Nod hlásil 4 vírusy, tak či náhodou niečo nezostalo v pc...
Logfile of random's system information tool 1.09 (written by random/random)
Run by mruskovicova at 2011-09-29 22:12:47
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 119 GB (78%) free of 153 GB
Total RAM: 2935 MB (77% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:12:53, on 29. 9. 2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\DOCUME~1\MRUSKO~1\LOCALS~1\Temp\x30811.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\mruskovicova\Desktop\RSIT.exe
C:\Program Files\trend micro\mruskovicova.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: stepx2.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6443926109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6443976328
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - http://content.systemrequirementslab.co ... .3.1.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = home.koratex.sk
O17 - HKLM\Software\..\Telephony: DomainName = home.koratex.sk
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F04A1A9-D8BB-4BE2-A900-A8D86F7BFF4A}: NameServer = 192.168.14.226,192.168.14.224,195.168.13.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAFCC21F-0F2B-4801-990D-79A61911C235}: Domain = home.koratex.sk
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAFCC21F-0F2B-4801-990D-79A61911C235}: NameServer = 192.168.14.224
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = home.koratex.sk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = home.koratex.sk,koratex.sk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = home.koratex.sk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = home.koratex.sk,koratex.sk
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
--
End of file - 7377 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\DriverNavigator Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{4AAAF1FA-996C-4ABB-A06F-199C5E85381A}.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\mruskovicova\Application Data\Mozilla\Firefox\Profiles\y7m59hl2.default
prefs.js - "browser.startup.homepage" - "www.google.sk"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {20a82645-c095-46ed-80e3-08825760534b}:1.1, jqs@sun.com:1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.2.9&q="
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
npwachk.dll
C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml
C:\Documents and Settings\mruskovicova\Application Data\Mozilla\Firefox\Profiles\y7m59hl2.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
C:\Documents and Settings\mruskovicova\Application Data\Mozilla\Firefox\Profiles\y7m59hl2.default\searchplugins\
icqplugin.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-15 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-07-15 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2010-04-22 170008]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-11-08 2219184]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 169984]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
C:\Program Files\Atheros\ACU.exe [2010-01-09 471129]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2009-08-31 143360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-03-10 1697064]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
C:\WINDOWS\system32\TDispVol.exe [2009-04-24 208896]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2010-04-27 389120]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-10-06 1294136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSODDCtl]
C:\WINDOWS\system32\TPSODDCtl.exe [2009-12-16 122880]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWebCamera]
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2010-02-24 2454840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2011-07-11 74752]
C:\Documents and Settings\mruskovicova\Start Menu\Programs\Startup
stepx2.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2010-04-19 214016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe"="C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine"
"C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"="C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe:*:Disabled:ConfigFree(TM) Tray"
"C:\Program Files\ICQ7.6\ICQ.exe"="C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe"="C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Disabled:ConfigFree SUMMIT Engine"
"C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"="C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe:*:Disabled:ConfigFree(TM) Tray"
"C:\Program Files\Cisco Systems\ASDM\asdm-launcher.exe"="C:\Program Files\Cisco Systems\ASDM\asdm-launcher.exe:*:Enabled:asdm-launcher"
"C:\Program Files\ICQ7.6\ICQ.exe"="C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSACM.CTRXAUD"=ctrxaud.acm
"VIDC.CTRX"=ctrxvid.drv
======List of files/folders created in the last 1 month======
2011-09-29 22:12:47 ----D---- C:\rsit
2011-09-27 21:05:10 ----A---- C:\Documents and Settings\mruskovicova\Application Data\10.exe
2011-09-27 19:40:52 ----A---- C:\Documents and Settings\mruskovicova\Application Data\124.exe
2011-09-27 17:03:54 ----A---- C:\Documents and Settings\mruskovicova\Application Data\9.exe
2011-09-26 19:30:48 ----A---- C:\Documents and Settings\mruskovicova\Application Data\E.exe
2011-09-26 07:40:12 ----A---- C:\Documents and Settings\mruskovicova\Application Data\335.exe
2011-09-25 21:06:13 ----A---- C:\Documents and Settings\mruskovicova\Application Data\254F.exe
2011-09-25 20:31:41 ----A---- C:\Documents and Settings\mruskovicova\Application Data\1F13.exe
2011-09-16 11:36:47 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2011-09-16 11:36:46 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2011-09-16 11:36:39 ----D---- C:\WINDOWS\Logs
2011-09-16 11:36:31 ----D---- C:\Program Files\Winamp Detect
2011-09-16 11:36:21 ----N---- C:\WINDOWS\system32\pxwma.dll
2011-09-16 11:36:21 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2011-09-16 11:36:21 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2011-09-16 11:22:08 ----D---- C:\WINDOWS\RegisteredPackages
2011-09-16 11:21:29 ----N---- C:\WINDOWS\system32\pxsfs.dll
2011-09-16 11:21:29 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2011-09-16 11:21:29 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2011-09-16 11:21:29 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2011-09-16 11:21:29 ----N---- C:\WINDOWS\system32\pxafs.dll
2011-09-16 11:21:29 ----N---- C:\WINDOWS\system32\drivers\PxHelp20.sys
2011-09-16 11:21:29 ----N---- C:\WINDOWS\system32\drivers\cdralw2k.sys
2011-09-16 11:21:29 ----N---- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2011-09-16 11:21:28 ----N---- C:\WINDOWS\system32\vxblock.dll
2011-09-16 11:21:28 ----N---- C:\WINDOWS\system32\pxwave.dll
2011-09-16 11:21:28 ----N---- C:\WINDOWS\system32\pxmas.dll
2011-09-16 11:21:28 ----N---- C:\WINDOWS\system32\pxdrv.dll
2011-09-16 11:21:28 ----N---- C:\WINDOWS\system32\px.dll
2011-09-16 11:21:26 ----D---- C:\Program Files\Winamp
2011-09-16 11:21:26 ----D---- C:\Documents and Settings\mruskovicova\Application Data\Winamp
2011-09-15 19:01:36 ----D---- C:\Program Files\ICQ6Toolbar
2011-09-15 19:01:32 ----D---- C:\Documents and Settings\All Users\Application Data\ICQ
2011-09-15 19:00:41 ----D---- C:\Documents and Settings\mruskovicova\Application Data\ICQ
2011-09-15 19:00:31 ----D---- C:\Program Files\ICQ7.6
2011-09-15 10:05:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2616676$
2011-09-15 10:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$
2011-09-15 09:13:52 ----D---- C:\Documents and Settings\mruskovicova\Application Data\TeamViewer
2011-09-08 11:55:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2607712$
======List of files/folders modified in the last 1 month======
2011-09-29 22:12:48 ----D---- C:\Program Files\trend micro
2011-09-29 22:12:47 ----D---- C:\WINDOWS\Temp
2011-09-29 22:11:10 ----A---- C:\WINDOWS\concentr.ini
2011-09-29 21:46:25 ----A---- C:\WINDOWS\webica.ini
2011-09-29 21:46:23 ----A---- C:\WFCNAME.INI
2011-09-29 21:46:14 ----D---- C:\WINDOWS\system32\CatRoot2
2011-09-29 21:43:02 ----D---- C:\WINDOWS\system32
2011-09-29 21:43:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-09-29 21:38:30 ----A---- C:\WINDOWS\win.ini
2011-09-29 21:38:30 ----A---- C:\WINDOWS\system.ini
2011-09-29 21:38:25 ----D---- C:\WINDOWS\system32\ias
2011-09-29 21:38:18 ----A---- C:\WINDOWS\system32\log.txt
2011-09-29 21:36:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-09-29 21:13:01 ----D---- C:\ZALOHOVE FA
2011-09-29 21:08:10 ----D---- C:\temp
2011-09-29 16:58:46 ----D---- C:\WINDOWS\security
2011-09-29 10:27:06 ----D---- C:\WINDOWS\Prefetch
2011-09-29 10:27:01 ----A---- C:\WINDOWS\system32\MRT.exe
2011-09-29 07:59:16 ----D---- C:\Program Files\Mozilla Firefox
2011-09-25 20:57:05 ----HD---- C:\WINDOWS\inf
2011-09-17 16:12:08 ----D---- C:\WINDOWS
2011-09-17 10:00:27 ----D---- C:\WINDOWS\system32\dllcache
2011-09-17 10:00:27 ----D---- C:\WINDOWS\system32\CatRoot
2011-09-16 11:39:27 ----D---- C:\Program Files\The KMPlayer
2011-09-16 11:36:48 ----D---- C:\WINDOWS\system32\DirectX
2011-09-16 11:36:31 ----RD---- C:\Program Files
2011-09-16 11:22:32 ----D---- C:\Program Files\Windows Media Player
2011-09-16 11:22:29 ----D---- C:\WINDOWS\system32\drivers
2011-09-15 19:01:34 ----HD---- C:\Program Files\InstallShield Installation Information
2011-09-15 17:05:16 ----SHD---- C:\WINDOWS\CSC
2011-09-15 10:05:39 ----SHD---- C:\WINDOWS\Installer
2011-09-15 10:05:37 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2011-09-15 10:05:06 ----HD---- C:\WINDOWS\$hf_mig$
2011-09-15 10:02:36 ----A---- C:\WINDOWS\imsins.BAK
2011-09-14 14:11:20 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
2011-09-14 13:59:31 ----A---- C:\WINDOWS\E220AutoRunLog.tmp
2011-09-14 12:44:42 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2011-09-09 11:12:13 ----A---- C:\WINDOWS\system32\crypt32.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-08-03 95896]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-07-09 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-07-09 55936]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2009-09-30 1585728]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAU32.sys [2010-02-23 1766968]
R3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 FwLnk;FwLnk Driver; C:\WINDOWS\system32\DRIVERS\FwLnk.sys [2007-04-04 5888]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2009-09-17 41088]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2010-04-19 1988608]
R3 Impcd;Impcd; C:\WINDOWS\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2010-03-04 60456]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-14 163584]
R3 PGEffect;Pangu effect driver; C:\WINDOWS\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2010-03-10 242864]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2009-03-16 58208]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth Modem Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2006-10-30 88960]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 n558;N558 Bluetooth USB Filter Driver; C:\WINDOWS\System32\Drivers\n558.sys [2007-08-15 9600]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RtsUStor.sys [2010-04-15 191008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 Tosrfcom;Tosrfcom; C:\WINDOWS\system32\drivers\Tosrfcom.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2010-01-09 499797]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-07-16 1524512]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-11-08 810144]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-07-15 153376]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-12-09 268824]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2010-03-12 34816]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-11-08 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TMachInfo;TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119508
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Máte min. 1 šmejda. Poprosím o log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu
ComboFix 11-09-30.02 - mruskovicova . 09. 2011 13:40:20.1.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2935.2501 [GMT 2:00]
Running from: c:\documents and settings\mruskovicova\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Admin\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\administrator\WINDOWS
c:\documents and settings\izacky\WINDOWS
c:\documents and settings\mruskovicova\Application Data\10.exe
c:\documents and settings\mruskovicova\Application Data\124.exe
c:\documents and settings\mruskovicova\Application Data\1F13.exe
c:\documents and settings\mruskovicova\Application Data\254F.exe
c:\documents and settings\mruskovicova\Application Data\335.exe
c:\documents and settings\mruskovicova\Application Data\9.exe
c:\documents and settings\mruskovicova\Application Data\E.exe
c:\documents and settings\mruskovicova\Application Data\Eej8FIL7gEh7
c:\documents and settings\mruskovicova\Start Menu\Programs\Startup\stepx2.exe
c:\program files\Internet Explorer\SET51C.tmp
c:\program files\Internet Explorer\SET51D.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-30 )))))))))))))))))))))))))))))))
.
.
2011-09-30 11:45 . 2011-09-30 11:45 -------- d-----w- c:\windows\system32\xircom
2011-09-30 11:45 . 2011-09-30 11:45 -------- d-----w- c:\windows\system32\wbem\snmp
2011-09-29 20:12 . 2011-09-29 20:12 -------- d-----w- C:\rsit
2011-09-25 18:57 . 2011-09-25 18:57 -------- d-----w- c:\documents and settings\mruskovicova\Local Settings\Application Data\ESET
2011-09-16 09:36 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-09-16 09:36 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-09-16 09:36 . 2011-09-16 09:36 -------- d-----w- c:\windows\Logs
2011-09-16 09:36 . 2011-09-16 09:36 -------- d-----w- c:\program files\Winamp Detect
2011-09-16 09:36 . 2011-03-04 19:44 59888 ------w- c:\windows\system32\pxwma.dll
2011-09-16 09:36 . 2011-03-04 19:44 126448 ------w- c:\windows\system32\pxinsi64.exe
2011-09-16 09:36 . 2011-03-04 19:44 123888 ------w- c:\windows\system32\pxcpyi64.exe
2011-09-16 09:22 . 2005-01-28 11:44 819200 ----a-w- c:\program files\Windows Media Player\wmsetsdk.exe
2011-09-16 09:22 . 2005-01-28 11:44 47616 ----a-w- c:\program files\Windows Media Player\msoobci.dll
2011-09-15 17:01 . 2011-09-15 17:01 -------- d-----w- c:\program files\ICQ6Toolbar
2011-09-15 17:01 . 2011-09-15 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2011-09-15 17:00 . 2011-09-16 07:53 -------- d-----w- c:\documents and settings\mruskovicova\Application Data\ICQ
2011-09-15 17:00 . 2011-09-17 21:34 -------- d-----w- c:\program files\ICQ7.6
2011-09-15 07:13 . 2011-09-15 07:13 -------- d-----w- c:\documents and settings\mruskovicova\Application Data\TeamViewer
2011-09-07 10:42 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-14 11:59 . 2011-07-15 12:20 7483 ----a-w- c:\windows\E220AutoRunLog.tmp
2011-09-09 09:12 . 2008-04-14 03:41 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-10 20:32 . 2011-07-15 12:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2008-04-13 22:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-15 13:17 . 2011-07-15 13:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-15 13:17 . 2011-07-15 13:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-15 13:07 . 2011-07-15 13:07 318464 ----a-w- C:\asdm50-install.msi
2011-07-08 14:02 . 2008-04-13 22:27 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-09-30 11:29 . 2011-08-03 20:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 170008]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-08 2219184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
2010-01-09 14:22 471129 ----a-w- c:\program files\Atheros\ACU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 01:42 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2009-08-31 12:21 143360 ----a-w- c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-03-10 16:49 1697064 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
2009-04-24 15:27 208896 ----a-w- c:\windows\system32\TDispVol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
2010-04-27 10:16 389120 ----a-w- c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2009-10-06 07:23 1294136 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSODDCtl]
2009-12-16 13:11 122880 ----a-w- c:\windows\system32\TPSODDCtl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWebCamera]
2010-02-23 23:54 2454840 ----a-w- c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29. 7. 2010 13:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3. 8. 2010 13:28 95896]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [8. 11. 2010 10:50 810144]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [7. 10. 2010 12:23 2320920]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [7. 10. 2010 10:57 5888]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [7. 10. 2010 13:36 125696]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4. 3. 2010 17:53 60456]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [7. 10. 2010 11:12 24064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 13:16 130384]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [7. 10. 2010 10:56 191008]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [7. 10. 2010 12:24 51512]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14. 4. 2008 5:42 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-11 c:\windows\Tasks\DriverNavigator Scheduled Scan.job
- c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2011-06-11 15:47]
.
2011-09-30 c:\windows\Tasks\User_Feed_Synchronization-{4AAAF1FA-996C-4ABB-A06F-199C5E85381A}.job
- c:\windows\system32\msfeedssync.exe [2008-07-09 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 10.0.0.1 195.146.128.62
TCP: Interfaces\{8F04A1A9-D8BB-4BE2-A900-A8D86F7BFF4A}: NameServer = 192.168.14.226,192.168.14.224,195.168.13.26
FF - ProfilePath - c:\documents and settings\mruskovicova\Application Data\Mozilla\Firefox\Profiles\y7m59hl2.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-NDSTray - NDSTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-30 13:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3284)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2011-09-30 13:48:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-30 11:48
.
Pre-Run: 124 754 993 152 bytes free
Post-Run: 125 296 431 104 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 78D0EEF3ECDCF9360AB86F159245062E
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2935.2501 [GMT 2:00]
Running from: c:\documents and settings\mruskovicova\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Admin\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\administrator\WINDOWS
c:\documents and settings\izacky\WINDOWS
c:\documents and settings\mruskovicova\Application Data\10.exe
c:\documents and settings\mruskovicova\Application Data\124.exe
c:\documents and settings\mruskovicova\Application Data\1F13.exe
c:\documents and settings\mruskovicova\Application Data\254F.exe
c:\documents and settings\mruskovicova\Application Data\335.exe
c:\documents and settings\mruskovicova\Application Data\9.exe
c:\documents and settings\mruskovicova\Application Data\E.exe
c:\documents and settings\mruskovicova\Application Data\Eej8FIL7gEh7
c:\documents and settings\mruskovicova\Start Menu\Programs\Startup\stepx2.exe
c:\program files\Internet Explorer\SET51C.tmp
c:\program files\Internet Explorer\SET51D.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-30 )))))))))))))))))))))))))))))))
.
.
2011-09-30 11:45 . 2011-09-30 11:45 -------- d-----w- c:\windows\system32\xircom
2011-09-30 11:45 . 2011-09-30 11:45 -------- d-----w- c:\windows\system32\wbem\snmp
2011-09-29 20:12 . 2011-09-29 20:12 -------- d-----w- C:\rsit
2011-09-25 18:57 . 2011-09-25 18:57 -------- d-----w- c:\documents and settings\mruskovicova\Local Settings\Application Data\ESET
2011-09-16 09:36 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-09-16 09:36 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-09-16 09:36 . 2011-09-16 09:36 -------- d-----w- c:\windows\Logs
2011-09-16 09:36 . 2011-09-16 09:36 -------- d-----w- c:\program files\Winamp Detect
2011-09-16 09:36 . 2011-03-04 19:44 59888 ------w- c:\windows\system32\pxwma.dll
2011-09-16 09:36 . 2011-03-04 19:44 126448 ------w- c:\windows\system32\pxinsi64.exe
2011-09-16 09:36 . 2011-03-04 19:44 123888 ------w- c:\windows\system32\pxcpyi64.exe
2011-09-16 09:22 . 2005-01-28 11:44 819200 ----a-w- c:\program files\Windows Media Player\wmsetsdk.exe
2011-09-16 09:22 . 2005-01-28 11:44 47616 ----a-w- c:\program files\Windows Media Player\msoobci.dll
2011-09-15 17:01 . 2011-09-15 17:01 -------- d-----w- c:\program files\ICQ6Toolbar
2011-09-15 17:01 . 2011-09-15 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2011-09-15 17:00 . 2011-09-16 07:53 -------- d-----w- c:\documents and settings\mruskovicova\Application Data\ICQ
2011-09-15 17:00 . 2011-09-17 21:34 -------- d-----w- c:\program files\ICQ7.6
2011-09-15 07:13 . 2011-09-15 07:13 -------- d-----w- c:\documents and settings\mruskovicova\Application Data\TeamViewer
2011-09-07 10:42 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-14 11:59 . 2011-07-15 12:20 7483 ----a-w- c:\windows\E220AutoRunLog.tmp
2011-09-09 09:12 . 2008-04-14 03:41 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-10 20:32 . 2011-07-15 12:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2008-04-13 22:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-15 13:17 . 2011-07-15 13:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-15 13:17 . 2011-07-15 13:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-15 13:07 . 2011-07-15 13:07 318464 ----a-w- C:\asdm50-install.msi
2011-07-08 14:02 . 2008-04-13 22:27 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-09-30 11:29 . 2011-08-03 20:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 170008]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-08 2219184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
2010-01-09 14:22 471129 ----a-w- c:\program files\Atheros\ACU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 01:42 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2009-08-31 12:21 143360 ----a-w- c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-03-10 16:49 1697064 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
2009-04-24 15:27 208896 ----a-w- c:\windows\system32\TDispVol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
2010-04-27 10:16 389120 ----a-w- c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2009-10-06 07:23 1294136 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSODDCtl]
2009-12-16 13:11 122880 ----a-w- c:\windows\system32\TPSODDCtl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWebCamera]
2010-02-23 23:54 2454840 ----a-w- c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29. 7. 2010 13:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3. 8. 2010 13:28 95896]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [8. 11. 2010 10:50 810144]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [7. 10. 2010 12:23 2320920]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [7. 10. 2010 10:57 5888]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [7. 10. 2010 13:36 125696]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4. 3. 2010 17:53 60456]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [7. 10. 2010 11:12 24064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 13:16 130384]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [7. 10. 2010 10:56 191008]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [7. 10. 2010 12:24 51512]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14. 4. 2008 5:42 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-11 c:\windows\Tasks\DriverNavigator Scheduled Scan.job
- c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2011-06-11 15:47]
.
2011-09-30 c:\windows\Tasks\User_Feed_Synchronization-{4AAAF1FA-996C-4ABB-A06F-199C5E85381A}.job
- c:\windows\system32\msfeedssync.exe [2008-07-09 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 10.0.0.1 195.146.128.62
TCP: Interfaces\{8F04A1A9-D8BB-4BE2-A900-A8D86F7BFF4A}: NameServer = 192.168.14.226,192.168.14.224,195.168.13.26
FF - ProfilePath - c:\documents and settings\mruskovicova\Application Data\Mozilla\Firefox\Profiles\y7m59hl2.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-NDSTray - NDSTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-30 13:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3284)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2011-09-30 13:48:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-30 11:48
.
Pre-Run: 124 754 993 152 bytes free
Post-Run: 125 296 431 104 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 78D0EEF3ECDCF9360AB86F159245062E
-
Rudy
- Site Admin
- Příspěvky: 119508
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Po této akci bych doporučil odinstalovat ICQToolbar.
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Firefox::
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.2.9&q=
Po této akci bych doporučil odinstalovat ICQToolbar.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu
ComboFix 11-09-30.05 - mruskovicova . 09. 2011 21:20:31.2.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2935.2382 [GMT 2:00]
Running from: c:\documents and settings\mruskovicova\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mruskovicova\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-30 )))))))))))))))))))))))))))))))
.
.
2011-09-30 11:52 . 2011-09-30 11:52 -------- d-----w- c:\documents and settings\mruskovicova\Application Data\Easeware
2011-09-30 11:45 . 2011-09-30 11:45 -------- d-----w- c:\windows\system32\xircom
2011-09-30 11:45 . 2011-09-30 11:45 -------- d-----w- c:\windows\system32\wbem\snmp
2011-09-30 11:45 . 2011-09-30 11:45 -------- d-----w- c:\program files\microsoft frontpage
2011-09-29 20:12 . 2011-09-29 20:12 -------- d-----w- C:\rsit
2011-09-25 18:57 . 2011-09-25 18:57 -------- d-----w- c:\documents and settings\mruskovicova\Local Settings\Application Data\ESET
2011-09-16 09:36 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-09-16 09:36 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-09-16 09:36 . 2011-09-16 09:36 -------- d-----w- c:\windows\Logs
2011-09-16 09:36 . 2011-03-04 19:44 59888 ------w- c:\windows\system32\pxwma.dll
2011-09-16 09:36 . 2011-03-04 19:44 126448 ------w- c:\windows\system32\pxinsi64.exe
2011-09-16 09:36 . 2011-03-04 19:44 123888 ------w- c:\windows\system32\pxcpyi64.exe
2011-09-16 09:22 . 2005-01-28 11:44 819200 ----a-w- c:\program files\Windows Media Player\wmsetsdk.exe
2011-09-16 09:22 . 2005-01-28 11:44 47616 ----a-w- c:\program files\Windows Media Player\msoobci.dll
2011-09-15 17:01 . 2011-09-15 17:01 -------- d-----w- c:\program files\ICQ6Toolbar
2011-09-15 17:01 . 2011-09-15 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2011-09-15 17:00 . 2011-09-16 07:53 -------- d-----w- c:\documents and settings\mruskovicova\Application Data\ICQ
2011-09-15 17:00 . 2011-09-17 21:34 -------- d-----w- c:\program files\ICQ7.6
2011-09-15 07:13 . 2011-09-15 07:13 -------- d-----w- c:\documents and settings\mruskovicova\Application Data\TeamViewer
2011-09-07 10:42 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-14 11:59 . 2011-07-15 12:20 7483 ----a-w- c:\windows\E220AutoRunLog.tmp
2011-09-09 09:12 . 2008-04-14 03:41 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-10 20:32 . 2011-07-15 12:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2008-04-13 22:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-15 13:17 . 2011-07-15 13:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-15 13:17 . 2011-07-15 13:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-15 13:07 . 2011-07-15 13:07 318464 ----a-w- C:\asdm50-install.msi
2011-07-08 14:02 . 2008-04-13 22:27 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-09-30 11:29 . 2011-08-03 20:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-30_11.46.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-30 19:13 . 2011-09-30 19:13 16384 c:\windows\Temp\Perflib_Perfdata_6f0.dat
+ 2008-07-09 07:26 . 2011-09-30 19:17 88734 c:\windows\system32\perfc009.dat
- 2008-07-09 07:26 . 2011-09-30 11:32 88734 c:\windows\system32\perfc009.dat
+ 2008-07-09 07:26 . 2011-09-30 19:17 505270 c:\windows\system32\perfh009.dat
- 2008-07-09 07:26 . 2011-09-30 11:32 505270 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 170008]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-08 2219184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
2010-01-09 14:22 471129 ----a-w- c:\program files\Atheros\ACU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 01:42 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2009-08-31 12:21 143360 ----a-w- c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-03-10 16:49 1697064 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
2009-04-24 15:27 208896 ----a-w- c:\windows\system32\TDispVol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
2010-04-27 10:16 389120 ----a-w- c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2009-10-06 07:23 1294136 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSODDCtl]
2009-12-16 13:11 122880 ----a-w- c:\windows\system32\TPSODDCtl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWebCamera]
2010-02-23 23:54 2454840 ----a-w- c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29. 7. 2010 13:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3. 8. 2010 13:28 95896]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [8. 11. 2010 10:50 810144]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [7. 10. 2010 12:23 2320920]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [7. 10. 2010 10:57 5888]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [7. 10. 2010 13:36 125696]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4. 3. 2010 17:53 60456]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [7. 10. 2010 11:12 24064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 13:16 130384]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [7. 10. 2010 10:56 191008]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [7. 10. 2010 12:24 51512]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14. 4. 2008 5:42 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-11 c:\windows\Tasks\DriverNavigator Scheduled Scan.job
- c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2011-06-11 15:47]
.
2011-09-30 c:\windows\Tasks\User_Feed_Synchronization-{4AAAF1FA-996C-4ABB-A06F-199C5E85381A}.job
- c:\windows\system32\msfeedssync.exe [2008-07-09 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 10.0.0.1 195.146.128.62
TCP: Interfaces\{8F04A1A9-D8BB-4BE2-A900-A8D86F7BFF4A}: NameServer = 192.168.14.226,192.168.14.224,195.168.13.26
FF - ProfilePath - c:\documents and settings\mruskovicova\Application Data\Mozilla\Firefox\Profiles\y7m59hl2.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-30 21:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(972)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-09-30 21:26:12
ComboFix-quarantined-files.txt 2011-09-30 19:26
ComboFix2.txt 2011-09-30 11:48
.
Pre-Run: 128 045 498 368 bytes free
Post-Run: 17 adresárov, 128 033 411 072 voľných bajtov
.
- - End Of File - - 2DCCE7B9CC6EC88DA94C4B883BC80C91
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2935.2382 [GMT 2:00]
Running from: c:\documents and settings\mruskovicova\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mruskovicova\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-30 )))))))))))))))))))))))))))))))
.
.
2011-09-30 11:52 . 2011-09-30 11:52 -------- d-----w- c:\documents and settings\mruskovicova\Application Data\Easeware
2011-09-30 11:45 . 2011-09-30 11:45 -------- d-----w- c:\windows\system32\xircom
2011-09-30 11:45 . 2011-09-30 11:45 -------- d-----w- c:\windows\system32\wbem\snmp
2011-09-30 11:45 . 2011-09-30 11:45 -------- d-----w- c:\program files\microsoft frontpage
2011-09-29 20:12 . 2011-09-29 20:12 -------- d-----w- C:\rsit
2011-09-25 18:57 . 2011-09-25 18:57 -------- d-----w- c:\documents and settings\mruskovicova\Local Settings\Application Data\ESET
2011-09-16 09:36 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-09-16 09:36 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-09-16 09:36 . 2011-09-16 09:36 -------- d-----w- c:\windows\Logs
2011-09-16 09:36 . 2011-03-04 19:44 59888 ------w- c:\windows\system32\pxwma.dll
2011-09-16 09:36 . 2011-03-04 19:44 126448 ------w- c:\windows\system32\pxinsi64.exe
2011-09-16 09:36 . 2011-03-04 19:44 123888 ------w- c:\windows\system32\pxcpyi64.exe
2011-09-16 09:22 . 2005-01-28 11:44 819200 ----a-w- c:\program files\Windows Media Player\wmsetsdk.exe
2011-09-16 09:22 . 2005-01-28 11:44 47616 ----a-w- c:\program files\Windows Media Player\msoobci.dll
2011-09-15 17:01 . 2011-09-15 17:01 -------- d-----w- c:\program files\ICQ6Toolbar
2011-09-15 17:01 . 2011-09-15 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2011-09-15 17:00 . 2011-09-16 07:53 -------- d-----w- c:\documents and settings\mruskovicova\Application Data\ICQ
2011-09-15 17:00 . 2011-09-17 21:34 -------- d-----w- c:\program files\ICQ7.6
2011-09-15 07:13 . 2011-09-15 07:13 -------- d-----w- c:\documents and settings\mruskovicova\Application Data\TeamViewer
2011-09-07 10:42 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-14 11:59 . 2011-07-15 12:20 7483 ----a-w- c:\windows\E220AutoRunLog.tmp
2011-09-09 09:12 . 2008-04-14 03:41 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-10 20:32 . 2011-07-15 12:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2008-04-13 22:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-15 13:17 . 2011-07-15 13:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-15 13:17 . 2011-07-15 13:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-15 13:07 . 2011-07-15 13:07 318464 ----a-w- C:\asdm50-install.msi
2011-07-08 14:02 . 2008-04-13 22:27 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-09-30 11:29 . 2011-08-03 20:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-30_11.46.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-30 19:13 . 2011-09-30 19:13 16384 c:\windows\Temp\Perflib_Perfdata_6f0.dat
+ 2008-07-09 07:26 . 2011-09-30 19:17 88734 c:\windows\system32\perfc009.dat
- 2008-07-09 07:26 . 2011-09-30 11:32 88734 c:\windows\system32\perfc009.dat
+ 2008-07-09 07:26 . 2011-09-30 19:17 505270 c:\windows\system32\perfh009.dat
- 2008-07-09 07:26 . 2011-09-30 11:32 505270 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 170008]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-08 2219184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
2010-01-09 14:22 471129 ----a-w- c:\program files\Atheros\ACU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 01:42 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2009-08-31 12:21 143360 ----a-w- c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-03-10 16:49 1697064 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
2009-04-24 15:27 208896 ----a-w- c:\windows\system32\TDispVol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
2010-04-27 10:16 389120 ----a-w- c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2009-10-06 07:23 1294136 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSODDCtl]
2009-12-16 13:11 122880 ----a-w- c:\windows\system32\TPSODDCtl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWebCamera]
2010-02-23 23:54 2454840 ----a-w- c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29. 7. 2010 13:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3. 8. 2010 13:28 95896]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [8. 11. 2010 10:50 810144]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [7. 10. 2010 12:23 2320920]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [7. 10. 2010 10:57 5888]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [7. 10. 2010 13:36 125696]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4. 3. 2010 17:53 60456]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [7. 10. 2010 11:12 24064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 13:16 130384]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [7. 10. 2010 10:56 191008]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [7. 10. 2010 12:24 51512]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14. 4. 2008 5:42 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-11 c:\windows\Tasks\DriverNavigator Scheduled Scan.job
- c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2011-06-11 15:47]
.
2011-09-30 c:\windows\Tasks\User_Feed_Synchronization-{4AAAF1FA-996C-4ABB-A06F-199C5E85381A}.job
- c:\windows\system32\msfeedssync.exe [2008-07-09 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 10.0.0.1 195.146.128.62
TCP: Interfaces\{8F04A1A9-D8BB-4BE2-A900-A8D86F7BFF4A}: NameServer = 192.168.14.226,192.168.14.224,195.168.13.26
FF - ProfilePath - c:\documents and settings\mruskovicova\Application Data\Mozilla\Firefox\Profiles\y7m59hl2.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-30 21:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(972)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-09-30 21:26:12
ComboFix-quarantined-files.txt 2011-09-30 19:26
ComboFix2.txt 2011-09-30 11:48
.
Pre-Run: 128 045 498 368 bytes free
Post-Run: 17 adresárov, 128 033 411 072 voľných bajtov
.
- - End Of File - - 2DCCE7B9CC6EC88DA94C4B883BC80C91
-
Rudy
- Site Admin
- Příspěvky: 119508
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Ještě jednou spusťte CF tímto skriptem:
Doporučuji odinstalovat ICQToolbar.Collect::
c:\windows\E220AutoRunLog.tmp
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu
ComboFix 11-09-30.05 - mruskovicova . 09. 2011 21:48:36.3.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2935.2304 [GMT 2:00]
Running from: c:\documents and settings\mruskovicova\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mruskovicova\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
file zipped: c:\windows\E220AutoRunLog.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\E220AutoRunLog.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-30 )))))))))))))))))))))))))))))))
.
.
2011-09-30 11:52 . 2011-09-30 11:52 -------- d-----w- c:\documents and settings\mruskovicova\Application Data\Easeware
2011-09-30 11:45 . 2011-09-30 11:45 -------- d-----w- c:\windows\system32\xircom
2011-09-30 11:45 . 2011-09-30 11:45 -------- d-----w- c:\windows\system32\wbem\snmp
2011-09-30 11:45 . 2011-09-30 11:45 -------- d-----w- c:\program files\microsoft frontpage
2011-09-29 20:12 . 2011-09-29 20:12 -------- d-----w- C:\rsit
2011-09-25 18:57 . 2011-09-25 18:57 -------- d-----w- c:\documents and settings\mruskovicova\Local Settings\Application Data\ESET
2011-09-16 09:36 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-09-16 09:36 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-09-16 09:36 . 2011-09-16 09:36 -------- d-----w- c:\windows\Logs
2011-09-16 09:36 . 2011-03-04 19:44 59888 ------w- c:\windows\system32\pxwma.dll
2011-09-16 09:36 . 2011-03-04 19:44 126448 ------w- c:\windows\system32\pxinsi64.exe
2011-09-16 09:36 . 2011-03-04 19:44 123888 ------w- c:\windows\system32\pxcpyi64.exe
2011-09-16 09:22 . 2005-01-28 11:44 819200 ----a-w- c:\program files\Windows Media Player\wmsetsdk.exe
2011-09-16 09:22 . 2005-01-28 11:44 47616 ----a-w- c:\program files\Windows Media Player\msoobci.dll
2011-09-15 17:01 . 2011-09-15 17:01 -------- d-----w- c:\program files\ICQ6Toolbar
2011-09-15 17:01 . 2011-09-15 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2011-09-15 17:00 . 2011-09-16 07:53 -------- d-----w- c:\documents and settings\mruskovicova\Application Data\ICQ
2011-09-15 17:00 . 2011-09-17 21:34 -------- d-----w- c:\program files\ICQ7.6
2011-09-15 07:13 . 2011-09-15 07:13 -------- d-----w- c:\documents and settings\mruskovicova\Application Data\TeamViewer
2011-09-07 10:42 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2008-04-14 03:41 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-10 20:32 . 2011-07-15 12:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2008-04-13 22:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-15 13:17 . 2011-07-15 13:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-15 13:17 . 2011-07-15 13:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-15 13:07 . 2011-07-15 13:07 318464 ----a-w- C:\asdm50-install.msi
2011-07-08 14:02 . 2008-04-13 22:27 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-09-30 11:29 . 2011-08-03 20:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-30_11.46.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-30 19:52 . 2011-09-30 19:52 16384 c:\windows\Temp\Perflib_Perfdata_134.dat
+ 2008-07-09 07:26 . 2011-09-30 19:17 88734 c:\windows\system32\perfc009.dat
- 2008-07-09 07:26 . 2011-09-30 11:32 88734 c:\windows\system32\perfc009.dat
+ 2008-07-09 07:26 . 2011-09-30 19:17 505270 c:\windows\system32\perfh009.dat
- 2008-07-09 07:26 . 2011-09-30 11:32 505270 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 170008]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-08 2219184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
2010-01-09 14:22 471129 ----a-w- c:\program files\Atheros\ACU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 01:42 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2009-08-31 12:21 143360 ----a-w- c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-03-10 16:49 1697064 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
2009-04-24 15:27 208896 ----a-w- c:\windows\system32\TDispVol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
2010-04-27 10:16 389120 ----a-w- c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2009-10-06 07:23 1294136 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSODDCtl]
2009-12-16 13:11 122880 ----a-w- c:\windows\system32\TPSODDCtl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWebCamera]
2010-02-23 23:54 2454840 ----a-w- c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29. 7. 2010 13:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3. 8. 2010 13:28 95896]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [8. 11. 2010 10:50 810144]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [7. 10. 2010 12:23 2320920]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [7. 10. 2010 10:57 5888]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [7. 10. 2010 13:36 125696]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4. 3. 2010 17:53 60456]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [7. 10. 2010 11:12 24064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 13:16 130384]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [7. 10. 2010 10:56 191008]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [7. 10. 2010 12:24 51512]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14. 4. 2008 5:42 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-11 c:\windows\Tasks\DriverNavigator Scheduled Scan.job
- c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2011-06-11 15:47]
.
2011-09-30 c:\windows\Tasks\User_Feed_Synchronization-{4AAAF1FA-996C-4ABB-A06F-199C5E85381A}.job
- c:\windows\system32\msfeedssync.exe [2008-07-09 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 10.0.0.1 195.146.128.62
TCP: Interfaces\{8F04A1A9-D8BB-4BE2-A900-A8D86F7BFF4A}: NameServer = 192.168.14.226,192.168.14.224,195.168.13.26
FF - ProfilePath - c:\documents and settings\mruskovicova\Application Data\Mozilla\Firefox\Profiles\y7m59hl2.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-30 21:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3392)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2011-09-30 21:56:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-30 19:55
ComboFix2.txt 2011-09-30 19:26
ComboFix3.txt 2011-09-30 11:48
.
Pre-Run: 128 041 418 752 bytes free
Post-Run: 17 adresárov, 128 028 471 296 voľných bajtov
.
- - End Of File - - B8E7C9841D4809F5FA01DBA105C8D970
Upload was successful
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2935.2304 [GMT 2:00]
Running from: c:\documents and settings\mruskovicova\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mruskovicova\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
file zipped: c:\windows\E220AutoRunLog.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\E220AutoRunLog.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-30 )))))))))))))))))))))))))))))))
.
.
2011-09-30 11:52 . 2011-09-30 11:52 -------- d-----w- c:\documents and settings\mruskovicova\Application Data\Easeware
2011-09-30 11:45 . 2011-09-30 11:45 -------- d-----w- c:\windows\system32\xircom
2011-09-30 11:45 . 2011-09-30 11:45 -------- d-----w- c:\windows\system32\wbem\snmp
2011-09-30 11:45 . 2011-09-30 11:45 -------- d-----w- c:\program files\microsoft frontpage
2011-09-29 20:12 . 2011-09-29 20:12 -------- d-----w- C:\rsit
2011-09-25 18:57 . 2011-09-25 18:57 -------- d-----w- c:\documents and settings\mruskovicova\Local Settings\Application Data\ESET
2011-09-16 09:36 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-09-16 09:36 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-09-16 09:36 . 2011-09-16 09:36 -------- d-----w- c:\windows\Logs
2011-09-16 09:36 . 2011-03-04 19:44 59888 ------w- c:\windows\system32\pxwma.dll
2011-09-16 09:36 . 2011-03-04 19:44 126448 ------w- c:\windows\system32\pxinsi64.exe
2011-09-16 09:36 . 2011-03-04 19:44 123888 ------w- c:\windows\system32\pxcpyi64.exe
2011-09-16 09:22 . 2005-01-28 11:44 819200 ----a-w- c:\program files\Windows Media Player\wmsetsdk.exe
2011-09-16 09:22 . 2005-01-28 11:44 47616 ----a-w- c:\program files\Windows Media Player\msoobci.dll
2011-09-15 17:01 . 2011-09-15 17:01 -------- d-----w- c:\program files\ICQ6Toolbar
2011-09-15 17:01 . 2011-09-15 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2011-09-15 17:00 . 2011-09-16 07:53 -------- d-----w- c:\documents and settings\mruskovicova\Application Data\ICQ
2011-09-15 17:00 . 2011-09-17 21:34 -------- d-----w- c:\program files\ICQ7.6
2011-09-15 07:13 . 2011-09-15 07:13 -------- d-----w- c:\documents and settings\mruskovicova\Application Data\TeamViewer
2011-09-07 10:42 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2008-04-14 03:41 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-10 20:32 . 2011-07-15 12:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2008-04-13 22:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-15 13:17 . 2011-07-15 13:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-15 13:17 . 2011-07-15 13:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-15 13:07 . 2011-07-15 13:07 318464 ----a-w- C:\asdm50-install.msi
2011-07-08 14:02 . 2008-04-13 22:27 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-09-30 11:29 . 2011-08-03 20:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-30_11.46.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-30 19:52 . 2011-09-30 19:52 16384 c:\windows\Temp\Perflib_Perfdata_134.dat
+ 2008-07-09 07:26 . 2011-09-30 19:17 88734 c:\windows\system32\perfc009.dat
- 2008-07-09 07:26 . 2011-09-30 11:32 88734 c:\windows\system32\perfc009.dat
+ 2008-07-09 07:26 . 2011-09-30 19:17 505270 c:\windows\system32\perfh009.dat
- 2008-07-09 07:26 . 2011-09-30 11:32 505270 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 170008]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-08 2219184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
2010-01-09 14:22 471129 ----a-w- c:\program files\Atheros\ACU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 01:42 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2009-08-31 12:21 143360 ----a-w- c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-03-10 16:49 1697064 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
2009-04-24 15:27 208896 ----a-w- c:\windows\system32\TDispVol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
2010-04-27 10:16 389120 ----a-w- c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2009-10-06 07:23 1294136 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSODDCtl]
2009-12-16 13:11 122880 ----a-w- c:\windows\system32\TPSODDCtl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWebCamera]
2010-02-23 23:54 2454840 ----a-w- c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29. 7. 2010 13:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3. 8. 2010 13:28 95896]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [8. 11. 2010 10:50 810144]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [7. 10. 2010 12:23 2320920]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [7. 10. 2010 10:57 5888]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [7. 10. 2010 13:36 125696]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4. 3. 2010 17:53 60456]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [7. 10. 2010 11:12 24064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 13:16 130384]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [7. 10. 2010 10:56 191008]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [7. 10. 2010 12:24 51512]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14. 4. 2008 5:42 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-11 c:\windows\Tasks\DriverNavigator Scheduled Scan.job
- c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2011-06-11 15:47]
.
2011-09-30 c:\windows\Tasks\User_Feed_Synchronization-{4AAAF1FA-996C-4ABB-A06F-199C5E85381A}.job
- c:\windows\system32\msfeedssync.exe [2008-07-09 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 10.0.0.1 195.146.128.62
TCP: Interfaces\{8F04A1A9-D8BB-4BE2-A900-A8D86F7BFF4A}: NameServer = 192.168.14.226,192.168.14.224,195.168.13.26
FF - ProfilePath - c:\documents and settings\mruskovicova\Application Data\Mozilla\Firefox\Profiles\y7m59hl2.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-30 21:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3392)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2011-09-30 21:56:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-30 19:55
ComboFix2.txt 2011-09-30 19:26
ComboFix3.txt 2011-09-30 11:48
.
Pre-Run: 128 041 418 752 bytes free
Post-Run: 17 adresárov, 128 028 471 296 voľných bajtov
.
- - End Of File - - B8E7C9841D4809F5FA01DBA105C8D970
Upload was successful
-
Rudy
- Site Admin
- Příspěvky: 119508
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Log již vypadá čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu
čiže môžem odinštalovať combofix a prebehnúť t-cleanerom?
-
Rudy
- Site Admin
- Příspěvky: 119508
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu
Ano.Royksopp píše:čiže môžem odinštalovať combofix a prebehnúť t-cleanerom?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?