Zdravim vas PROfici prosim o kontrolu logu.Mam šarapatu v pc nejdu mi niektore stranky mam spomalenu rychlost internetu atd....Niekedy sa PC reštartuje
prešiel som ho CCLEANEROM,MALWAREBYTES-antimalware a spravil som log z HJT A COMBO.Prosim vas o kontrolu DAKUJEM.......
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25:31, on 24.1.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
I:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Memory Improve Professional] C:\Program Files\Memory Improve Professional\MemoryImproveProfessional.exe /autorun
O4 - HKCU\..\Run: [SPMTray] C:\Program Files\PC Speed Maximizer\SPMTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Arcsoft Security Service - Arcsoft, Inc. - C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Firewall - Unknown owner - C:\Program Files\Alwil Software\Avast5\afwServ.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 6402 bytes
____________________________________________________________________
ComboFix 11-01-23.07 - PC 24.01.2011 16:13:12.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3071.2617 [GMT 1:00]
Running from: I:\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\PC\Local Settings\Application Data\Bron.tok-12-22
c:\documents and settings\PC\Local Settings\Application Data\Bron.tok-12-23
c:\documents and settings\PC\Local Settings\Application Data\Bron.tok-12-24
c:\documents and settings\PC\Local Settings\Application Data\Bron.tok.A12.em.bin
c:\documents and settings\PC\Local Settings\Application Data\BronNetDomList.bat
c:\documents and settings\PC\Local Settings\Application Data\csrss.exe
c:\documents and settings\PC\Local Settings\Application Data\inetinfo.exe
c:\documents and settings\PC\Local Settings\Application Data\Kosong.Bron.Tok.txt
c:\documents and settings\PC\Local Settings\Application Data\ListHost12.txt
c:\documents and settings\PC\Local Settings\Application Data\lsass.exe
c:\documents and settings\PC\Local Settings\Application Data\services.exe
c:\documents and settings\PC\Local Settings\Application Data\smss.exe
c:\documents and settings\PC\Local Settings\Application Data\winlogon.exe
c:\documents and settings\PC\Start Menu\Programs\Startup\Empty.pif
c:\documents and settings\PC\Templates\Brengkolang.com
c:\windows\eksplorasi.exe
c:\windows\ShellNew\sempalong.exe
.
((((((((((((((((((((((((( Files Created from 2010-12-24 to 2011-01-24 )))))))))))))))))))))))))))))))
.
2011-01-23 22:50 . 2011-01-23 22:50 -------- d-----w- c:\program files\Alwil Software
2011-01-22 13:32 . 2011-01-22 13:32 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Ok-SendMail-Bron-tok
2011-01-22 13:15 . 2011-01-22 13:43 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Loc.Mail.Bron.Tok
2011-01-22 13:00 . 2011-01-22 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro
2011-01-22 12:51 . 2011-01-22 12:51 -------- d-----w- c:\documents and settings\PC\Application Data\PC Speed Maximizer
2011-01-22 12:51 . 2011-01-22 12:52 -------- d-----w- c:\program files\PC Speed Maximizer
2011-01-17 17:38 . 2011-01-17 17:38 -------- d-----w- c:\documents and settings\PC\Application Data\Ubisoft
2011-01-13 16:07 . 2010-12-23 10:09 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-01-13 16:07 . 2011-01-13 16:07 -------- d-----w- C:\Intel
2011-01-13 16:06 . 2009-03-03 19:18 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-01-13 16:03 . 2011-01-13 16:03 -------- d-----w- c:\program files\Common Files\LogiShrd
2011-01-13 16:02 . 2011-01-13 16:03 -------- d-----w- c:\documents and settings\PC\Application Data\Logishrd
2011-01-13 16:02 . 2011-01-13 16:02 -------- d-----w- c:\documents and settings\PC\Application Data\Logitech
2011-01-13 16:02 . 2010-11-03 17:15 359016 ----a-w- c:\windows\vncutil.exe
2011-01-13 16:02 . 2010-11-11 12:27 55912 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-01-13 16:02 . 2010-11-03 17:14 129640 ----a-w- c:\windows\RtkAudioService.exe
2011-01-13 16:02 . 2009-11-18 06:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2011-01-13 16:02 . 2009-11-18 06:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2011-01-12 16:42 . 2011-01-12 16:42 -------- d-----w- c:\program files\Driver-Soft
2011-01-11 19:55 . 2011-01-11 19:55 -------- d-----w- c:\program files\Everest_Ultimate_Build_2253
2011-01-11 19:37 . 2011-01-11 19:37 -------- d-----w- c:\program files\Memory Improve Professional
2011-01-08 21:11 . 2011-01-08 21:11 -------- d-----w- c:\documents and settings\PC\Application Data\Disney Interactive Studios
2011-01-03 22:35 . 2011-01-03 22:35 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Opera
2011-01-03 22:35 . 2011-01-03 22:35 -------- d-----w- c:\program files\Opera
2011-01-03 22:33 . 2011-01-16 20:38 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Temp
2011-01-03 22:33 . 2011-01-03 22:33 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Google
2011-01-03 22:32 . 2007-05-15 20:54 99840 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\BrandRes.dll
2011-01-03 22:32 . 2007-05-15 20:54 407040 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\talkback.exe
2011-01-03 22:32 . 2007-05-15 20:54 156544 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\fullsoft.dll
2011-01-03 22:32 . 2007-05-15 20:54 14456 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2010-12-29 17:52 . 2010-12-29 17:52 -------- d-----w- c:\program files\City Interactive
2010-12-29 12:45 . 2011-01-24 14:55 42675 ----a-w- c:\windows\system32\PC's Setting.scr
2010-12-27 22:15 . 2010-12-27 22:15 -------- d-----w- c:\documents and settings\PC\Application Data\MoveFab
2010-12-26 14:30 . 2010-12-26 14:30 -------- d-----w- c:\documents and settings\PC\Application Data\DVDFab
2010-12-26 11:36 . 2010-12-26 11:40 -------- d-----w- c:\documents and settings\PC\.android
2010-12-26 11:36 . 2010-12-26 11:36 -------- d-----w- c:\program files\Android
2010-12-26 11:35 . 2010-12-26 11:35 -------- d-----w- c:\program files\Sun
2010-12-26 11:35 . 2010-12-26 11:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-30 14:48 . 2010-11-01 18:59 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-30 13:17 . 2007-03-28 10:41 19972712 ----a-w- c:\windows\RTHDCPL.EXE
2010-12-30 10:59 . 2007-03-28 10:41 6290024 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-12-26 11:35 . 2010-10-23 18:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-22 20:41 . 2010-10-31 12:06 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-12-22 20:41 . 2007-03-28 12:13 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-22 20:41 . 2007-03-28 12:13 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-21 21:28 . 2010-12-21 21:28 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-12-21 21:28 . 2010-12-21 21:28 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-12-21 21:12 . 2010-12-10 13:22 138056 ----a-w- c:\documents and settings\PC\Application Data\PnkBstrK.sys
2010-12-21 21:12 . 2010-11-01 18:59 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-21 21:11 . 2010-11-01 18:59 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-20 17:09 . 2010-10-22 20:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-10-22 20:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-19 22:04 . 2010-12-10 13:35 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2010-12-19 21:44 . 2010-12-19 21:12 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-19 21:44 . 2010-12-19 21:12 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-19 20:57 . 2010-12-19 20:57 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-11-26 04:17 . 2007-03-28 11:55 5555712 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-11-26 03:57 . 2010-10-22 10:20 16748544 ----a-w- c:\windows\system32\atioglxx.dll
2010-11-26 03:23 . 2010-10-22 10:20 471040 ----a-w- c:\windows\system32\atiok3x2.dll
2010-11-26 03:12 . 2010-12-15 18:26 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-11-26 03:07 . 2010-10-22 10:20 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-11-26 03:07 . 2010-10-22 10:20 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-11-26 03:06 . 2010-10-22 10:20 4489216 ----a-w- c:\windows\system32\aticaldd.dll
2010-11-26 02:55 . 2010-12-15 18:26 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-11-26 02:54 . 2007-03-28 11:55 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2010-11-26 02:48 . 2007-03-28 11:55 3984864 ----a-w- c:\windows\system32\ati3duag.dll
2010-11-26 02:39 . 2010-10-22 10:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-11-26 02:34 . 2010-10-22 10:20 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2010-11-26 02:34 . 2010-10-22 10:20 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-11-26 02:34 . 2010-10-22 10:20 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-11-26 02:34 . 2010-10-22 10:20 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-11-26 02:34 . 2010-10-22 10:20 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-11-26 02:32 . 2010-10-22 10:20 614400 ----a-w- c:\windows\system32\ati2evxx.exe
2010-11-26 02:32 . 2007-03-28 11:55 2669696 ----a-w- c:\windows\system32\ativvaxx.dll
2010-11-26 02:31 . 2010-10-22 10:20 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-11-26 02:30 . 2010-10-22 10:20 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-11-26 02:26 . 2010-10-22 10:20 651264 ----a-w- c:\windows\system32\atikvmag.dll
2010-11-26 02:24 . 2010-10-22 10:20 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2010-11-26 02:24 . 2010-10-22 10:20 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-11-26 02:18 . 2007-03-28 11:55 765952 ----a-w- c:\windows\system32\ati2cqag.dll
2010-11-26 02:16 . 2010-10-22 10:20 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-11-26 02:16 . 2010-10-22 10:20 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-11-21 21:51 . 2010-11-21 21:51 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-11-21 21:51 . 2010-11-21 21:51 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-11-21 21:47 . 2010-11-21 21:47 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-17 12:03 . 2010-07-21 11:30 101904 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2010-11-03 17:15 . 2007-03-28 10:41 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2010-11-03 17:15 . 2007-03-28 10:41 1833576 ----a-w- c:\windows\SkyTel.exe
2010-11-03 17:15 . 2007-03-28 10:41 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2010-11-03 17:15 . 2007-03-28 10:41 9721960 ----a-w- c:\windows\RTLCPL.EXE
2010-11-03 17:15 . 2007-03-28 10:41 1489512 ----a-w- c:\windows\RtlUpd.exe
2010-11-03 17:14 . 2007-03-28 10:41 2180712 ----a-w- c:\windows\MicCal.exe
2010-11-03 17:13 . 2007-03-28 10:41 285288 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2010-11-03 17:13 . 2007-03-28 10:41 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2010-11-03 17:13 . 2007-03-28 10:41 64104 ----a-w- c:\windows\ALCMTR.EXE
2010-11-01 18:07 . 2010-11-01 18:07 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-28 09:46 . 2007-03-28 10:40 1251944 ----a-w- c:\windows\RtlExUpd.dll
2004-03-11 11:27 . 2007-03-28 12:19 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2007-05-15 20:54 . 2011-01-03 22:31 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-05-15 20:54 . 2011-01-03 22:31 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-05-15 20:54 . 2011-01-03 22:31 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-05-15 20:54 . 2011-01-03 22:31 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-05-15 20:54 . 2011-01-03 22:31 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Valve\Steam\steam.exe" [2010-11-16 1242448]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"Google Update"="c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2011-01-03 136176]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
"Memory Improve Professional"="c:\program files\Memory Improve Professional\MemoryImproveProfessional.exe" [2010-08-23 1416192]
"SPMTray"="c:\program files\PC Speed Maximizer\SPMTray.exe" [2010-08-24 205584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RTHDCPL"="RTHDCPL.EXE" [2010-12-30 19972712]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-11-17 20:29 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 23:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD Cinema\\PowerDVDCinema10.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Ubisoft\\Shaun White Snowboarding\\ShaunWhiteSnowboardingGame.exe"=
"c:\\Program Files\\Ubisoft\\Shaun White Snowboarding\\ShaunWhiteSnowboarding.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Crash Time 4 - The Syndicate\\CrashTime4Hi.exe"=
"c:\\Program Files\\Crash Time 4 - The Syndicate\\CrashTime4Low.exe"=
"c:\\Program Files\\Activision\\James Bond 007(TM) - Blood Stone\\Bond.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\Launcher.exe"=
"c:\\Program Files\\Deep Silver\\Nail'd\\Naild_x86.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD10.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\NFS11.exe"=
"c:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOps.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\duso4\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\duso4\\counter-strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [15.11.2010 16:24 190416]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.11.2010 19:07 691696]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [15.11.2010 16:24 99792]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [28.3.2007 11:25 13696]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/22 21:42];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [17.11.2010 21:29 87536]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [24.2.2010 11:22 185472]
R2 Arcsoft Security Service;Arcsoft Security Service;c:\program files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe [22.11.2009 14:09 80384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22.10.2010 21:59 363344]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25.3.2010 14:39 490280]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [21.7.2010 12:30 101904]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22.10.2010 21:59 20952]
S2 avast! Firewall;avast! Firewall;"c:\program files\Alwil Software\Avast5\afwServ.exe" --> c:\program files\Alwil Software\Avast5\afwServ.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13.1.2011 17:02 1691480]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
.
Contents of the 'Scheduled Tasks' folder
2011-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1979792683-839522115-1003Core.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-03 22:33]
2011-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1979792683-839522115-1003UA.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-03 22:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\rbcm5208.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://sk.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
.
- - - - ORPHANS REMOVED - - - -
ShellIconOverlayIdentifiers-{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-24 16:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250620AS rev.3.AAJ -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2f
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1547161642-1979792683-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:12,59,4d,e2,36,a1,63,95,e0,b3,64,1f,e6,f9,b7,74,00,f1,cb,93,51,
6c,21,33,ed,99,72,4a,d5,12,1b,2b,f3,82,d2,46,e8,cf,e6,19,5d,c0,0d,f9,99,d2,\
"rkeysecu"=hex:77,78,ee,cd,5b,65,99,b4,34,71,f3,70,de,14,5e,6f
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2011-01-24 16:21:22
ComboFix-quarantined-files.txt 2011-01-24 15:21
Pre-Run: 43 520 585 728 bytes free
Post-Run: 12 adresárov, 43 502 080 000 voľných bajtov
- - End Of File - - DFCFFD7F7EEE4B03322D4C736FC0F622
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosim o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu
Několik položek bylo smazáno. Ještě poprosím o sken MBR: http://www2.gmer.net/mbr/mbr.exe . Utilita vytvoří krátký log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu logu
Tu je v akom stave je moj PC ked sa smiem opytat?
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250620AS rev.3.AAJ -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2f
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250620AS rev.3.AAJ -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2f
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu
Nějaké infikované položky CF smazal (Other deletions). V Master BootRecord je buď vir, nebo nějaká chyba. Zkuste toto:
Nabootujte z instal. CD a až se objeví poprvé "R-opravit", stiskněte R a přihlašte se k systému. Budete mít k dispozici příkazový řádek. Do něj postupúně napište:
PC se restartuje a při tom přepíše MBR ze záložní kopie.
Nabootujte z instal. CD a až se objeví poprvé "R-opravit", stiskněte R a přihlašte se k systému. Budete mít k dispozici příkazový řádek. Do něj postupúně napište:
stiskněte >Enter<cd c:\
potvrďte a stiskněte >Enter<fixmbr
stiskněte >Enter><exit
PC se restartuje a při tom přepíše MBR ze záložní kopie.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu logu
OK skusim to akurat som dal defragmentovat cele C tak bude to robit asi celu noc lebo ma toho moc 220gb
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu
Dejte vědět.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu logu
Zdravim no tak ozyvam sa dal som testovat pc ESET SMART SECURITY našlo mi 229 inflirtacii prešiel som ho cez všelijake programy a pomohlo ide pc lepšie,ale ma trochu spomaleny štart neviem prečo zrobil som hned log cez combo a hjt mrknite mi na to ako to vyzera čo treba spravit ešte.
ComboFix 11-01-23.07 - PC 31.01.2011 20:32:35.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3071.2422 [GMT 1:00]
Running from: I:\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-31 )))))))))))))))))))))))))))))))
.
2011-01-30 09:53 . 2011-01-30 10:03 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-01-25 17:16 . 2011-01-25 17:16 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\ESET
2011-01-25 17:16 . 2011-01-25 17:16 -------- d-----w- c:\documents and settings\PC\Application Data\ESET
2011-01-25 17:15 . 2011-01-25 17:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2011-01-25 17:15 . 2011-01-25 17:15 -------- d-----w- c:\program files\ESET
2011-01-25 17:15 . 2011-01-25 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-01-24 21:39 . 2011-01-24 21:40 -------- d-----w- c:\documents and settings\Administrator
2011-01-24 20:13 . 2011-01-24 20:13 -------- d-----w- c:\documents and settings\PC\Application Data\SUPERAntiSpyware.com
2011-01-24 18:58 . 2011-01-24 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-24 18:57 . 2011-01-24 20:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-22 13:32 . 2011-01-22 13:32 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Ok-SendMail-Bron-tok
2011-01-22 13:15 . 2011-01-22 13:43 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Loc.Mail.Bron.Tok
2011-01-22 13:00 . 2011-01-22 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro
2011-01-22 12:51 . 2011-01-22 12:51 -------- d-----w- c:\documents and settings\PC\Application Data\PC Speed Maximizer
2011-01-22 12:51 . 2011-01-24 16:07 -------- d-----w- c:\program files\PC Speed Maximizer
2011-01-17 17:38 . 2011-01-17 17:38 -------- d-----w- c:\documents and settings\PC\Application Data\Ubisoft
2011-01-13 16:07 . 2010-12-23 10:09 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-01-13 16:07 . 2011-01-13 16:07 -------- d-----w- C:\Intel
2011-01-13 16:06 . 2009-03-03 19:18 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-01-13 16:03 . 2011-01-13 16:03 -------- d-----w- c:\program files\Common Files\LogiShrd
2011-01-13 16:02 . 2011-01-13 16:03 -------- d-----w- c:\documents and settings\PC\Application Data\Logishrd
2011-01-13 16:02 . 2011-01-13 16:02 -------- d-----w- c:\documents and settings\PC\Application Data\Logitech
2011-01-13 16:02 . 2010-11-03 17:15 359016 ----a-w- c:\windows\vncutil.exe
2011-01-13 16:02 . 2010-11-11 12:27 55912 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-01-13 16:02 . 2010-11-03 17:14 129640 ----a-w- c:\windows\RtkAudioService.exe
2011-01-13 16:02 . 2009-11-18 06:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2011-01-13 16:02 . 2009-11-18 06:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2011-01-12 16:42 . 2011-01-12 16:42 -------- d-----w- c:\program files\Driver-Soft
2011-01-11 19:55 . 2011-01-11 19:55 -------- d-----w- c:\program files\Everest_Ultimate_Build_2253
2011-01-11 19:37 . 2011-01-24 15:38 -------- d-----w- c:\program files\Memory Improve Professional
2011-01-08 21:11 . 2011-01-08 21:11 -------- d-----w- c:\documents and settings\PC\Application Data\Disney Interactive Studios
2011-01-03 22:35 . 2011-01-03 22:35 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Opera
2011-01-03 22:35 . 2011-01-03 22:35 -------- d-----w- c:\program files\Opera
2011-01-03 22:33 . 2011-01-16 20:38 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Temp
2011-01-03 22:33 . 2011-01-03 22:33 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Google
2011-01-03 22:32 . 2011-01-31 18:37 407032 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\talkback.exe
2011-01-03 22:32 . 2011-01-31 18:37 99832 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\BrandRes.dll
2011-01-03 22:32 . 2011-01-31 18:37 156536 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\fullsoft.dll
2011-01-03 22:32 . 2011-01-31 18:37 14448 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-30 14:48 . 2010-11-01 18:59 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-30 13:17 . 2007-03-28 10:41 19972712 ----a-w- c:\windows\RTHDCPL.EXE
2010-12-30 10:59 . 2007-03-28 10:41 6290024 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-12-26 11:35 . 2010-12-26 11:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-26 11:35 . 2010-10-23 18:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-22 20:41 . 2010-10-31 12:06 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-12-22 20:41 . 2007-03-28 12:13 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-22 20:41 . 2007-03-28 12:13 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-21 21:28 . 2010-12-21 21:28 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-12-21 21:28 . 2010-12-21 21:28 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-12-21 21:12 . 2010-12-10 13:22 138056 ----a-w- c:\documents and settings\PC\Application Data\PnkBstrK.sys
2010-12-21 21:12 . 2010-11-01 18:59 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-21 21:11 . 2010-11-01 18:59 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-20 17:09 . 2010-10-22 20:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-10-22 20:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-19 22:04 . 2010-12-10 13:35 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2010-12-19 21:44 . 2010-12-19 21:12 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-19 21:44 . 2010-12-19 21:12 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-19 20:57 . 2010-12-19 20:57 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-11-26 04:17 . 2007-03-28 11:55 5555712 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-11-26 03:57 . 2010-10-22 10:20 16748544 ----a-w- c:\windows\system32\atioglxx.dll
2010-11-26 03:23 . 2010-10-22 10:20 471040 ----a-w- c:\windows\system32\atiok3x2.dll
2010-11-26 03:12 . 2010-12-15 18:26 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-11-26 03:07 . 2010-10-22 10:20 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-11-26 03:07 . 2010-10-22 10:20 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-11-26 03:06 . 2010-10-22 10:20 4489216 ----a-w- c:\windows\system32\aticaldd.dll
2010-11-26 02:55 . 2010-12-15 18:26 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-11-26 02:54 . 2007-03-28 11:55 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2010-11-26 02:48 . 2007-03-28 11:55 3984864 ----a-w- c:\windows\system32\ati3duag.dll
2010-11-26 02:39 . 2010-10-22 10:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-11-26 02:34 . 2010-10-22 10:20 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2010-11-26 02:34 . 2010-10-22 10:20 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-11-26 02:34 . 2010-10-22 10:20 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-11-26 02:34 . 2010-10-22 10:20 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-11-26 02:34 . 2010-10-22 10:20 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-11-26 02:32 . 2010-10-22 10:20 614400 ----a-w- c:\windows\system32\ati2evxx.exe
2010-11-26 02:32 . 2007-03-28 11:55 2669696 ----a-w- c:\windows\system32\ativvaxx.dll
2010-11-26 02:31 . 2010-10-22 10:20 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-11-26 02:30 . 2010-10-22 10:20 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-11-26 02:26 . 2010-10-22 10:20 651264 ----a-w- c:\windows\system32\atikvmag.dll
2010-11-26 02:24 . 2010-10-22 10:20 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2010-11-26 02:24 . 2010-10-22 10:20 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-11-26 02:18 . 2007-03-28 11:55 765952 ----a-w- c:\windows\system32\ati2cqag.dll
2010-11-26 02:16 . 2010-10-22 10:20 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-11-26 02:16 . 2010-10-22 10:20 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-11-21 21:51 . 2010-11-21 21:51 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-11-21 21:51 . 2010-11-21 21:51 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-11-21 21:47 . 2010-11-21 21:47 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-17 12:03 . 2010-07-21 11:30 101904 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2010-11-03 17:15 . 2007-03-28 10:41 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2010-11-03 17:15 . 2007-03-28 10:41 1833576 ----a-w- c:\windows\SkyTel.exe
2010-11-03 17:15 . 2007-03-28 10:41 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2010-11-03 17:15 . 2007-03-28 10:41 9721960 ----a-w- c:\windows\RTLCPL.EXE
2010-11-03 17:15 . 2007-03-28 10:41 1489512 ----a-w- c:\windows\RtlUpd.exe
2010-11-03 17:14 . 2007-03-28 10:41 2180712 ----a-w- c:\windows\MicCal.exe
2010-11-03 17:13 . 2007-03-28 10:41 285288 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2010-11-03 17:13 . 2007-03-28 10:41 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2010-11-03 17:13 . 2007-03-28 10:41 64104 ----a-w- c:\windows\ALCMTR.EXE
2004-03-11 11:27 . 2007-03-28 12:19 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2011-01-31 18:37 . 2011-01-03 22:31 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2011-01-31 18:37 . 2011-01-03 22:31 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2011-01-31 18:37 . 2011-01-03 22:31 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2011-01-31 18:37 . 2011-01-03 22:31 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2011-01-31 18:37 . 2011-01-03 22:31 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RTHDCPL"="RTHDCPL.EXE" [2010-12-30 19972712]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-18 2219184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-11-17 20:29 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-01-03 22:33 136176 ----atw- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-26 09:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-03-16 01:58 718208 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 23:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-11-07 13:31 21633320 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPMTray]
2010-08-24 10:46 205584 ----a-w- c:\program files\PC Speed Maximizer\SPMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-16 21:43 1242448 ----a-w- c:\program files\Valve\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-01-24 20:19 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD Cinema\\PowerDVDCinema10.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Ubisoft\\Shaun White Snowboarding\\ShaunWhiteSnowboardingGame.exe"=
"c:\\Program Files\\Ubisoft\\Shaun White Snowboarding\\ShaunWhiteSnowboarding.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Crash Time 4 - The Syndicate\\CrashTime4Hi.exe"=
"c:\\Program Files\\Crash Time 4 - The Syndicate\\CrashTime4Low.exe"=
"c:\\Program Files\\Activision\\James Bond 007(TM) - Blood Stone\\Bond.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\Launcher.exe"=
"c:\\Program Files\\Deep Silver\\Nail'd\\Naild_x86.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD10.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\NFS11.exe"=
"c:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOps.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\duso4\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\duso4\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.11.2010 19:07 691696]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [28.3.2007 11:25 13696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 12:31 115008]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 19:41 67656]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/22 21:42];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [17.11.2010 21:29 87536]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [24.2.2010 11:22 185472]
R2 Arcsoft Security Service;Arcsoft Security Service;c:\program files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe [22.11.2009 14:09 80384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [18.11.2010 14:11 810144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22.10.2010 21:59 363344]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25.3.2010 14:39 490280]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [21.7.2010 12:30 101904]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22.10.2010 21:59 20952]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13.1.2011 17:02 1691480]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
.
Contents of the 'Scheduled Tasks' folder
2011-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1979792683-839522115-1003Core.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-03 22:33]
2011-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1979792683-839522115-1003UA.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-03 22:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\rbcm5208.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://sk.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-31 20:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250620AS rev.3.AAJ -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2f
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1547161642-1979792683-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:12,59,4d,e2,36,a1,63,95,e0,b3,64,1f,e6,f9,b7,74,00,f1,cb,93,51,
6c,21,33,ed,99,72,4a,d5,12,1b,2b,f3,82,d2,46,e8,cf,e6,19,5d,c0,0d,f9,99,d2,\
"rkeysecu"=hex:77,78,ee,cd,5b,65,99,b4,34,71,f3,70,de,14,5e,6f
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1140)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\documents and settings\PC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\PC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\PC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\documents and settings\PC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
- - - - - - - > 'explorer.exe'(3528)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-01-31 20:35:59
ComboFix-quarantined-files.txt 2011-01-31 19:35
Pre-Run: 43 199 324 160 bytes free
Post-Run: 11 adresárov, 43 177 017 344 voľných bajtov
- - End Of File - - 5EF0FBB82C84663EC1B2D79DF4F0574B
HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:37, on 31.1.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
I:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Arcsoft Security Service - Arcsoft, Inc. - C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 5796 bytes
ComboFix 11-01-23.07 - PC 31.01.2011 20:32:35.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3071.2422 [GMT 1:00]
Running from: I:\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-31 )))))))))))))))))))))))))))))))
.
2011-01-30 09:53 . 2011-01-30 10:03 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-01-25 17:16 . 2011-01-25 17:16 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\ESET
2011-01-25 17:16 . 2011-01-25 17:16 -------- d-----w- c:\documents and settings\PC\Application Data\ESET
2011-01-25 17:15 . 2011-01-25 17:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2011-01-25 17:15 . 2011-01-25 17:15 -------- d-----w- c:\program files\ESET
2011-01-25 17:15 . 2011-01-25 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-01-24 21:39 . 2011-01-24 21:40 -------- d-----w- c:\documents and settings\Administrator
2011-01-24 20:13 . 2011-01-24 20:13 -------- d-----w- c:\documents and settings\PC\Application Data\SUPERAntiSpyware.com
2011-01-24 18:58 . 2011-01-24 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-24 18:57 . 2011-01-24 20:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-22 13:32 . 2011-01-22 13:32 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Ok-SendMail-Bron-tok
2011-01-22 13:15 . 2011-01-22 13:43 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Loc.Mail.Bron.Tok
2011-01-22 13:00 . 2011-01-22 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro
2011-01-22 12:51 . 2011-01-22 12:51 -------- d-----w- c:\documents and settings\PC\Application Data\PC Speed Maximizer
2011-01-22 12:51 . 2011-01-24 16:07 -------- d-----w- c:\program files\PC Speed Maximizer
2011-01-17 17:38 . 2011-01-17 17:38 -------- d-----w- c:\documents and settings\PC\Application Data\Ubisoft
2011-01-13 16:07 . 2010-12-23 10:09 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-01-13 16:07 . 2011-01-13 16:07 -------- d-----w- C:\Intel
2011-01-13 16:06 . 2009-03-03 19:18 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-01-13 16:03 . 2011-01-13 16:03 -------- d-----w- c:\program files\Common Files\LogiShrd
2011-01-13 16:02 . 2011-01-13 16:03 -------- d-----w- c:\documents and settings\PC\Application Data\Logishrd
2011-01-13 16:02 . 2011-01-13 16:02 -------- d-----w- c:\documents and settings\PC\Application Data\Logitech
2011-01-13 16:02 . 2010-11-03 17:15 359016 ----a-w- c:\windows\vncutil.exe
2011-01-13 16:02 . 2010-11-11 12:27 55912 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-01-13 16:02 . 2010-11-03 17:14 129640 ----a-w- c:\windows\RtkAudioService.exe
2011-01-13 16:02 . 2009-11-18 06:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2011-01-13 16:02 . 2009-11-18 06:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2011-01-12 16:42 . 2011-01-12 16:42 -------- d-----w- c:\program files\Driver-Soft
2011-01-11 19:55 . 2011-01-11 19:55 -------- d-----w- c:\program files\Everest_Ultimate_Build_2253
2011-01-11 19:37 . 2011-01-24 15:38 -------- d-----w- c:\program files\Memory Improve Professional
2011-01-08 21:11 . 2011-01-08 21:11 -------- d-----w- c:\documents and settings\PC\Application Data\Disney Interactive Studios
2011-01-03 22:35 . 2011-01-03 22:35 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Opera
2011-01-03 22:35 . 2011-01-03 22:35 -------- d-----w- c:\program files\Opera
2011-01-03 22:33 . 2011-01-16 20:38 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Temp
2011-01-03 22:33 . 2011-01-03 22:33 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Google
2011-01-03 22:32 . 2011-01-31 18:37 407032 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\talkback.exe
2011-01-03 22:32 . 2011-01-31 18:37 99832 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\BrandRes.dll
2011-01-03 22:32 . 2011-01-31 18:37 156536 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\fullsoft.dll
2011-01-03 22:32 . 2011-01-31 18:37 14448 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-30 14:48 . 2010-11-01 18:59 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-30 13:17 . 2007-03-28 10:41 19972712 ----a-w- c:\windows\RTHDCPL.EXE
2010-12-30 10:59 . 2007-03-28 10:41 6290024 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-12-26 11:35 . 2010-12-26 11:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-26 11:35 . 2010-10-23 18:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-22 20:41 . 2010-10-31 12:06 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-12-22 20:41 . 2007-03-28 12:13 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-22 20:41 . 2007-03-28 12:13 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-21 21:28 . 2010-12-21 21:28 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-12-21 21:28 . 2010-12-21 21:28 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-12-21 21:12 . 2010-12-10 13:22 138056 ----a-w- c:\documents and settings\PC\Application Data\PnkBstrK.sys
2010-12-21 21:12 . 2010-11-01 18:59 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-21 21:11 . 2010-11-01 18:59 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-20 17:09 . 2010-10-22 20:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-10-22 20:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-19 22:04 . 2010-12-10 13:35 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2010-12-19 21:44 . 2010-12-19 21:12 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-19 21:44 . 2010-12-19 21:12 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-19 20:57 . 2010-12-19 20:57 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-11-26 04:17 . 2007-03-28 11:55 5555712 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-11-26 03:57 . 2010-10-22 10:20 16748544 ----a-w- c:\windows\system32\atioglxx.dll
2010-11-26 03:23 . 2010-10-22 10:20 471040 ----a-w- c:\windows\system32\atiok3x2.dll
2010-11-26 03:12 . 2010-12-15 18:26 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-11-26 03:07 . 2010-10-22 10:20 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-11-26 03:07 . 2010-10-22 10:20 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-11-26 03:06 . 2010-10-22 10:20 4489216 ----a-w- c:\windows\system32\aticaldd.dll
2010-11-26 02:55 . 2010-12-15 18:26 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-11-26 02:54 . 2007-03-28 11:55 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2010-11-26 02:48 . 2007-03-28 11:55 3984864 ----a-w- c:\windows\system32\ati3duag.dll
2010-11-26 02:39 . 2010-10-22 10:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-11-26 02:34 . 2010-10-22 10:20 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2010-11-26 02:34 . 2010-10-22 10:20 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-11-26 02:34 . 2010-10-22 10:20 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-11-26 02:34 . 2010-10-22 10:20 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-11-26 02:34 . 2010-10-22 10:20 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-11-26 02:32 . 2010-10-22 10:20 614400 ----a-w- c:\windows\system32\ati2evxx.exe
2010-11-26 02:32 . 2007-03-28 11:55 2669696 ----a-w- c:\windows\system32\ativvaxx.dll
2010-11-26 02:31 . 2010-10-22 10:20 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-11-26 02:30 . 2010-10-22 10:20 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-11-26 02:26 . 2010-10-22 10:20 651264 ----a-w- c:\windows\system32\atikvmag.dll
2010-11-26 02:24 . 2010-10-22 10:20 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2010-11-26 02:24 . 2010-10-22 10:20 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-11-26 02:18 . 2007-03-28 11:55 765952 ----a-w- c:\windows\system32\ati2cqag.dll
2010-11-26 02:16 . 2010-10-22 10:20 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-11-26 02:16 . 2010-10-22 10:20 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-11-21 21:51 . 2010-11-21 21:51 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-11-21 21:51 . 2010-11-21 21:51 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-11-21 21:47 . 2010-11-21 21:47 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-17 12:03 . 2010-07-21 11:30 101904 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2010-11-03 17:15 . 2007-03-28 10:41 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2010-11-03 17:15 . 2007-03-28 10:41 1833576 ----a-w- c:\windows\SkyTel.exe
2010-11-03 17:15 . 2007-03-28 10:41 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2010-11-03 17:15 . 2007-03-28 10:41 9721960 ----a-w- c:\windows\RTLCPL.EXE
2010-11-03 17:15 . 2007-03-28 10:41 1489512 ----a-w- c:\windows\RtlUpd.exe
2010-11-03 17:14 . 2007-03-28 10:41 2180712 ----a-w- c:\windows\MicCal.exe
2010-11-03 17:13 . 2007-03-28 10:41 285288 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2010-11-03 17:13 . 2007-03-28 10:41 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2010-11-03 17:13 . 2007-03-28 10:41 64104 ----a-w- c:\windows\ALCMTR.EXE
2004-03-11 11:27 . 2007-03-28 12:19 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2011-01-31 18:37 . 2011-01-03 22:31 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2011-01-31 18:37 . 2011-01-03 22:31 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2011-01-31 18:37 . 2011-01-03 22:31 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2011-01-31 18:37 . 2011-01-03 22:31 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2011-01-31 18:37 . 2011-01-03 22:31 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RTHDCPL"="RTHDCPL.EXE" [2010-12-30 19972712]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-18 2219184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-11-17 20:29 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-01-03 22:33 136176 ----atw- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-26 09:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-03-16 01:58 718208 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 23:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-11-07 13:31 21633320 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPMTray]
2010-08-24 10:46 205584 ----a-w- c:\program files\PC Speed Maximizer\SPMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-16 21:43 1242448 ----a-w- c:\program files\Valve\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-01-24 20:19 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD Cinema\\PowerDVDCinema10.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Ubisoft\\Shaun White Snowboarding\\ShaunWhiteSnowboardingGame.exe"=
"c:\\Program Files\\Ubisoft\\Shaun White Snowboarding\\ShaunWhiteSnowboarding.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Crash Time 4 - The Syndicate\\CrashTime4Hi.exe"=
"c:\\Program Files\\Crash Time 4 - The Syndicate\\CrashTime4Low.exe"=
"c:\\Program Files\\Activision\\James Bond 007(TM) - Blood Stone\\Bond.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\Launcher.exe"=
"c:\\Program Files\\Deep Silver\\Nail'd\\Naild_x86.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD10.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\NFS11.exe"=
"c:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOps.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\duso4\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\duso4\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.11.2010 19:07 691696]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [28.3.2007 11:25 13696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 12:31 115008]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 19:41 67656]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/22 21:42];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [17.11.2010 21:29 87536]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [24.2.2010 11:22 185472]
R2 Arcsoft Security Service;Arcsoft Security Service;c:\program files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe [22.11.2009 14:09 80384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [18.11.2010 14:11 810144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22.10.2010 21:59 363344]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25.3.2010 14:39 490280]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [21.7.2010 12:30 101904]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22.10.2010 21:59 20952]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13.1.2011 17:02 1691480]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
.
Contents of the 'Scheduled Tasks' folder
2011-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1979792683-839522115-1003Core.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-03 22:33]
2011-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1979792683-839522115-1003UA.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-03 22:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\rbcm5208.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://sk.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-31 20:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250620AS rev.3.AAJ -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2f
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1547161642-1979792683-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:12,59,4d,e2,36,a1,63,95,e0,b3,64,1f,e6,f9,b7,74,00,f1,cb,93,51,
6c,21,33,ed,99,72,4a,d5,12,1b,2b,f3,82,d2,46,e8,cf,e6,19,5d,c0,0d,f9,99,d2,\
"rkeysecu"=hex:77,78,ee,cd,5b,65,99,b4,34,71,f3,70,de,14,5e,6f
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1140)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\documents and settings\PC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\PC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\PC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\documents and settings\PC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
- - - - - - - > 'explorer.exe'(3528)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-01-31 20:35:59
ComboFix-quarantined-files.txt 2011-01-31 19:35
Pre-Run: 43 199 324 160 bytes free
Post-Run: 11 adresárov, 43 177 017 344 voľných bajtov
- - End Of File - - 5EF0FBB82C84663EC1B2D79DF4F0574B
HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:37, on 31.1.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
I:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Arcsoft Security Service - Arcsoft, Inc. - C:\Program Files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 5796 bytes
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu
Stáhněte nový ComboFix (ten váš je již po expiraci) a udělejte nový sken. Pak dejte log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu logu
Zdravim a de stahnem novy COMBOFIX pozeram všade a nikde nič pod akou sekciou to najdem je tu na fore ? dik....
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu logu
Tak davam log z toho noveho combofixu....Ako som na tom?
ComboFix 11-01-31.02 - PC 01.02.2011 23:05:24.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3071.2245 [GMT 1:00]
Running from: I:\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2011-01-01 to 2011-02-01 )))))))))))))))))))))))))))))))
.
2011-01-31 22:09 . 2011-02-01 18:44 24064 ----a-w- c:\windows\system32\drivers\HMFAxCore46691b2fe72383a3b643d95081ef1d95.sys
2011-01-31 22:09 . 2010-11-28 20:04 100352 ----a-w- c:\windows\strsLock.exe
2011-01-31 22:09 . 2010-03-05 22:35 166400 --sha-w- c:\windows\MmWatch.dll
2011-01-31 22:09 . 2009-05-02 13:13 186368 --sha-w- c:\windows\ShellExecuteHook.dll
2011-01-31 22:09 . 2009-04-14 08:59 28672 --sha-w- c:\windows\HkMgrMM.dll
2011-01-31 22:09 . 2011-02-01 18:44 -------- d-sh--w- c:\documents and settings\All Users\Application Data\Strazca systemu
2011-01-31 22:09 . 2011-02-01 18:44 710076 ----a-w- c:\windows\unins000.exe
2011-01-31 22:09 . 2010-12-01 14:28 2628096 --sha-w- c:\windows\strs.exe
2011-01-31 22:09 . 2008-04-30 16:41 926968 --sha-w- c:\windows\HMFAxstr.dll
2011-01-31 22:09 . 2008-03-04 15:50 44544 --sha-w- c:\windows\Strsysk.dll
2011-01-31 22:09 . 2007-03-21 21:10 24064 --sha-w- c:\windows\Strsys.dll
2011-01-31 22:08 . 2011-01-31 22:08 1961679 ----a-w- c:\program files\Strazca_systemu.exe
2011-01-30 09:53 . 2011-01-30 10:03 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-01-25 17:16 . 2011-01-25 17:16 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\ESET
2011-01-25 17:16 . 2011-01-25 17:16 -------- d-----w- c:\documents and settings\PC\Application Data\ESET
2011-01-25 17:15 . 2011-01-25 17:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2011-01-25 17:15 . 2011-01-25 17:15 -------- d-----w- c:\program files\ESET
2011-01-25 17:15 . 2011-01-25 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-01-24 21:39 . 2011-01-24 21:40 -------- d-----w- c:\documents and settings\Administrator
2011-01-24 20:13 . 2011-01-24 20:13 -------- d-----w- c:\documents and settings\PC\Application Data\SUPERAntiSpyware.com
2011-01-24 18:58 . 2011-01-24 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-24 18:57 . 2011-01-24 20:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-22 13:32 . 2011-01-22 13:32 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Ok-SendMail-Bron-tok
2011-01-22 13:15 . 2011-01-22 13:43 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Loc.Mail.Bron.Tok
2011-01-22 13:00 . 2011-01-22 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro
2011-01-22 12:51 . 2011-01-22 12:51 -------- d-----w- c:\documents and settings\PC\Application Data\PC Speed Maximizer
2011-01-22 12:51 . 2011-01-24 16:07 -------- d-----w- c:\program files\PC Speed Maximizer
2011-01-17 17:38 . 2011-01-17 17:38 -------- d-----w- c:\documents and settings\PC\Application Data\Ubisoft
2011-01-13 16:07 . 2010-12-23 10:09 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-01-13 16:07 . 2011-01-13 16:07 -------- d-----w- C:\Intel
2011-01-13 16:06 . 2009-03-03 19:18 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-01-13 16:03 . 2011-01-13 16:03 -------- d-----w- c:\program files\Common Files\LogiShrd
2011-01-13 16:02 . 2011-01-13 16:03 -------- d-----w- c:\documents and settings\PC\Application Data\Logishrd
2011-01-13 16:02 . 2011-01-13 16:02 -------- d-----w- c:\documents and settings\PC\Application Data\Logitech
2011-01-13 16:02 . 2010-11-03 17:15 359016 ----a-w- c:\windows\vncutil.exe
2011-01-13 16:02 . 2010-11-11 12:27 55912 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-01-13 16:02 . 2010-11-03 17:14 129640 ----a-w- c:\windows\RtkAudioService.exe
2011-01-13 16:02 . 2009-11-18 06:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2011-01-13 16:02 . 2009-11-18 06:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2011-01-12 16:42 . 2011-01-12 16:42 -------- d-----w- c:\program files\Driver-Soft
2011-01-11 19:55 . 2011-01-11 19:55 -------- d-----w- c:\program files\Everest_Ultimate_Build_2253
2011-01-11 19:37 . 2011-01-24 15:38 -------- d-----w- c:\program files\Memory Improve Professional
2011-01-08 21:11 . 2011-01-08 21:11 -------- d-----w- c:\documents and settings\PC\Application Data\Disney Interactive Studios
2011-01-03 22:35 . 2011-01-03 22:35 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Opera
2011-01-03 22:35 . 2011-01-03 22:35 -------- d-----w- c:\program files\Opera
2011-01-03 22:33 . 2011-01-16 20:38 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Temp
2011-01-03 22:33 . 2011-01-03 22:33 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Google
2011-01-03 22:32 . 2011-01-31 18:37 407032 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\talkback.exe
2011-01-03 22:32 . 2011-01-31 18:37 99832 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\BrandRes.dll
2011-01-03 22:32 . 2011-01-31 18:37 156536 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\fullsoft.dll
2011-01-03 22:32 . 2011-01-31 18:37 14448 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-30 14:48 . 2010-11-01 18:59 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-30 13:17 . 2007-03-28 10:41 19972712 ----a-w- c:\windows\RTHDCPL.EXE
2010-12-30 10:59 . 2007-03-28 10:41 6290024 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-12-26 11:35 . 2010-12-26 11:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-26 11:35 . 2010-10-23 18:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-22 20:41 . 2010-10-31 12:06 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-12-22 20:41 . 2007-03-28 12:13 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-22 20:41 . 2007-03-28 12:13 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-21 21:28 . 2010-12-21 21:28 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-12-21 21:28 . 2010-12-21 21:28 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-12-21 21:12 . 2010-12-10 13:22 138056 ----a-w- c:\documents and settings\PC\Application Data\PnkBstrK.sys
2010-12-21 21:12 . 2010-11-01 18:59 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-21 21:11 . 2010-11-01 18:59 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-20 17:09 . 2010-10-22 20:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-10-22 20:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-19 22:04 . 2010-12-10 13:35 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2010-12-19 21:44 . 2010-12-19 21:12 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-19 21:44 . 2010-12-19 21:12 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-19 20:57 . 2010-12-19 20:57 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-11-26 04:17 . 2007-03-28 11:55 5555712 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-11-26 03:57 . 2010-10-22 10:20 16748544 ----a-w- c:\windows\system32\atioglxx.dll
2010-11-26 03:23 . 2010-10-22 10:20 471040 ----a-w- c:\windows\system32\atiok3x2.dll
2010-11-26 03:12 . 2010-12-15 18:26 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-11-26 03:07 . 2010-10-22 10:20 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-11-26 03:07 . 2010-10-22 10:20 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-11-26 03:06 . 2010-10-22 10:20 4489216 ----a-w- c:\windows\system32\aticaldd.dll
2010-11-26 02:55 . 2010-12-15 18:26 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-11-26 02:54 . 2007-03-28 11:55 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2010-11-26 02:48 . 2007-03-28 11:55 3984864 ----a-w- c:\windows\system32\ati3duag.dll
2010-11-26 02:39 . 2010-10-22 10:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-11-26 02:34 . 2010-10-22 10:20 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2010-11-26 02:34 . 2010-10-22 10:20 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-11-26 02:34 . 2010-10-22 10:20 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-11-26 02:34 . 2010-10-22 10:20 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-11-26 02:34 . 2010-10-22 10:20 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-11-26 02:32 . 2010-10-22 10:20 614400 ----a-w- c:\windows\system32\ati2evxx.exe
2010-11-26 02:32 . 2007-03-28 11:55 2669696 ----a-w- c:\windows\system32\ativvaxx.dll
2010-11-26 02:31 . 2010-10-22 10:20 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-11-26 02:30 . 2010-10-22 10:20 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-11-26 02:26 . 2010-10-22 10:20 651264 ----a-w- c:\windows\system32\atikvmag.dll
2010-11-26 02:24 . 2010-10-22 10:20 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2010-11-26 02:24 . 2010-10-22 10:20 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-11-26 02:18 . 2007-03-28 11:55 765952 ----a-w- c:\windows\system32\ati2cqag.dll
2010-11-26 02:16 . 2010-10-22 10:20 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-11-26 02:16 . 2010-10-22 10:20 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-11-21 21:51 . 2010-11-21 21:51 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-11-21 21:51 . 2010-11-21 21:51 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-11-21 21:47 . 2010-11-21 21:47 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-17 12:03 . 2010-07-21 11:30 101904 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2004-03-11 11:27 . 2007-03-28 12:19 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2011-01-31 18:37 . 2011-01-03 22:31 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2011-01-31 18:37 . 2011-01-03 22:31 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2011-01-31 18:37 . 2011-01-03 22:31 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2011-01-31 18:37 . 2011-01-03 22:31 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2011-01-31 18:37 . 2011-01-03 22:31 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-04-14 08:59 28672 --sha-w- c:\windows\HkMgrMM.dll
2008-04-30 16:41 926968 --sha-w- c:\windows\HMFAxstr.dll
2010-03-05 22:35 166400 --sha-w- c:\windows\MmWatch.dll
2009-05-02 13:13 186368 --sha-w- c:\windows\ShellExecuteHook.dll
2007-03-21 21:10 24064 --sha-w- c:\windows\Strsys.dll
2008-03-04 15:50 44544 --sha-w- c:\windows\Strsysk.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-01-31_19.34.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-31 22:09 . 2011-02-01 18:44 21558 c:\windows\unins000.dat
+ 2011-02-01 18:45 . 2011-02-01 18:45 16384 c:\windows\Temp\Perflib_Perfdata_43c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RTHDCPL"="RTHDCPL.EXE" [2010-12-30 19972712]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-18 2219184]
"StrSystem"="c:\windows\strs.exe" [2010-12-01 2628096]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-11-17 20:29 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-01-03 22:33 136176 ----atw- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-26 09:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-03-16 01:58 718208 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 23:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-11-07 13:31 21633320 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPMTray]
2010-08-24 10:46 205584 ----a-w- c:\program files\PC Speed Maximizer\SPMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-16 21:43 1242448 ----a-w- c:\program files\Valve\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-01-24 20:19 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD Cinema\\PowerDVDCinema10.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Ubisoft\\Shaun White Snowboarding\\ShaunWhiteSnowboardingGame.exe"=
"c:\\Program Files\\Ubisoft\\Shaun White Snowboarding\\ShaunWhiteSnowboarding.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Crash Time 4 - The Syndicate\\CrashTime4Hi.exe"=
"c:\\Program Files\\Crash Time 4 - The Syndicate\\CrashTime4Low.exe"=
"c:\\Program Files\\Activision\\James Bond 007(TM) - Blood Stone\\Bond.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\Launcher.exe"=
"c:\\Program Files\\Deep Silver\\Nail'd\\Naild_x86.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD10.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\NFS11.exe"=
"c:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOps.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\duso4\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\duso4\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.11.2010 19:07 691696]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [28.3.2007 11:25 13696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 12:31 115008]
R1 HMFAxCore46691b2fe72383a3b643d95081ef1d95;HMFAxCore46691b2fe72383a3b643d95081ef1d95;c:\windows\system32\drivers\HMFAxCore46691b2fe72383a3b643d95081ef1d95.sys [31.1.2011 23:09 24064]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 19:41 67656]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/22 21:42];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [17.11.2010 21:29 87536]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [24.2.2010 11:22 185472]
R2 Arcsoft Security Service;Arcsoft Security Service;c:\program files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe [22.11.2009 14:09 80384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [18.11.2010 14:11 810144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22.10.2010 21:59 363344]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25.3.2010 14:39 490280]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [21.7.2010 12:30 101904]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22.10.2010 21:59 20952]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13.1.2011 17:02 1691480]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
.
Contents of the 'Scheduled Tasks' folder
2011-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1979792683-839522115-1003Core.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-03 22:33]
2011-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1979792683-839522115-1003UA.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-03 22:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\rbcm5208.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://sk.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-01 23:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250620AS rev.3.AAJ -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2f
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1547161642-1979792683-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:12,59,4d,e2,36,a1,63,95,e0,b3,64,1f,e6,f9,b7,74,00,f1,cb,93,51,
6c,21,33,ed,99,72,4a,d5,12,1b,2b,f3,82,d2,46,e8,cf,e6,19,5d,c0,0d,f9,99,d2,\
"rkeysecu"=hex:77,78,ee,cd,5b,65,99,b4,34,71,f3,70,de,14,5e,6f
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1140)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\documents and settings\PC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\PC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\PC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\documents and settings\PC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
- - - - - - - > 'explorer.exe'(3444)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-01 23:16:47
ComboFix-quarantined-files.txt 2011-02-01 22:16
Pre-Run: 42 952 667 136 bytes free
Post-Run: 11 adresárov, 42 941 677 568 voľných bajtov
- - End Of File - - B0081603768032CBA2E9D0BC19B012EC
ComboFix 11-01-31.02 - PC 01.02.2011 23:05:24.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3071.2245 [GMT 1:00]
Running from: I:\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2011-01-01 to 2011-02-01 )))))))))))))))))))))))))))))))
.
2011-01-31 22:09 . 2011-02-01 18:44 24064 ----a-w- c:\windows\system32\drivers\HMFAxCore46691b2fe72383a3b643d95081ef1d95.sys
2011-01-31 22:09 . 2010-11-28 20:04 100352 ----a-w- c:\windows\strsLock.exe
2011-01-31 22:09 . 2010-03-05 22:35 166400 --sha-w- c:\windows\MmWatch.dll
2011-01-31 22:09 . 2009-05-02 13:13 186368 --sha-w- c:\windows\ShellExecuteHook.dll
2011-01-31 22:09 . 2009-04-14 08:59 28672 --sha-w- c:\windows\HkMgrMM.dll
2011-01-31 22:09 . 2011-02-01 18:44 -------- d-sh--w- c:\documents and settings\All Users\Application Data\Strazca systemu
2011-01-31 22:09 . 2011-02-01 18:44 710076 ----a-w- c:\windows\unins000.exe
2011-01-31 22:09 . 2010-12-01 14:28 2628096 --sha-w- c:\windows\strs.exe
2011-01-31 22:09 . 2008-04-30 16:41 926968 --sha-w- c:\windows\HMFAxstr.dll
2011-01-31 22:09 . 2008-03-04 15:50 44544 --sha-w- c:\windows\Strsysk.dll
2011-01-31 22:09 . 2007-03-21 21:10 24064 --sha-w- c:\windows\Strsys.dll
2011-01-31 22:08 . 2011-01-31 22:08 1961679 ----a-w- c:\program files\Strazca_systemu.exe
2011-01-30 09:53 . 2011-01-30 10:03 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-01-25 17:16 . 2011-01-25 17:16 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\ESET
2011-01-25 17:16 . 2011-01-25 17:16 -------- d-----w- c:\documents and settings\PC\Application Data\ESET
2011-01-25 17:15 . 2011-01-25 17:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2011-01-25 17:15 . 2011-01-25 17:15 -------- d-----w- c:\program files\ESET
2011-01-25 17:15 . 2011-01-25 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-01-24 21:39 . 2011-01-24 21:40 -------- d-----w- c:\documents and settings\Administrator
2011-01-24 20:13 . 2011-01-24 20:13 -------- d-----w- c:\documents and settings\PC\Application Data\SUPERAntiSpyware.com
2011-01-24 18:58 . 2011-01-24 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-24 18:57 . 2011-01-24 20:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-22 13:32 . 2011-01-22 13:32 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Ok-SendMail-Bron-tok
2011-01-22 13:15 . 2011-01-22 13:43 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Loc.Mail.Bron.Tok
2011-01-22 13:00 . 2011-01-22 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro
2011-01-22 12:51 . 2011-01-22 12:51 -------- d-----w- c:\documents and settings\PC\Application Data\PC Speed Maximizer
2011-01-22 12:51 . 2011-01-24 16:07 -------- d-----w- c:\program files\PC Speed Maximizer
2011-01-17 17:38 . 2011-01-17 17:38 -------- d-----w- c:\documents and settings\PC\Application Data\Ubisoft
2011-01-13 16:07 . 2010-12-23 10:09 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-01-13 16:07 . 2011-01-13 16:07 -------- d-----w- C:\Intel
2011-01-13 16:06 . 2009-03-03 19:18 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-01-13 16:03 . 2011-01-13 16:03 -------- d-----w- c:\program files\Common Files\LogiShrd
2011-01-13 16:02 . 2011-01-13 16:03 -------- d-----w- c:\documents and settings\PC\Application Data\Logishrd
2011-01-13 16:02 . 2011-01-13 16:02 -------- d-----w- c:\documents and settings\PC\Application Data\Logitech
2011-01-13 16:02 . 2010-11-03 17:15 359016 ----a-w- c:\windows\vncutil.exe
2011-01-13 16:02 . 2010-11-11 12:27 55912 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-01-13 16:02 . 2010-11-03 17:14 129640 ----a-w- c:\windows\RtkAudioService.exe
2011-01-13 16:02 . 2009-11-18 06:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2011-01-13 16:02 . 2009-11-18 06:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2011-01-12 16:42 . 2011-01-12 16:42 -------- d-----w- c:\program files\Driver-Soft
2011-01-11 19:55 . 2011-01-11 19:55 -------- d-----w- c:\program files\Everest_Ultimate_Build_2253
2011-01-11 19:37 . 2011-01-24 15:38 -------- d-----w- c:\program files\Memory Improve Professional
2011-01-08 21:11 . 2011-01-08 21:11 -------- d-----w- c:\documents and settings\PC\Application Data\Disney Interactive Studios
2011-01-03 22:35 . 2011-01-03 22:35 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Opera
2011-01-03 22:35 . 2011-01-03 22:35 -------- d-----w- c:\program files\Opera
2011-01-03 22:33 . 2011-01-16 20:38 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Temp
2011-01-03 22:33 . 2011-01-03 22:33 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Google
2011-01-03 22:32 . 2011-01-31 18:37 407032 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\talkback.exe
2011-01-03 22:32 . 2011-01-31 18:37 99832 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\BrandRes.dll
2011-01-03 22:32 . 2011-01-31 18:37 156536 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\fullsoft.dll
2011-01-03 22:32 . 2011-01-31 18:37 14448 ----a-w- c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-01-03 22:32 . 2009-01-23 12:09 143360 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-30 14:48 . 2010-11-01 18:59 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-30 13:17 . 2007-03-28 10:41 19972712 ----a-w- c:\windows\RTHDCPL.EXE
2010-12-30 10:59 . 2007-03-28 10:41 6290024 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-12-26 11:35 . 2010-12-26 11:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-26 11:35 . 2010-10-23 18:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-22 20:41 . 2010-10-31 12:06 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-12-22 20:41 . 2007-03-28 12:13 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-22 20:41 . 2007-03-28 12:13 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-21 21:28 . 2010-12-21 21:28 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-12-21 21:28 . 2010-12-21 21:28 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-12-21 21:12 . 2010-12-10 13:22 138056 ----a-w- c:\documents and settings\PC\Application Data\PnkBstrK.sys
2010-12-21 21:12 . 2010-11-01 18:59 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-21 21:11 . 2010-11-01 18:59 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-20 17:09 . 2010-10-22 20:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-10-22 20:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-19 22:04 . 2010-12-10 13:35 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2010-12-19 21:44 . 2010-12-19 21:12 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-19 21:44 . 2010-12-19 21:12 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-19 20:57 . 2010-12-19 20:57 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-11-26 04:17 . 2007-03-28 11:55 5555712 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-11-26 03:57 . 2010-10-22 10:20 16748544 ----a-w- c:\windows\system32\atioglxx.dll
2010-11-26 03:23 . 2010-10-22 10:20 471040 ----a-w- c:\windows\system32\atiok3x2.dll
2010-11-26 03:12 . 2010-12-15 18:26 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-11-26 03:07 . 2010-10-22 10:20 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-11-26 03:07 . 2010-10-22 10:20 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-11-26 03:06 . 2010-10-22 10:20 4489216 ----a-w- c:\windows\system32\aticaldd.dll
2010-11-26 02:55 . 2010-12-15 18:26 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-11-26 02:54 . 2007-03-28 11:55 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2010-11-26 02:48 . 2007-03-28 11:55 3984864 ----a-w- c:\windows\system32\ati3duag.dll
2010-11-26 02:39 . 2010-10-22 10:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-11-26 02:34 . 2010-10-22 10:20 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2010-11-26 02:34 . 2010-10-22 10:20 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-11-26 02:34 . 2010-10-22 10:20 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-11-26 02:34 . 2010-10-22 10:20 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-11-26 02:34 . 2010-10-22 10:20 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-11-26 02:32 . 2010-10-22 10:20 614400 ----a-w- c:\windows\system32\ati2evxx.exe
2010-11-26 02:32 . 2007-03-28 11:55 2669696 ----a-w- c:\windows\system32\ativvaxx.dll
2010-11-26 02:31 . 2010-10-22 10:20 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-11-26 02:30 . 2010-10-22 10:20 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-11-26 02:26 . 2010-10-22 10:20 651264 ----a-w- c:\windows\system32\atikvmag.dll
2010-11-26 02:24 . 2010-10-22 10:20 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2010-11-26 02:24 . 2010-10-22 10:20 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-11-26 02:18 . 2007-03-28 11:55 765952 ----a-w- c:\windows\system32\ati2cqag.dll
2010-11-26 02:16 . 2010-10-22 10:20 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-11-26 02:16 . 2010-10-22 10:20 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-11-21 21:51 . 2010-11-21 21:51 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-11-21 21:51 . 2010-11-21 21:51 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-11-21 21:47 . 2010-11-21 21:47 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-17 12:03 . 2010-07-21 11:30 101904 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2004-03-11 11:27 . 2007-03-28 12:19 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2011-01-31 18:37 . 2011-01-03 22:31 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2011-01-31 18:37 . 2011-01-03 22:31 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2011-01-31 18:37 . 2011-01-03 22:31 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2011-01-31 18:37 . 2011-01-03 22:31 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2011-01-31 18:37 . 2011-01-03 22:31 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-04-14 08:59 28672 --sha-w- c:\windows\HkMgrMM.dll
2008-04-30 16:41 926968 --sha-w- c:\windows\HMFAxstr.dll
2010-03-05 22:35 166400 --sha-w- c:\windows\MmWatch.dll
2009-05-02 13:13 186368 --sha-w- c:\windows\ShellExecuteHook.dll
2007-03-21 21:10 24064 --sha-w- c:\windows\Strsys.dll
2008-03-04 15:50 44544 --sha-w- c:\windows\Strsysk.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-01-31_19.34.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-31 22:09 . 2011-02-01 18:44 21558 c:\windows\unins000.dat
+ 2011-02-01 18:45 . 2011-02-01 18:45 16384 c:\windows\Temp\Perflib_Perfdata_43c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RTHDCPL"="RTHDCPL.EXE" [2010-12-30 19972712]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-18 2219184]
"StrSystem"="c:\windows\strs.exe" [2010-12-01 2628096]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-11-17 20:29 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-01-03 22:33 136176 ----atw- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-26 09:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-03-16 01:58 718208 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 23:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-11-07 13:31 21633320 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPMTray]
2010-08-24 10:46 205584 ----a-w- c:\program files\PC Speed Maximizer\SPMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-16 21:43 1242448 ----a-w- c:\program files\Valve\Steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-01-24 20:19 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD Cinema\\PowerDVDCinema10.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Ubisoft\\Shaun White Snowboarding\\ShaunWhiteSnowboardingGame.exe"=
"c:\\Program Files\\Ubisoft\\Shaun White Snowboarding\\ShaunWhiteSnowboarding.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Crash Time 4 - The Syndicate\\CrashTime4Hi.exe"=
"c:\\Program Files\\Crash Time 4 - The Syndicate\\CrashTime4Low.exe"=
"c:\\Program Files\\Activision\\James Bond 007(TM) - Blood Stone\\Bond.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\Launcher.exe"=
"c:\\Program Files\\Deep Silver\\Nail'd\\Naild_x86.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD10.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\NFS11.exe"=
"c:\\Program Files\\Activision\\Call of Duty - Black Ops\\BlackOps.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\duso4\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\duso4\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.11.2010 19:07 691696]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [28.3.2007 11:25 13696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 12:31 115008]
R1 HMFAxCore46691b2fe72383a3b643d95081ef1d95;HMFAxCore46691b2fe72383a3b643d95081ef1d95;c:\windows\system32\drivers\HMFAxCore46691b2fe72383a3b643d95081ef1d95.sys [31.1.2011 23:09 24064]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 19:41 67656]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/22 21:42];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [17.11.2010 21:29 87536]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [24.2.2010 11:22 185472]
R2 Arcsoft Security Service;Arcsoft Security Service;c:\program files\ArcSoft\TotalMedia Theatre 3\ArcSecurity.exe [22.11.2009 14:09 80384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [18.11.2010 14:11 810144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22.10.2010 21:59 363344]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25.3.2010 14:39 490280]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [21.7.2010 12:30 101904]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22.10.2010 21:59 20952]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13.1.2011 17:02 1691480]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
.
Contents of the 'Scheduled Tasks' folder
2011-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1979792683-839522115-1003Core.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-03 22:33]
2011-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1979792683-839522115-1003UA.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-03 22:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\rbcm5208.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://sk.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-01 23:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250620AS rev.3.AAJ -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2f
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1547161642-1979792683-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:12,59,4d,e2,36,a1,63,95,e0,b3,64,1f,e6,f9,b7,74,00,f1,cb,93,51,
6c,21,33,ed,99,72,4a,d5,12,1b,2b,f3,82,d2,46,e8,cf,e6,19,5d,c0,0d,f9,99,d2,\
"rkeysecu"=hex:77,78,ee,cd,5b,65,99,b4,34,71,f3,70,de,14,5e,6f
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1140)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\documents and settings\PC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\PC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\PC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\documents and settings\PC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
- - - - - - - > 'explorer.exe'(3444)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-01 23:16:47
ComboFix-quarantined-files.txt 2011-02-01 22:16
Pre-Run: 42 952 667 136 bytes free
Post-Run: 11 adresárov, 42 941 677 568 voľných bajtov
- - End Of File - - B0081603768032CBA2E9D0BC19B012EC
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu
1. Toto znáte: c:\program files\Strazca_systemu.exe ?
2. Udělejte sken MBR: http://www2.gmer.net/mbr/mbr.exe . Utilita vytvoří krátký log, který sem zkopírujte.
2. Udělejte sken MBR: http://www2.gmer.net/mbr/mbr.exe . Utilita vytvoří krátký log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu logu
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250620AS rev.3.AAJ -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2f
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
Hej to znam to som inštaloval len teraz to je program na blokovanie mojich veci napr priečinky si dam na heslo atd.....
Windows 5.1.2600 Disk: ST3250620AS rev.3.AAJ -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2f
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
Hej to znam to som inštaloval len teraz to je program na blokovanie mojich veci napr priečinky si dam na heslo atd.....
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu
Stáhněte TDSS killer: http://support.kaspersky.com/downloads/ ... killer.exe a uložte ho na plochu. Dále postupujte podle kolegova návodu:
2x-klik na TDSSKiller.exe- spustiť aplikáciu, potom na Spustiť kontrolu-klik- Start Scan.
Ak je infikovaný súbor detekovaný, bude predvolená akcia Cure, kliknite na tlačidlo Continue.
Ak podozrivý[suspicious] súbor je detekovaný, bude predvolená akcia Skip, kliknite na Continue.
Môže vás požiadať, aby ste reštartovali počítač na dokončenie procesu. Kliknite na Reboot Now.
Ak nevyžaduje reštart, kliknite na tlačidlo Report. Log súbor by sa mal objaviť. Prosím, skopírujte a vložte obsah súboru tu.
Ak je vyžadované reštartovanie počítača, správa je k dispozícii vo vašom koreňovom adresári (zvyčajne C:\ zložka) vo forme "TDSSKiller. _log.txt". Prosím, skopírujte a vložte obsah súboru tu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu logu
Zdravim,ale nejde stahnut ten TDS killer 403 FORBIDEN
Přispějete na provoz fóra?