
2010-12-22 11:22 . 2010-12-22 11:23 -------- d-----w- C:\rsit
2010-12-22 10:46 . 2010-12-22 10:46 -------- d-----w- c:\documents and settings\Administrator
2010-12-17 18:11 . 2010-12-17 18:11 -------- d-----w- c:\documents and settings\Marianka\Local Settings\Application Data\ESET
2010-12-17 18:08 . 2010-12-17 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-12-17 17:45 . 2010-12-17 17:45 -------- d-----w- c:\program files\CCleaner
2010-12-17 17:39 . 2010-12-17 18:08 -------- d-----w- c:\program files\ESET
2010-12-15 20:51 . 2010-12-15 20:51 -------- d-----w- c:\documents and settings\Marianka\Application Data\Paradoxx
2010-12-15 20:51 . 2010-12-15 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Paradoxx
2010-12-15 20:51 . 2009-07-13 12:23 880640 ----a-w- c:\windows\system32\SkinCrafter3_vs2005.dll
2010-12-15 20:51 . 2008-04-15 17:47 1724416 ----a-w- c:\windows\system32\gdiplus.dll
2010-12-15 20:48 . 2010-12-15 20:48 105088 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2010-12-15 20:48 . 2010-12-15 20:48 105088 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2010-12-15 20:48 . 2010-12-15 20:48 9728 ----a-w- c:\windows\system32\drivers\massfilter.sys
2010-12-15 20:48 . 2010-12-15 20:48 114688 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys
2010-12-15 20:48 . 2010-12-15 20:48 105088 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2010-12-15 20:48 . 2010-12-15 20:51 -------- d-----w- c:\program files\T-Mobile Communication Center
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-21 19:38 . 2010-10-21 19:38 97881 ----a-w- c:\windows\cold_night_for_alligators.zip
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2009-04-28 03:44 65536 ----a-w- c:\windows\system32\igdlogin.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^T-Mobile Communication Center.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\T-Mobile Communication Center.lnk
backup=c:\windows\pss\T-Mobile Communication Center.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^0ii73aa.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\0ii73aa.exe
backup=c:\windows\pss\0ii73aa.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^0kkfwwr.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\0kkfwwr.exe
backup=c:\windows\pss\0kkfwwr.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^0mh1ote.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\0mh1ote.exe
backup=c:\windows\pss\0mh1ote.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^0mndo9p.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\0mndo9p.exe
backup=c:\windows\pss\0mndo9p.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^0rid0jf.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\0rid0jf.exe
backup=c:\windows\pss\0rid0jf.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^1gb0xsi.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\1gb0xsi.exe
backup=c:\windows\pss\1gb0xsi.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^23uv31m.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\23uv31m.exe
backup=c:\windows\pss\23uv31m.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^26uuvwr.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\26uuvwr.exe
backup=c:\windows\pss\26uuvwr.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^2nii6uv.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\2nii6uv.exe
backup=c:\windows\pss\2nii6uv.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^2ozqa6m.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\2ozqa6m.exe
backup=c:\windows\pss\2ozqa6m.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^2rhhyyo.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\2rhhyyo.exe
backup=c:\windows\pss\2rhhyyo.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^3dtpaa1.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\3dtpaa1.exe
backup=c:\windows\pss\3dtpaa1.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^5rr0ii7.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\5rr0ii7.exe
backup=c:\windows\pss\5rr0ii7.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^6aa6mm6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\6aa6mm6.exe
backup=c:\windows\pss\6aa6mm6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^6j0zfgg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\6j0zfgg.exe
backup=c:\windows\pss\6j0zfgg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^6kk6ww6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\6kk6ww6.exe
backup=c:\windows\pss\6kk6ww6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^6mm6yy6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\6mm6yy6.exe
backup=c:\windows\pss\6mm6yy6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^70ii73a.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\70ii73a.exe
backup=c:\windows\pss\70ii73a.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^70plgg6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\70plgg6.exe
backup=c:\windows\pss\70plgg6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^7xdzpgw.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\7xdzpgw.exe
backup=c:\windows\pss\7xdzpgw.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^8lrw6dj.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\8lrw6dj.exe
backup=c:\windows\pss\8lrw6dj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^9c3ek0g.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\9c3ek0g.exe
backup=c:\windows\pss\9c3ek0g.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^9g1cyyz.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\9g1cyyz.exe
backup=c:\windows\pss\9g1cyyz.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^9q1mitp.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\9q1mitp.exe
backup=c:\windows\pss\9q1mitp.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^9w1sooj.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\9w1sooj.exe
backup=c:\windows\pss\9w1sooj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^a3h6t1eaagg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\a3h6t1eaagg.exe
backup=c:\windows\pss\a3h6t1eaagg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^aagbcdot.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\aagbcdot.exe
backup=c:\windows\pss\aagbcdot.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^aavmmhydzp.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\aavmmhydzp.exe
backup=c:\windows\pss\aavmmhydzp.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^bww6ii6uu.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\bww6ii6uu.exe
backup=c:\windows\pss\bww6ii6uu.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^bww6ii6uu6g.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\bww6ii6uu6g.exe
backup=c:\windows\pss\bww6ii6uu6g.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^bxndze9a.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\bxndze9a.exe
backup=c:\windows\pss\bxndze9a.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^cxotzpqbmm.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\cxotzpqbmm.exe
backup=c:\windows\pss\cxotzpqbmm.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^dd9p80mm80e.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\dd9p80mm80e.exe
backup=c:\windows\pss\dd9p80mm80e.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^dyuupa6mm6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\dyuupa6mm6.exe
backup=c:\windows\pss\dyuupa6mm6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^e3ggbssneez.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\e3ggbssneez.exe
backup=c:\windows\pss\e3ggbssneez.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^eezqqlcc.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\eezqqlcc.exe
backup=c:\windows\pss\eezqqlcc.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^f0lhh0dzu.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\f0lhh0dzu.exe
backup=c:\windows\pss\f0lhh0dzu.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^ffwwriid.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\ffwwriid.exe
backup=c:\windows\pss\ffwwriid.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^fqb2x0tj.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\fqb2x0tj.exe
backup=c:\windows\pss\fqb2x0tj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^fvvrhhdt.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\fvvrhhdt.exe
backup=c:\windows\pss\fvvrhhdt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^fwwm2t87agg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\fwwm2t87agg.exe
backup=c:\windows\pss\fwwm2t87agg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^g9c1oj1kllh.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\g9c1oj1kllh.exe
backup=c:\windows\pss\g9c1oj1kllh.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^g9c1yuuvql.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\g9c1yuuvql.exe
backup=c:\windows\pss\g9c1yuuvql.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^glhsxtoef.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\glhsxtoef.exe
backup=c:\windows\pss\glhsxtoef.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^h0njee6qq.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\h0njee6qq.exe
backup=c:\windows\pss\h0njee6qq.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^hdooeplb.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\hdooeplb.exe
backup=c:\windows\pss\hdooeplb.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^hyy6zvglhm3.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\hyy6zvglhm3.exe
backup=c:\windows\pss\hyy6zvglhm3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^idz5qgmhc4.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\idz5qgmhc4.exe
backup=c:\windows\pss\idz5qgmhc4.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^ijop4lhxxt.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\ijop4lhxxt.exe
backup=c:\windows\pss\ijop4lhxxt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^kflb3dtja.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\kflb3dtja.exe
backup=c:\windows\pss\kflb3dtja.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^l1mitppgg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\l1mitppgg.exe
backup=c:\windows\pss\l1mitppgg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^lgmsitzpql.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\lgmsitzpql.exe
backup=c:\windows\pss\lgmsitzpql.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^m9i1eaavmm.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\m9i1eaavmm.exe
backup=c:\windows\pss\m9i1eaavmm.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^neezqqlccxo.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\neezqqlccxo.exe
backup=c:\windows\pss\neezqqlccxo.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^nii6kpal2xs.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\nii6kpal2xs.exe
backup=c:\windows\pss\nii6kpal2xs.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^nnjzzvllhxx.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\nnjzzvllhxx.exe
backup=c:\windows\pss\nnjzzvllhxx.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^o3qqlccxooj.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\o3qqlccxooj.exe
backup=c:\windows\pss\o3qqlccxooj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^p0vrmm6oz.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\p0vrmm6oz.exe
backup=c:\windows\pss\p0vrmm6oz.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^pkk6mrnii.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\pkk6mrnii.exe
backup=c:\windows\pss\pkk6mrnii.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^qbhx26upp.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\qbhx26upp.exe
backup=c:\windows\pss\qbhx26upp.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^qlccxoojaa.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\qlccxoojaa.exe
backup=c:\windows\pss\qlccxoojaa.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^r23dtpaa.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\r23dtpaa.exe
backup=c:\windows\pss\r23dtpaa.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^riiduupg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\riiduupg.exe
backup=c:\windows\pss\riiduupg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^rndttkkf2h.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\rndttkkf2h.exe
backup=c:\windows\pss\rndttkkf2h.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^s9o1ka6mm6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\s9o1ka6mm6.exe
backup=c:\windows\pss\s9o1ka6mm6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^sneep2bw.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\sneep2bw.exe
backup=c:\windows\pss\sneep2bw.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tejuvvmmh.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\tejuvvmmh.exe
backup=c:\windows\pss\tejuvvmmh.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tjjfvvrh.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\tjjfvvrh.exe
backup=c:\windows\pss\tjjfvvrh.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tjpvg49yez.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\tjpvg49yez.exe
backup=c:\windows\pss\tjpvg49yez.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tpffbrrn.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\tpffbrrn.exe
backup=c:\windows\pss\tpffbrrn.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tpkk6ww6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\tpkk6ww6.exe
backup=c:\windows\pss\tpkk6ww6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tufk3mmhdd.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\tufk3mmhdd.exe
backup=c:\windows\pss\tufk3mmhdd.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^u3wm0n1e.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\u3wm0n1e.exe
backup=c:\windows\pss\u3wm0n1e.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^ufbww6ii.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\ufbww6ii.exe
backup=c:\windows\pss\ufbww6ii.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^uk1l9xiye5.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\uk1l9xiye5.exe
backup=c:\windows\pss\uk1l9xiye5.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^upggbssnee.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\upggbssnee.exe
backup=c:\windows\pss\upggbssnee.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^vmrnddz2vqg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\vmrnddz2vqg.exe
backup=c:\windows\pss\vmrnddz2vqg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^vqq3m3oojaa.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\vqq3m3oojaa.exe
backup=c:\windows\pss\vqq3m3oojaa.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^vqq6cc6oo6a.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\vqq6cc6oo6a.exe
backup=c:\windows\pss\vqq6cc6oo6a.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^vr9xiye5.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\vr9xiye5.exe
backup=c:\windows\pss\vr9xiye5.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^wwriiduupg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\wwriiduupg.exe
backup=c:\windows\pss\wwriiduupg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^wwriiduuvq.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\wwriiduuvq.exe
backup=c:\windows\pss\wwriiduuvq.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^xijuqwwm.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\xijuqwwm.exe
backup=c:\windows\pss\xijuqwwm.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^xojkpllc.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\xojkpllc.exe
backup=c:\windows\pss\xojkpllc.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^xs1t9kbbc3t.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\xs1t9kbbc3t.exe
backup=c:\windows\pss\xs1t9kbbc3t.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^y0f3w0h6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\y0f3w0h6.exe
backup=c:\windows\pss\y0f3w0h6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^y3aavmmhyyt.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\y3aavmmhyyt.exe
backup=c:\windows\pss\y3aavmmhyyt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^y70zvqq6c.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\y70zvqq6c.exe
backup=c:\windows\pss\y70zvqq6c.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^z3wwriidukf.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\z3wwriidukf.exe
backup=c:\windows\pss\z3wwriidukf.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^zvllhxxt.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\zvllhxxt.exe
backup=c:\windows\pss\zvllhxxt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^zzvllhxsi9e.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\zzvllhxsi9e.exe
backup=c:\windows\pss\zzvllhxsi9e.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
c:\documents and settings\Marianka\vyr.exe \u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-07-17 14:40 53248 ----a-w- c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-04-18 01:41 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-05-01 03:13 354840 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-05-01 03:13 137752 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2009-02-20 01:52 817672 ----a-w- c:\program files\Launch Manager\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2010-06-10 04:58 1218008 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-02 20:32 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 09:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PersistenceThread]
2009-05-01 03:13 92696 ----a-w- c:\windows\system32\PersistenceThread.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
2008-07-03 13:58 94208 ----a-w- c:\windows\PLFSetL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductReg]
2008-11-17 07:47 135168 ----a-w- c:\program files\Acer\WR_PopUp\ProductReg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-10-17 08:44 91432 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-03-24 11:10 17567744 ----a-w- c:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2uvc]
2008-11-03 17:00 196608 ----a-w- c:\windows\system32\csnp2uvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-06-12 12:21 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-02-27 08:20 1434920 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Z810PNP]
2008-09-09 11:40 122880 ----a-w- c:\program files\Connection Manager\SamsungPnPServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Z810SysStart]
2008-09-01 13:47 307200 ----a-w- c:\program files\Connection Manager\sysctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3.8.2010 12:28 95896]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 12:31 115008]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [4.11.2010 17:15 810144]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [18.4.2009 3:33 237568]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [13.9.2010 22:20 2368]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [18.4.2009 2:27 1684736]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [18.4.2009 2:40 24064]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [18.4.2009 10:56 62592]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [18.4.2009 10:56 105984]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [18.4.2009 10:56 8064]
S3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [18.4.2009 2:25 5096544]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [15.12.2010 21:48 9728]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [18.4.2009 2:28 164864]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18.6.2010 22:33 135664]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [18.4.2009 3:12 93320]
.
Contents of the 'Scheduled Tasks' folder
2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 21:32]
2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 21:32]
2010-07-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-18 10:22]
2010-09-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-18 10:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://global.acer.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041b&s=0&o=xph&d=0610&m=ao751h
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {7DDD8574-197D-4CED-AECE-CFB4F965D351} = 192.168.1.3
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-22 23:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1336)
c:\windows\system32\WININET.dll
.
Completion time: 2010-12-22 23:57:08
ComboFix-quarantined-files.txt 2010-12-22 22:57
ComboFix2.txt 2010-12-22 21:39
ComboFix3.txt 2010-12-22 14:59
Pre-Run: 136 417 562 624 bytes free
Post-Run: 15 adresárov, 136 400 445 440 voľných bajtov
- - End Of File - - 35F48B66D28488A624B542AA005BB4FB
Este idem zmazat tu zlozku a overit to .execko.
Dakujem ak to je uz komplet...
//EDIT: to .execko sa tam nenachadza... nejde ani vzhladat vlozenim cesty.
Tak nic idem reset...
ComboFix 10-12-22.01 - Administrator 22.12.2010 23:48:27.6.2 - x86 NETWORK
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1014.808 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((( Files Created from 2010-11-22 to 2010-12-22 )))))))))))))))))))))))))))))))
.
2010-12-22 21:20 . 2010-12-22 21:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-12-22 11:22 . 2010-12-22 11:22 -------- d-----w- c:\program files\trend micro
2010-12-22 11:22 . 2010-12-22 11:23 -------- d-----w- C:\rsit
2010-12-22 10:46 . 2010-12-22 10:46 -------- d-----w- c:\documents and settings\Administrator
2010-12-17 18:11 . 2010-12-17 18:11 -------- d-----w- c:\documents and settings\Marianka\Local Settings\Application Data\ESET
2010-12-17 18:08 . 2010-12-17 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-12-17 17:45 . 2010-12-17 17:45 -------- d-----w- c:\program files\CCleaner
2010-12-17 17:39 . 2010-12-17 18:08 -------- d-----w- c:\program files\ESET
2010-12-15 20:51 . 2010-12-15 20:51 -------- d-----w- c:\documents and settings\Marianka\Application Data\Paradoxx
2010-12-15 20:51 . 2010-12-15 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Paradoxx
2010-12-15 20:51 . 2009-07-13 12:23 880640 ----a-w- c:\windows\system32\SkinCrafter3_vs2005.dll
2010-12-15 20:51 . 2008-04-15 17:47 1724416 ----a-w- c:\windows\system32\gdiplus.dll
2010-12-15 20:48 . 2010-12-15 20:48 105088 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2010-12-15 20:48 . 2010-12-15 20:48 105088 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2010-12-15 20:48 . 2010-12-15 20:48 9728 ----a-w- c:\windows\system32\drivers\massfilter.sys
2010-12-15 20:48 . 2010-12-15 20:48 114688 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys
2010-12-15 20:48 . 2010-12-15 20:48 105088 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2010-12-15 20:48 . 2010-12-15 20:51 -------- d-----w- c:\program files\T-Mobile Communication Center
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-21 19:38 . 2010-10-21 19:38 97881 ----a-w- c:\windows\cold_night_for_alligators.zip
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2009-04-28 03:44 65536 ----a-w- c:\windows\system32\igdlogin.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^T-Mobile Communication Center.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\T-Mobile Communication Center.lnk
backup=c:\windows\pss\T-Mobile Communication Center.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^0ii73aa.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\0ii73aa.exe
backup=c:\windows\pss\0ii73aa.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^0kkfwwr.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\0kkfwwr.exe
backup=c:\windows\pss\0kkfwwr.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^0mh1ote.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\0mh1ote.exe
backup=c:\windows\pss\0mh1ote.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^0mndo9p.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\0mndo9p.exe
backup=c:\windows\pss\0mndo9p.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^0rid0jf.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\0rid0jf.exe
backup=c:\windows\pss\0rid0jf.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^1gb0xsi.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\1gb0xsi.exe
backup=c:\windows\pss\1gb0xsi.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^23uv31m.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\23uv31m.exe
backup=c:\windows\pss\23uv31m.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^26uuvwr.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\26uuvwr.exe
backup=c:\windows\pss\26uuvwr.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^2nii6uv.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\2nii6uv.exe
backup=c:\windows\pss\2nii6uv.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^2ozqa6m.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\2ozqa6m.exe
backup=c:\windows\pss\2ozqa6m.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^2rhhyyo.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\2rhhyyo.exe
backup=c:\windows\pss\2rhhyyo.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^3dtpaa1.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\3dtpaa1.exe
backup=c:\windows\pss\3dtpaa1.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^5rr0ii7.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\5rr0ii7.exe
backup=c:\windows\pss\5rr0ii7.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^6aa6mm6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\6aa6mm6.exe
backup=c:\windows\pss\6aa6mm6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^6j0zfgg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\6j0zfgg.exe
backup=c:\windows\pss\6j0zfgg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^6kk6ww6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\6kk6ww6.exe
backup=c:\windows\pss\6kk6ww6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^6mm6yy6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\6mm6yy6.exe
backup=c:\windows\pss\6mm6yy6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^70ii73a.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\70ii73a.exe
backup=c:\windows\pss\70ii73a.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^70plgg6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\70plgg6.exe
backup=c:\windows\pss\70plgg6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^7xdzpgw.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\7xdzpgw.exe
backup=c:\windows\pss\7xdzpgw.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^8lrw6dj.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\8lrw6dj.exe
backup=c:\windows\pss\8lrw6dj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^9c3ek0g.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\9c3ek0g.exe
backup=c:\windows\pss\9c3ek0g.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^9g1cyyz.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\9g1cyyz.exe
backup=c:\windows\pss\9g1cyyz.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^9q1mitp.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\9q1mitp.exe
backup=c:\windows\pss\9q1mitp.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^9w1sooj.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\9w1sooj.exe
backup=c:\windows\pss\9w1sooj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^a3h6t1eaagg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\a3h6t1eaagg.exe
backup=c:\windows\pss\a3h6t1eaagg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^aagbcdot.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\aagbcdot.exe
backup=c:\windows\pss\aagbcdot.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^aavmmhydzp.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\aavmmhydzp.exe
backup=c:\windows\pss\aavmmhydzp.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^bww6ii6uu.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\bww6ii6uu.exe
backup=c:\windows\pss\bww6ii6uu.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^bww6ii6uu6g.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\bww6ii6uu6g.exe
backup=c:\windows\pss\bww6ii6uu6g.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^bxndze9a.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\bxndze9a.exe
backup=c:\windows\pss\bxndze9a.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^cxotzpqbmm.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\cxotzpqbmm.exe
backup=c:\windows\pss\cxotzpqbmm.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^dd9p80mm80e.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\dd9p80mm80e.exe
backup=c:\windows\pss\dd9p80mm80e.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^dyuupa6mm6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\dyuupa6mm6.exe
backup=c:\windows\pss\dyuupa6mm6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^e3ggbssneez.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\e3ggbssneez.exe
backup=c:\windows\pss\e3ggbssneez.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^eezqqlcc.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\eezqqlcc.exe
backup=c:\windows\pss\eezqqlcc.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^f0lhh0dzu.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\f0lhh0dzu.exe
backup=c:\windows\pss\f0lhh0dzu.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^ffwwriid.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\ffwwriid.exe
backup=c:\windows\pss\ffwwriid.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^fqb2x0tj.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\fqb2x0tj.exe
backup=c:\windows\pss\fqb2x0tj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^fvvrhhdt.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\fvvrhhdt.exe
backup=c:\windows\pss\fvvrhhdt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^fwwm2t87agg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\fwwm2t87agg.exe
backup=c:\windows\pss\fwwm2t87agg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^g9c1oj1kllh.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\g9c1oj1kllh.exe
backup=c:\windows\pss\g9c1oj1kllh.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^g9c1yuuvql.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\g9c1yuuvql.exe
backup=c:\windows\pss\g9c1yuuvql.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^glhsxtoef.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\glhsxtoef.exe
backup=c:\windows\pss\glhsxtoef.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^h0njee6qq.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\h0njee6qq.exe
backup=c:\windows\pss\h0njee6qq.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^hdooeplb.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\hdooeplb.exe
backup=c:\windows\pss\hdooeplb.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^hyy6zvglhm3.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\hyy6zvglhm3.exe
backup=c:\windows\pss\hyy6zvglhm3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^idz5qgmhc4.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\idz5qgmhc4.exe
backup=c:\windows\pss\idz5qgmhc4.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^ijop4lhxxt.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\ijop4lhxxt.exe
backup=c:\windows\pss\ijop4lhxxt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^kflb3dtja.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\kflb3dtja.exe
backup=c:\windows\pss\kflb3dtja.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^l1mitppgg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\l1mitppgg.exe
backup=c:\windows\pss\l1mitppgg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^lgmsitzpql.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\lgmsitzpql.exe
backup=c:\windows\pss\lgmsitzpql.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^m9i1eaavmm.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\m9i1eaavmm.exe
backup=c:\windows\pss\m9i1eaavmm.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^neezqqlccxo.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\neezqqlccxo.exe
backup=c:\windows\pss\neezqqlccxo.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^nii6kpal2xs.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\nii6kpal2xs.exe
backup=c:\windows\pss\nii6kpal2xs.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^nnjzzvllhxx.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\nnjzzvllhxx.exe
backup=c:\windows\pss\nnjzzvllhxx.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^o3qqlccxooj.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\o3qqlccxooj.exe
backup=c:\windows\pss\o3qqlccxooj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^p0vrmm6oz.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\p0vrmm6oz.exe
backup=c:\windows\pss\p0vrmm6oz.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^pkk6mrnii.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\pkk6mrnii.exe
backup=c:\windows\pss\pkk6mrnii.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^qbhx26upp.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\qbhx26upp.exe
backup=c:\windows\pss\qbhx26upp.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^qlccxoojaa.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\qlccxoojaa.exe
backup=c:\windows\pss\qlccxoojaa.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^r23dtpaa.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\r23dtpaa.exe
backup=c:\windows\pss\r23dtpaa.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^riiduupg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\riiduupg.exe
backup=c:\windows\pss\riiduupg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^rndttkkf2h.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\rndttkkf2h.exe
backup=c:\windows\pss\rndttkkf2h.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^s9o1ka6mm6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\s9o1ka6mm6.exe
backup=c:\windows\pss\s9o1ka6mm6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^sneep2bw.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\sneep2bw.exe
backup=c:\windows\pss\sneep2bw.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tejuvvmmh.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\tejuvvmmh.exe
backup=c:\windows\pss\tejuvvmmh.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tjjfvvrh.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\tjjfvvrh.exe
backup=c:\windows\pss\tjjfvvrh.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tjpvg49yez.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\tjpvg49yez.exe
backup=c:\windows\pss\tjpvg49yez.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tpffbrrn.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\tpffbrrn.exe
backup=c:\windows\pss\tpffbrrn.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tpkk6ww6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\tpkk6ww6.exe
backup=c:\windows\pss\tpkk6ww6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^tufk3mmhdd.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\tufk3mmhdd.exe
backup=c:\windows\pss\tufk3mmhdd.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^u3wm0n1e.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\u3wm0n1e.exe
backup=c:\windows\pss\u3wm0n1e.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^ufbww6ii.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\ufbww6ii.exe
backup=c:\windows\pss\ufbww6ii.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^uk1l9xiye5.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\uk1l9xiye5.exe
backup=c:\windows\pss\uk1l9xiye5.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^upggbssnee.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\upggbssnee.exe
backup=c:\windows\pss\upggbssnee.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^vmrnddz2vqg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\vmrnddz2vqg.exe
backup=c:\windows\pss\vmrnddz2vqg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^vqq3m3oojaa.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\vqq3m3oojaa.exe
backup=c:\windows\pss\vqq3m3oojaa.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^vqq6cc6oo6a.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\vqq6cc6oo6a.exe
backup=c:\windows\pss\vqq6cc6oo6a.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^vr9xiye5.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\vr9xiye5.exe
backup=c:\windows\pss\vr9xiye5.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^wwriiduupg.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\wwriiduupg.exe
backup=c:\windows\pss\wwriiduupg.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^wwriiduuvq.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\wwriiduuvq.exe
backup=c:\windows\pss\wwriiduuvq.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^xijuqwwm.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\xijuqwwm.exe
backup=c:\windows\pss\xijuqwwm.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^xojkpllc.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\xojkpllc.exe
backup=c:\windows\pss\xojkpllc.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^xs1t9kbbc3t.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\xs1t9kbbc3t.exe
backup=c:\windows\pss\xs1t9kbbc3t.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^y0f3w0h6.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\y0f3w0h6.exe
backup=c:\windows\pss\y0f3w0h6.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^y3aavmmhyyt.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\y3aavmmhyyt.exe
backup=c:\windows\pss\y3aavmmhyyt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^y70zvqq6c.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\y70zvqq6c.exe
backup=c:\windows\pss\y70zvqq6c.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^z3wwriidukf.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\z3wwriidukf.exe
backup=c:\windows\pss\z3wwriidukf.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^zvllhxxt.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\zvllhxxt.exe
backup=c:\windows\pss\zvllhxxt.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Marianka^Start Menu^Programs^Startup^zzvllhxsi9e.exe]
path=c:\documents and settings\Marianka\Start Menu\Programs\Startup\zzvllhxsi9e.exe
backup=c:\windows\pss\zzvllhxsi9e.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
c:\documents and settings\Marianka\vyr.exe \u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-07-17 14:40 53248 ----a-w- c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-04-18 01:41 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-05-01 03:13 354840 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-05-01 03:13 137752 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2009-02-20 01:52 817672 ----a-w- c:\program files\Launch Manager\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2010-06-10 04:58 1218008 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-02 20:32 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 09:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PersistenceThread]
2009-05-01 03:13 92696 ----a-w- c:\windows\system32\PersistenceThread.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
2008-07-03 13:58 94208 ----a-w- c:\windows\PLFSetL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductReg]
2008-11-17 07:47 135168 ----a-w- c:\program files\Acer\WR_PopUp\ProductReg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-10-17 08:44 91432 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-03-24 11:10 17567744 ----a-w- c:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2uvc]
2008-11-03 17:00 196608 ----a-w- c:\windows\system32\csnp2uvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-06-12 12:21 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-02-27 08:20 1434920 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Z810PNP]
2008-09-09 11:40 122880 ----a-w- c:\program files\Connection Manager\SamsungPnPServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Z810SysStart]
2008-09-01 13:47 307200 ----a-w- c:\program files\Connection Manager\sysctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3.8.2010 12:28 95896]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 12:31 115008]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [4.11.2010 17:15 810144]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [18.4.2009 3:33 237568]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [13.9.2010 22:20 2368]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [18.4.2009 2:27 1684736]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [18.4.2009 2:40 24064]
S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [18.4.2009 10:56 62592]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [18.4.2009 10:56 105984]
S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [18.4.2009 10:56 8064]
S3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [18.4.2009 2:25 5096544]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [15.12.2010 21:48 9728]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [18.4.2009 2:28 164864]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18.6.2010 22:33 135664]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [18.4.2009 3:12 93320]
.
Contents of the 'Scheduled Tasks' folder
2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 21:32]
2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 21:32]
2010-07-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-18 10:22]
2010-09-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-18 10:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://global.acer.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041b&s=0&o=xph&d=0610&m=ao751h
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {7DDD8574-197D-4CED-AECE-CFB4F965D351} = 192.168.1.3
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-22 23:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1336)
c:\windows\system32\WININET.dll
.
Completion time: 2010-12-22 23:57:08
ComboFix-quarantined-files.txt 2010-12-22 22:57
ComboFix2.txt 2010-12-22 21:39
ComboFix3.txt 2010-12-22 14:59
Pre-Run: 136 417 562 624 bytes free
Post-Run: 15 adresárov, 136 400 445 440 voľných bajtov
- - End Of File - - 35F48B66D28488A624B542AA005BB4FB
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Obcasne restarty, spomaleny pc, predtym kryptik
Mazal jste (ručně) obsah tohoto adresáře: c:\documents and settings\Marianka\Start Menu\Programs\Startup ? Rootkity byly smazány.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
BiELEPiKOLO
- Návštěvník
- Příspěvky: 5
- Registrován: 22 pro 2010 12:24
Re: Obcasne restarty, spomaleny pc, predtym kryptik
Ano. Zmazal som celu zlozku.
Notebook slapal fajn. Snad to uz bude v pohode
. Dakujem.
Notebook slapal fajn. Snad to uz bude v pohode
. Dakujem.-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Obcasne restarty, spomaleny pc, predtym kryptik
No podle logu tam jsou stále.BiELEPiKOLO píše:Ano. Zmazal som celu zlozku.
Notebook slapal fajn. Snad to uz bude v pohode
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?