velke zaťaženie procesora
Napsal: 02 čer 2011 18:36
čaute, procesor často vykzuje zaťaženosť 100%, mám spomalený celý počítač, spustil som combofix ale po dokončení sa mi nedali spustiť žiadne programy, vždy vypísalo chybu, až po reštarte mi opäť všetko fungovalo ale zase spomalene s veľkou vyťaženosťou procesora
pridávam výpis :
ComboFix 11-06-01.07 - Ondrej Lešňovský . 06. 2011 19:04:39.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.3070.1668 [GMT 2:00]
Running from: c:\users\Ondrej Leܲovskř\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-02 to 2011-06-02 )))))))))))))))))))))))))))))))
.
.
2011-06-02 17:23 . 2011-06-02 17:24 -------- d-----w- c:\users\Ondrej Lešňovský\AppData\Local\temp
2011-06-02 17:23 . 2011-06-02 17:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-06-02 17:23 . 2011-06-02 17:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-02 16:33 . 2011-06-02 16:33 -------- d-----w- c:\users\Ondrej Lešňovský\AppData\Roaming\Avira
2011-06-02 16:17 . 2011-04-01 15:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-02 16:17 . 2011-04-01 15:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-02 16:17 . 2011-06-02 16:17 -------- d-----w- c:\programdata\Avira
2011-06-02 16:17 . 2011-06-02 16:17 -------- d-----w- c:\program files\Avira
2011-06-02 16:01 . 2011-06-02 16:01 -------- d-----w- c:\program files\RegistryCare
2011-06-02 15:54 . 2011-06-02 16:08 -------- dc-h--w- c:\programdata\~0
2011-06-02 14:58 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2011-05-31 06:34 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42C12E4D-0852-4A47-BE5E-20BB0A7FAF5E}\mpengine.dll
2011-05-29 18:10 . 2011-06-02 14:04 -------- d-----w- c:\users\Ondrej Lešňovský\AppData\Roaming\go
2011-05-29 18:09 . 2011-06-02 15:04 -------- d-----w- c:\programdata\Easybits GO
2011-05-23 17:39 . 2011-05-23 17:41 -------- d-----w- c:\program files\ICQ7.5
2011-05-12 23:28 . 2011-05-12 23:28 -------- d-----w- c:\program files\Subtitles-1.1.0.0
2011-05-12 17:06 . 2011-05-12 17:09 -------- d-----w- c:\users\Ondrej Lešňovský\AppData\Local\CutePDF Writer
2011-05-12 17:03 . 2011-05-12 17:03 -------- d-----w- c:\program files\GPLGS
2011-05-12 17:02 . 2009-11-05 06:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-05-12 17:02 . 2011-05-12 17:02 -------- d-----w- c:\program files\Acro Software
2011-05-12 16:54 . 2011-05-12 16:54 -------- d-----w- c:\users\Ondrej Lešňovský\AppData\Roaming\BSplayer Pro
2011-05-11 13:37 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-04 23:24 . 2011-05-12 16:54 -------- d-----w- c:\users\Ondrej Lešňovský\AppData\Roaming\BSplayer
2011-05-04 23:21 . 2011-05-30 13:28 -------- d-----w- c:\users\Ondrej Lešňovský\AppData\Roaming\Winamp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 14:46 . 2009-08-22 06:13 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-04-29 17:07 . 2011-04-29 17:07 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-29 17:07 . 2011-04-29 17:07 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-29 17:07 . 2011-04-29 17:07 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-29 17:07 . 2011-04-29 17:07 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-29 17:07 . 2011-04-29 17:07 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-29 17:07 . 2011-04-29 17:07 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-29 17:07 . 2011-04-29 17:07 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-29 17:07 . 2011-04-29 17:07 367104 ----a-w- c:\windows\system32\html.iec
2011-04-29 17:07 . 2011-04-29 17:07 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-29 17:07 . 2011-04-29 17:07 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-29 17:07 . 2011-04-29 17:07 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-29 17:07 . 2011-04-29 17:07 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-29 17:07 . 2011-04-29 17:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-29 17:07 . 2011-04-29 17:07 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-29 17:07 . 2011-04-29 17:07 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-29 17:07 . 2011-04-29 17:07 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-29 17:07 . 2011-04-29 17:07 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-29 17:07 . 2011-04-29 17:07 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-29 17:07 . 2011-04-29 17:07 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-29 17:07 . 2011-04-29 17:07 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-29 17:07 . 2011-04-29 17:07 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-15 23:28 . 2011-04-15 23:28 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-03-12 21:55 . 2011-04-27 21:43 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-14 12:28 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-14 12:28 1136640 ----a-w- c:\windows\system32\mfc42.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-04-07 3405048]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-05-23 124216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 1474560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
backup=c:\windows\pss\FancyStart daemon.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remove Temp OrderReminder Uninstaller]
del [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON]
2008-10-01 06:02 851968 ----a-w- c:\program files\ASUS\Splendid\ACMON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2009-08-22 06:04 3054136 ----a-w- c:\windows\AsScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2008-08-19 17:34 159744 ----a-w- c:\program files\ASUS\ATK Media\DMedia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2008-09-03 00:11 8105984 ----a-w- c:\program files\ASUS\ATKOSD2\ATKOSD2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDWare]
2009-04-21 11:18 540576 ----a-w- c:\program files\Elantech\ETDCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-08 17:12 136176 ----atw- c:\users\Ondrej Lešňovský\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
2008-08-18 17:56 98304 ----a-w- c:\program files\ASUS\ATK Hotkey\HControlUser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-03-19 04:34 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-03-20 00:57 1929216 --s---r- c:\program files\Java\jre6\Java_Update_Client.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 3]
2009-02-06 23:13 1593344 ----a-w- c:\program files\ASUS\Wireless Console 3\wcourier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-592763930-3269380493-1611164575-1000]
"EnableNotificationsRef"=dword:00000002
.
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-03-19 4386304]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-03-19 93184]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGARCLN
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVG_ANTI-ROOTKIT
*NewlyCreated* - AVIPBB
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://asus.msn.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Ondrej Lešňovský\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 158.195.6.3 158.195.4.3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-02 19:24
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
Completion time: 2011-06-02 19:28:15
ComboFix-quarantined-files.txt 2011-06-02 17:28
ComboFix2.txt 2011-06-02 14:42
.
Pre-Run: 114 255 429 632 bytes free
Post-Run: 113 930 792 960 bytes free
.
- - End Of File - - 3166B96E21C03C7E0FFA347BAAFE4D49
pridávam výpis :
ComboFix 11-06-01.07 - Ondrej Lešňovský . 06. 2011 19:04:39.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.3070.1668 [GMT 2:00]
Running from: c:\users\Ondrej Leܲovskř\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-02 to 2011-06-02 )))))))))))))))))))))))))))))))
.
.
2011-06-02 17:23 . 2011-06-02 17:24 -------- d-----w- c:\users\Ondrej Lešňovský\AppData\Local\temp
2011-06-02 17:23 . 2011-06-02 17:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-06-02 17:23 . 2011-06-02 17:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-02 16:33 . 2011-06-02 16:33 -------- d-----w- c:\users\Ondrej Lešňovský\AppData\Roaming\Avira
2011-06-02 16:17 . 2011-04-01 15:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-02 16:17 . 2011-04-01 15:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-02 16:17 . 2011-06-02 16:17 -------- d-----w- c:\programdata\Avira
2011-06-02 16:17 . 2011-06-02 16:17 -------- d-----w- c:\program files\Avira
2011-06-02 16:01 . 2011-06-02 16:01 -------- d-----w- c:\program files\RegistryCare
2011-06-02 15:54 . 2011-06-02 16:08 -------- dc-h--w- c:\programdata\~0
2011-06-02 14:58 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2011-05-31 06:34 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42C12E4D-0852-4A47-BE5E-20BB0A7FAF5E}\mpengine.dll
2011-05-29 18:10 . 2011-06-02 14:04 -------- d-----w- c:\users\Ondrej Lešňovský\AppData\Roaming\go
2011-05-29 18:09 . 2011-06-02 15:04 -------- d-----w- c:\programdata\Easybits GO
2011-05-23 17:39 . 2011-05-23 17:41 -------- d-----w- c:\program files\ICQ7.5
2011-05-12 23:28 . 2011-05-12 23:28 -------- d-----w- c:\program files\Subtitles-1.1.0.0
2011-05-12 17:06 . 2011-05-12 17:09 -------- d-----w- c:\users\Ondrej Lešňovský\AppData\Local\CutePDF Writer
2011-05-12 17:03 . 2011-05-12 17:03 -------- d-----w- c:\program files\GPLGS
2011-05-12 17:02 . 2009-11-05 06:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-05-12 17:02 . 2011-05-12 17:02 -------- d-----w- c:\program files\Acro Software
2011-05-12 16:54 . 2011-05-12 16:54 -------- d-----w- c:\users\Ondrej Lešňovský\AppData\Roaming\BSplayer Pro
2011-05-11 13:37 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-04 23:24 . 2011-05-12 16:54 -------- d-----w- c:\users\Ondrej Lešňovský\AppData\Roaming\BSplayer
2011-05-04 23:21 . 2011-05-30 13:28 -------- d-----w- c:\users\Ondrej Lešňovský\AppData\Roaming\Winamp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 14:46 . 2009-08-22 06:13 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-04-29 17:07 . 2011-04-29 17:07 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-29 17:07 . 2011-04-29 17:07 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-29 17:07 . 2011-04-29 17:07 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-29 17:07 . 2011-04-29 17:07 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-29 17:07 . 2011-04-29 17:07 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-29 17:07 . 2011-04-29 17:07 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-29 17:07 . 2011-04-29 17:07 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-29 17:07 . 2011-04-29 17:07 367104 ----a-w- c:\windows\system32\html.iec
2011-04-29 17:07 . 2011-04-29 17:07 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-29 17:07 . 2011-04-29 17:07 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-29 17:07 . 2011-04-29 17:07 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-29 17:07 . 2011-04-29 17:07 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-29 17:07 . 2011-04-29 17:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-29 17:07 . 2011-04-29 17:07 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-29 17:07 . 2011-04-29 17:07 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-29 17:07 . 2011-04-29 17:07 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-29 17:07 . 2011-04-29 17:07 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-29 17:07 . 2011-04-29 17:07 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-29 17:07 . 2011-04-29 17:07 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-29 17:07 . 2011-04-29 17:07 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-29 17:07 . 2011-04-29 17:07 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-15 23:28 . 2011-04-15 23:28 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-03-12 21:55 . 2011-04-27 21:43 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-14 12:28 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-14 12:28 1136640 ----a-w- c:\windows\system32\mfc42.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-04-07 3405048]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-05-23 124216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 1474560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
backup=c:\windows\pss\FancyStart daemon.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remove Temp OrderReminder Uninstaller]
del [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON]
2008-10-01 06:02 851968 ----a-w- c:\program files\ASUS\Splendid\ACMON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2009-08-22 06:04 3054136 ----a-w- c:\windows\AsScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2008-08-19 17:34 159744 ----a-w- c:\program files\ASUS\ATK Media\DMedia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2008-09-03 00:11 8105984 ----a-w- c:\program files\ASUS\ATKOSD2\ATKOSD2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDWare]
2009-04-21 11:18 540576 ----a-w- c:\program files\Elantech\ETDCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-08 17:12 136176 ----atw- c:\users\Ondrej Lešňovský\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
2008-08-18 17:56 98304 ----a-w- c:\program files\ASUS\ATK Hotkey\HControlUser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-03-19 04:34 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-03-20 00:57 1929216 --s---r- c:\program files\Java\jre6\Java_Update_Client.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 3]
2009-02-06 23:13 1593344 ----a-w- c:\program files\ASUS\Wireless Console 3\wcourier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-592763930-3269380493-1611164575-1000]
"EnableNotificationsRef"=dword:00000002
.
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-03-19 4386304]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-03-19 93184]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGARCLN
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVG_ANTI-ROOTKIT
*NewlyCreated* - AVIPBB
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://asus.msn.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Ondrej Lešňovský\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 158.195.6.3 158.195.4.3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-02 19:24
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
Completion time: 2011-06-02 19:28:15
ComboFix-quarantined-files.txt 2011-06-02 17:28
ComboFix2.txt 2011-06-02 14:42
.
Pre-Run: 114 255 429 632 bytes free
Post-Run: 113 930 792 960 bytes free
.
- - End Of File - - 3166B96E21C03C7E0FFA347BAAFE4D49