Moje milé detičky mi stiahli do pc trojana.Vymazal som ho so ST,následne avast 0,Nod 6 infiltrácií,MBM nič.Popritom sa zmodrá obrazovka-reštartuje sa a potom funguje ako tak ale spomalene.Tu je log RSIT Logfile of random's system information tool 1.06 (written by random/random)
Run by Martin Cigas at 2010-01-21 17:42:28
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 15 GB (49%) free of 30 GB
Total RAM: 767 MB (28% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:42:36, on 21.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Inštalačky\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Martin Cigas.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate1c9dfcc5ef5a890) (gupdate1c9dfcc5ef5a890) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 8051 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-10-16 333192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Toolbar Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-10-14 578928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-15 263280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-16 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_0.dll [2009-07-02 2215960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_0.dll [2009-07-02 2215960]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-15 263280]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - ZoneAlarm Spy Blocker Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-10-16 333192]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Toolbar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-10-14 578928]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"=C:\Program Files\VIA\RAID\raid_tool.exe [2005-04-26 589824]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-04-23 1817600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2003-10-07 548864]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-10-17 1037192]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2009-10-14 730480]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2009-04-17 95536]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-09-24 434176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe"="C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-01-21 17:01:16 ----A---- C:\Documents and Settings\All Users\Application Data\hpe4F.dll
2010-01-21 14:05:49 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-01-20 20:37:48 ----D---- C:\Program Files\ESET
2010-01-20 16:53:36 ----D---- C:\rsit
2010-01-17 22:21:52 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
2010-01-17 22:01:26 ----D---- C:\Documents and Settings\Martin Cigas\Application Data\CheckPoint
2010-01-17 22:00:39 ----D---- C:\Program Files\CheckPoint
2010-01-17 21:58:55 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2010-01-17 21:58:55 ----A---- C:\WINDOWS\system32\zlcomm.dll
2010-01-17 21:12:27 ----D---- C:\Documents and Settings\Martin Cigas\Application Data\MailFrontier
2010-01-17 21:07:20 ----D---- C:\Program Files\AskBarDis
2010-01-17 21:06:28 ----A---- C:\WINDOWS\zllsputility.exe
2010-01-17 21:06:05 ----A---- C:\WINDOWS\system32\vsregexp.dll
2010-01-17 21:05:53 ----A---- C:\WINDOWS\system32\vswmi.dll
2010-01-17 21:05:50 ----A---- C:\WINDOWS\system32\zpeng25.dll
2010-01-17 21:05:49 ----A---- C:\WINDOWS\system32\vsxml.dll
2010-01-17 21:05:48 ----D---- C:\WINDOWS\system32\ZoneLabs
2010-01-17 21:05:48 ----D---- C:\Program Files\Zone Labs
2010-01-17 21:05:48 ----A---- C:\WINDOWS\system32\vspubapi.dll
2010-01-17 21:05:48 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2010-01-17 21:04:30 ----A---- C:\WINDOWS\system32\vsdata.dll
2010-01-17 21:04:29 ----A---- C:\WINDOWS\system32\vsutil.dll
2010-01-17 21:04:29 ----A---- C:\WINDOWS\system32\vsinit.dll
2010-01-17 21:04:24 ----D---- C:\WINDOWS\Internet Logs
2010-01-15 15:12:23 ----D---- C:\Documents and Settings\Martin Cigas\Application Data\Mozilla
2010-01-15 14:34:04 ----SHD---- C:\RECYCLER
2010-01-14 21:14:23 ----A---- C:\Boot.bak
2010-01-14 21:14:20 ----RASHD---- C:\cmdcons
2010-01-14 21:09:07 ----A---- C:\WINDOWS\zip.exe
2010-01-14 21:09:07 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-14 21:09:07 ----A---- C:\WINDOWS\SWSC.exe
2010-01-14 21:09:07 ----A---- C:\WINDOWS\SWREG.exe
2010-01-14 21:09:07 ----A---- C:\WINDOWS\sed.exe
2010-01-14 21:09:07 ----A---- C:\WINDOWS\PEV.exe
2010-01-14 21:09:07 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-14 21:09:07 ----A---- C:\WINDOWS\MBR.exe
2010-01-14 21:09:07 ----A---- C:\WINDOWS\grep.exe
2010-01-14 21:08:59 ----D---- C:\WINDOWS\ERDNT
2010-01-14 18:14:36 ----D---- C:\Program Files\sunmedia
2010-01-13 22:14:48 ----D---- C:\Documents and Settings\Martin Cigas\Application Data\Malwarebytes
2010-01-13 22:14:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-13 22:14:35 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-13 16:10:52 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2010-01-13 16:10:51 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2010-01-13 16:10:50 ----D---- C:\Documents and Settings\Martin Cigas\Application Data\TuneUp Software
2010-01-13 16:10:07 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2010-01-13 16:09:52 ----D---- C:\Program Files\TuneUp Utilities 2008
2010-01-13 16:08:26 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-01-13 14:40:04 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 14:39:56 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-10 20:46:03 ----D---- C:\Program Files\Ubi Soft
2009-12-28 11:46:13 ----D---- C:\Program Files\iTeddy File Converter
2009-12-27 17:01:41 ----D---- C:\Documents and Settings\Martin Cigas\Application Data\Media Player Classic
2009-12-25 18:25:29 ----A---- C:\WINDOWS\MediaManager.INI
2009-12-25 10:36:48 ----SHD---- C:\WINDOWS\ftpcache
2009-12-25 10:36:18 ----A---- C:\WINDOWS\compedia.ini
2009-12-25 10:36:16 ----D---- C:\Documents and Settings\All Users\Application Data\Compedia
2009-12-25 10:06:17 ----A---- C:\WINDOWS\Star Assault Uninstaller.exe
2009-12-25 10:05:49 ----D---- C:\Program Files\Star Assault
2009-12-24 21:37:16 ----D---- C:\Documents and Settings\Martin Cigas\Application Data\DisneyMagicEnglish
2009-12-24 21:36:47 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
======List of files/folders modified in the last 1 months======
2010-01-21 17:42:37 ----D---- C:\WINDOWS\Prefetch
2010-01-21 17:36:49 ----D---- C:\Program Files\Mozilla Firefox
2010-01-21 17:31:29 ----D---- C:\Documents and Settings\Martin Cigas\Application Data\Skype
2010-01-21 17:31:20 ----D---- C:\Documents and Settings\Martin Cigas\Application Data\skypePM
2010-01-21 17:30:47 ----D---- C:\WINDOWS\Temp
2010-01-21 17:29:12 ----AD---- C:\WINDOWS
2010-01-21 17:28:20 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-21 17:28:15 ----D---- C:\WINDOWS\Minidump
2010-01-21 17:25:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-21 17:09:49 ----D---- C:\WINDOWS\system32\drivers
2010-01-21 17:07:30 ----HD---- C:\WINDOWS\inf
2010-01-21 17:04:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-21 17:04:47 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-01-21 17:01:57 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-21 17:00:54 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-21 17:00:54 ----D---- C:\Program Files\Sony Ericsson
2010-01-21 17:00:54 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2010-01-21 14:22:13 ----D---- C:\WINDOWS\system32
2010-01-21 14:05:18 ----SHD---- C:\WINDOWS\Installer
2010-01-21 12:13:06 ----D---- C:\Documents and Settings\Martin Cigas\Application Data\Spyware Terminator
2010-01-21 12:12:33 ----D---- C:\Program Files\Spyware Terminator
2010-01-20 20:37:48 ----RD---- C:\Program Files
2010-01-20 16:06:26 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2010-01-19 21:28:51 ----D---- C:\Documents and Settings\Martin Cigas\Application Data\Vso
2010-01-17 23:50:18 ----D---- C:\WINDOWS\Debug
2010-01-17 22:00:17 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-17 21:04:28 ----D---- C:\WINDOWS\WinSxS
2010-01-17 08:59:38 ----D---- C:\Program Files\Common Files
2010-01-16 20:40:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
2010-01-14 23:06:01 ----A---- C:\WINDOWS\system.ini
2010-01-14 23:04:19 ----D---- C:\WINDOWS\AppPatch
2010-01-14 21:24:25 ----SD---- C:\WINDOWS\Tasks
2010-01-14 21:19:33 ----D---- C:\WINDOWS\system32\config
2010-01-14 21:14:23 ----RASH---- C:\boot.ini
2010-01-14 18:13:55 ----D---- C:\WINDOWS\Logs
2010-01-13 22:51:19 ----D---- C:\WINDOWS\RegisteredPackages
2010-01-13 16:09:07 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-13 14:40:03 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-12 17:03:50 ----A---- C:\WINDOWS\system32\Prop7134.dll
2010-01-11 20:40:24 ----D---- C:\WINDOWS\system32\wbem
2010-01-11 20:40:23 ----D---- C:\WINDOWS\Registration
2010-01-11 20:40:13 ----D---- C:\Program Files\Opera
2010-01-11 20:04:02 ----D---- C:\Program Files\BS_Player
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-27 17:02:00 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-24 21:36:42 ----A---- C:\WINDOWS\disney.ini
2009-12-24 21:35:57 ----D---- C:\Program Files\Disney Interactive
2009-12-22 19:22:13 ----A---- C:\WINDOWS\disneysy.ini
2009-12-22 19:11:59 ----D---- C:\Program Files\GP Vs Superbike
2009-12-22 19:11:35 ----D---- C:\Program Files\FoxJones
2009-12-22 18:21:26 ----D---- C:\WINDOWS\system32\Restore
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-10-17 486280]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 Cap7134;AVerMedia, AVerTV WDM Video Capture (Silicon); C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2010-01-12 346304]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-04-18 805440]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 PhTVTune;Cap7134 TVTuner; C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2010-01-12 54304]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2003-10-07 896562]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-11-12 41984]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-09-27 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-09-27 25512]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-06-19 47360]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 98952]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sony_ssm.sys;sony_ssm.sys; \??\C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\sony_ssm.sys []
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-09-28 7168]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2002-10-25 6912]
S3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2002-11-14 10496]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2008-10-16 464264]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2009-10-14 476528]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-09-06 71096]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-04-23 606720]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2009-08-16 225280]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-10-17 2384240]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S2 gupdate1c9dfcc5ef5a890;Služba Google Update (gupdate1c9dfcc5ef5a890); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-28 133104]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-12 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-01-13 355584]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Pomalý PC,Vírus,Modrá obrazovka
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
martin1973
- Návštěvník
- Příspěvky: 194
- Registrován: 13 led 2010 23:10
-
Rudy
- Site Admin
- Příspěvky: 119390
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalý PC,Vírus,Modrá obrazovka
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
martin1973
- Návštěvník
- Příspěvky: 194
- Registrován: 13 led 2010 23:10
Re: Pomalý PC,Vírus,Modrá obrazovka
ComboFix 10-01-20.06 - Martin Cigas 21.01.2010 19:02:36.4.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.767.230 [GMT 1:00]
Running from: c:\documents and settings\Martin Cigas\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100121-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Java\jre6\bin\jucheck.exe
.
((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.
2010-01-21 15:59 . 2010-01-21 17:59 -------- d-----w- c:\documents and settings\Martin Cigas\Downloads
2010-01-21 13:06 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-21 13:06 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-21 13:06 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-21 13:06 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-21 13:06 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-21 13:06 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-21 13:06 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-21 13:06 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-21 13:05 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-20 20:50 . 2010-01-20 20:50 -------- d-----w- c:\documents and settings\Martin Cigas\Local Settings\Application Data\ESET
2010-01-20 19:37 . 2010-01-20 19:37 -------- d-----w- c:\program files\ESET
2010-01-20 15:53 . 2010-01-20 15:53 -------- d-----w- C:\rsit
2010-01-17 21:21 . 2010-01-17 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky SDK
2010-01-17 21:01 . 2010-01-17 21:01 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\CheckPoint
2010-01-17 21:00 . 2010-01-17 21:00 -------- d-----w- c:\program files\CheckPoint
2010-01-17 21:00 . 2009-10-12 17:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-01-17 20:58 . 2009-10-17 00:39 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-01-17 20:58 . 2009-10-17 00:39 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-01-17 20:37 . 2010-01-17 20:37 1230960 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Component\GoogleCld_3F6C343113693CD9.dll
2010-01-17 20:12 . 2010-01-17 20:12 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\MailFrontier
2010-01-17 20:07 . 2010-01-17 20:58 -------- d-----w- c:\program files\AskBarDis
2010-01-17 20:06 . 2010-01-21 17:13 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-17 20:06 . 2009-10-17 00:39 72584 ----a-w- c:\windows\zllsputility.exe
2010-01-17 20:05 . 2009-10-17 00:39 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-01-17 20:05 . 2010-01-17 21:04 -------- d-----w- c:\windows\system32\ZoneLabs
2010-01-17 20:05 . 2010-01-17 20:05 -------- d-----w- c:\program files\Zone Labs
2010-01-17 20:04 . 2010-01-21 18:08 -------- d-----w- c:\windows\Internet Logs
2010-01-15 14:39 . 2010-01-15 14:39 177024 ----a-w- c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\eoa2mgec.default\FlashGot.exe
2010-01-14 17:14 . 2010-01-14 17:14 -------- d-----w- c:\program files\sunmedia
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Malwarebytes
2010-01-13 21:14 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-13 21:14 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 15:10 . 2008-05-29 08:28 28416 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-13 15:10 . 2010-01-13 15:10 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-01-13 15:10 . 2010-01-13 15:10 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\TuneUp Software
2010-01-13 15:10 . 2010-01-13 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-01-13 15:09 . 2010-01-16 22:07 -------- d-----w- c:\program files\TuneUp Utilities 2008
2010-01-13 15:08 . 2010-01-14 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-13 11:56 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 19:40 . 2010-01-11 19:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-10 19:46 . 2010-01-10 19:46 -------- d-----w- c:\program files\Ubi Soft
2009-12-28 10:46 . 2009-12-28 10:46 -------- d-----w- c:\program files\iTeddy File Converter
2009-12-27 16:01 . 2009-12-27 16:01 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Media Player Classic
2009-12-25 17:30 . 2009-12-25 17:29 36 ----a-w- C:\mediamp3.dat
2009-12-25 09:36 . 2009-12-25 09:36 -------- d-sh--w- c:\windows\ftpcache
2009-12-25 09:36 . 2009-12-25 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Compedia
2009-12-25 09:06 . 2009-12-25 09:06 160695 ----a-w- c:\windows\Star Assault Uninstaller.exe
2009-12-25 09:05 . 2009-12-25 09:06 -------- d-----w- c:\program files\Star Assault
2009-12-24 20:37 . 2009-12-24 21:44 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\DisneyMagicEnglish
2009-12-24 20:36 . 2010-01-05 15:23 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 18:10 . 2009-04-23 19:14 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Skype
2010-01-21 17:57 . 2009-04-23 19:18 -------- d-----w- c:\program files\Sony Ericsson
2010-01-21 17:57 . 2009-04-23 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2010-01-21 16:55 . 2010-01-21 16:56 1874944 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-01-21 16:55 . 2010-01-21 16:56 275968 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-01-21 16:31 . 2009-04-23 19:16 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\skypePM
2010-01-21 16:00 . 2009-04-23 18:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-21 11:13 . 2009-04-23 19:12 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Spyware Terminator
2010-01-21 11:12 . 2009-04-23 19:12 -------- d-----w- c:\program files\Spyware Terminator
2010-01-21 11:08 . 2010-01-21 11:09 1834496 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-01-21 11:08 . 2010-01-21 11:09 220160 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-01-20 15:06 . 2009-04-23 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-01-19 20:31 . 2010-01-19 20:32 1802240 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-01-19 20:31 . 2010-01-19 20:32 57856 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-01-19 20:28 . 2009-06-19 10:50 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Vso
2010-01-18 21:45 . 2010-01-19 14:14 2381312 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-01-17 21:01 . 2010-01-17 21:01 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\CheckPoint
2010-01-17 21:00 . 2010-01-17 21:00 -------- d-----w- c:\program files\CheckPoint
2010-01-13 15:09 . 2009-06-07 20:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-12 16:03 . 2009-12-14 15:32 110592 ----a-w- c:\windows\system32\Prop7134.dll
2010-01-12 16:03 . 2009-12-14 15:32 54304 ----a-w- c:\windows\system32\drivers\PhTVTune.sys
2010-01-12 16:03 . 2009-12-14 15:32 346304 ----a-w- c:\windows\system32\drivers\Cap7134.sys
2010-01-11 19:40 . 2009-04-23 20:40 -------- d-----w- c:\program files\Opera
2010-01-11 19:04 . 2009-10-11 07:36 -------- d-----w- c:\program files\BS_Player
2009-12-24 20:35 . 2009-11-30 16:04 -------- d-----w- c:\program files\Disney Interactive
2009-12-22 18:11 . 2009-10-16 17:07 -------- d-----w- c:\program files\GP Vs Superbike
2009-12-22 18:11 . 2009-10-14 14:37 -------- d-----w- c:\program files\FoxJones
2009-12-18 21:08 . 2009-12-18 21:08 -------- d-----w- c:\program files\Buena Vista Games
2009-12-15 17:00 . 2009-04-23 18:30 19080 ----a-w- c:\documents and settings\Martin Cigas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-29 07:10 . 2009-11-28 17:05 -------- d-----w- c:\program files\CDBurnerXP
2009-11-28 17:05 . 2009-11-28 17:05 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Canneverbe_Limited
2009-11-28 17:05 . 2009-11-28 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2009-11-28 17:00 . 2009-11-28 17:00 -------- d-----w- c:\program files\MSBuild
2009-11-28 17:00 . 2009-11-28 17:00 -------- d-----w- c:\program files\Reference Assemblies
2009-11-28 07:38 . 2009-11-26 17:52 -------- d-----w- c:\program files\Common Files\Nero
2009-11-28 07:37 . 2009-04-23 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-11-28 07:37 . 2009-04-23 20:00 -------- d-----w- c:\program files\Nero
2009-11-26 21:26 . 2009-11-26 18:09 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Nero
2009-11-26 21:26 . 2009-11-26 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-11-21 15:51 . 2006-02-28 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-17 18:14 . 2009-06-19 10:50 47360 ----a-w- c:\documents and settings\Martin Cigas\Application Data\pcouffin.sys
2009-11-17 18:14 . 2009-06-19 10:50 47360 ----a-w- c:\documents and settings\Martin Cigas\Application Data\pcouffin.sys
2009-11-04 14:41 . 2009-11-04 14:41 152576 ----a-w- c:\documents and settings\Martin Cigas\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-29 05:38 . 2006-02-28 12:00 667136 ------w- c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 17:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-02 09:18 2215960 ----a-w- c:\program files\BS_Player\tbBS_0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-04-23 1817600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SMSERIAL"="sm56hlpr.exe" [2003-10-07 548864]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21.1.2010 14:06 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [23.4.2009 20:12 141312]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [17.1.2010 21:07 464264]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.1.2010 14:06 20560]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [14.10.2009 14:30 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [14.10.2009 14:30 476528]
R3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [14.12.2009 16:32 54304]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [21.1.2010 17:01 27632]
S2 gupdate1c9dfcc5ef5a890;Služba Google Update (gupdate1c9dfcc5ef5a890);c:\program files\Google\Update\GoogleUpdate.exe [28.5.2009 20:41 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [27.9.2009 12:28 13224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [21.1.2010 17:01 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [21.1.2010 17:01 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [21.1.2010 17:01 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [21.1.2010 17:01 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [21.1.2010 17:01 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [21.1.2010 17:01 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [21.1.2010 17:01 115752]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-01-21 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]
2010-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 19:41]
2010-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 19:41]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\eoa2mgec.default\
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\MozillaDownload.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 19:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(628)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
- - - - - - - > 'lsass.exe'(692)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2010-01-21 19:14:20
ComboFix-quarantined-files.txt 2010-01-21 18:14
Pre-Run: 15 460 442 112 bytes free
Post-Run: 8 adresárov, 15 473 070 080 voľných bajtov
- - End Of File - - 1CE6F2B50E84838972B10483C0B93549
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.767.230 [GMT 1:00]
Running from: c:\documents and settings\Martin Cigas\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100121-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Java\jre6\bin\jucheck.exe
.
((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.
2010-01-21 15:59 . 2010-01-21 17:59 -------- d-----w- c:\documents and settings\Martin Cigas\Downloads
2010-01-21 13:06 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-21 13:06 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-21 13:06 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-21 13:06 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-21 13:06 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-21 13:06 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-21 13:06 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-21 13:06 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-21 13:05 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-20 20:50 . 2010-01-20 20:50 -------- d-----w- c:\documents and settings\Martin Cigas\Local Settings\Application Data\ESET
2010-01-20 19:37 . 2010-01-20 19:37 -------- d-----w- c:\program files\ESET
2010-01-20 15:53 . 2010-01-20 15:53 -------- d-----w- C:\rsit
2010-01-17 21:21 . 2010-01-17 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky SDK
2010-01-17 21:01 . 2010-01-17 21:01 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\CheckPoint
2010-01-17 21:00 . 2010-01-17 21:00 -------- d-----w- c:\program files\CheckPoint
2010-01-17 21:00 . 2009-10-12 17:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-01-17 20:58 . 2009-10-17 00:39 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-01-17 20:58 . 2009-10-17 00:39 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-01-17 20:37 . 2010-01-17 20:37 1230960 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Component\GoogleCld_3F6C343113693CD9.dll
2010-01-17 20:12 . 2010-01-17 20:12 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\MailFrontier
2010-01-17 20:07 . 2010-01-17 20:58 -------- d-----w- c:\program files\AskBarDis
2010-01-17 20:06 . 2010-01-21 17:13 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-17 20:06 . 2009-10-17 00:39 72584 ----a-w- c:\windows\zllsputility.exe
2010-01-17 20:05 . 2009-10-17 00:39 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-01-17 20:05 . 2010-01-17 21:04 -------- d-----w- c:\windows\system32\ZoneLabs
2010-01-17 20:05 . 2010-01-17 20:05 -------- d-----w- c:\program files\Zone Labs
2010-01-17 20:04 . 2010-01-21 18:08 -------- d-----w- c:\windows\Internet Logs
2010-01-15 14:39 . 2010-01-15 14:39 177024 ----a-w- c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\eoa2mgec.default\FlashGot.exe
2010-01-14 17:14 . 2010-01-14 17:14 -------- d-----w- c:\program files\sunmedia
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Malwarebytes
2010-01-13 21:14 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-13 21:14 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 15:10 . 2008-05-29 08:28 28416 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-13 15:10 . 2010-01-13 15:10 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-01-13 15:10 . 2010-01-13 15:10 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\TuneUp Software
2010-01-13 15:10 . 2010-01-13 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-01-13 15:09 . 2010-01-16 22:07 -------- d-----w- c:\program files\TuneUp Utilities 2008
2010-01-13 15:08 . 2010-01-14 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-13 11:56 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 19:40 . 2010-01-11 19:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-10 19:46 . 2010-01-10 19:46 -------- d-----w- c:\program files\Ubi Soft
2009-12-28 10:46 . 2009-12-28 10:46 -------- d-----w- c:\program files\iTeddy File Converter
2009-12-27 16:01 . 2009-12-27 16:01 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Media Player Classic
2009-12-25 17:30 . 2009-12-25 17:29 36 ----a-w- C:\mediamp3.dat
2009-12-25 09:36 . 2009-12-25 09:36 -------- d-sh--w- c:\windows\ftpcache
2009-12-25 09:36 . 2009-12-25 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Compedia
2009-12-25 09:06 . 2009-12-25 09:06 160695 ----a-w- c:\windows\Star Assault Uninstaller.exe
2009-12-25 09:05 . 2009-12-25 09:06 -------- d-----w- c:\program files\Star Assault
2009-12-24 20:37 . 2009-12-24 21:44 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\DisneyMagicEnglish
2009-12-24 20:36 . 2010-01-05 15:23 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 18:10 . 2009-04-23 19:14 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Skype
2010-01-21 17:57 . 2009-04-23 19:18 -------- d-----w- c:\program files\Sony Ericsson
2010-01-21 17:57 . 2009-04-23 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2010-01-21 16:55 . 2010-01-21 16:56 1874944 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-01-21 16:55 . 2010-01-21 16:56 275968 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-01-21 16:31 . 2009-04-23 19:16 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\skypePM
2010-01-21 16:00 . 2009-04-23 18:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-21 11:13 . 2009-04-23 19:12 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Spyware Terminator
2010-01-21 11:12 . 2009-04-23 19:12 -------- d-----w- c:\program files\Spyware Terminator
2010-01-21 11:08 . 2010-01-21 11:09 1834496 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-01-21 11:08 . 2010-01-21 11:09 220160 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-01-20 15:06 . 2009-04-23 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-01-19 20:31 . 2010-01-19 20:32 1802240 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-01-19 20:31 . 2010-01-19 20:32 57856 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-01-19 20:28 . 2009-06-19 10:50 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Vso
2010-01-18 21:45 . 2010-01-19 14:14 2381312 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-01-17 21:01 . 2010-01-17 21:01 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\CheckPoint
2010-01-17 21:00 . 2010-01-17 21:00 -------- d-----w- c:\program files\CheckPoint
2010-01-13 15:09 . 2009-06-07 20:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-12 16:03 . 2009-12-14 15:32 110592 ----a-w- c:\windows\system32\Prop7134.dll
2010-01-12 16:03 . 2009-12-14 15:32 54304 ----a-w- c:\windows\system32\drivers\PhTVTune.sys
2010-01-12 16:03 . 2009-12-14 15:32 346304 ----a-w- c:\windows\system32\drivers\Cap7134.sys
2010-01-11 19:40 . 2009-04-23 20:40 -------- d-----w- c:\program files\Opera
2010-01-11 19:04 . 2009-10-11 07:36 -------- d-----w- c:\program files\BS_Player
2009-12-24 20:35 . 2009-11-30 16:04 -------- d-----w- c:\program files\Disney Interactive
2009-12-22 18:11 . 2009-10-16 17:07 -------- d-----w- c:\program files\GP Vs Superbike
2009-12-22 18:11 . 2009-10-14 14:37 -------- d-----w- c:\program files\FoxJones
2009-12-18 21:08 . 2009-12-18 21:08 -------- d-----w- c:\program files\Buena Vista Games
2009-12-15 17:00 . 2009-04-23 18:30 19080 ----a-w- c:\documents and settings\Martin Cigas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-29 07:10 . 2009-11-28 17:05 -------- d-----w- c:\program files\CDBurnerXP
2009-11-28 17:05 . 2009-11-28 17:05 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Canneverbe_Limited
2009-11-28 17:05 . 2009-11-28 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2009-11-28 17:00 . 2009-11-28 17:00 -------- d-----w- c:\program files\MSBuild
2009-11-28 17:00 . 2009-11-28 17:00 -------- d-----w- c:\program files\Reference Assemblies
2009-11-28 07:38 . 2009-11-26 17:52 -------- d-----w- c:\program files\Common Files\Nero
2009-11-28 07:37 . 2009-04-23 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-11-28 07:37 . 2009-04-23 20:00 -------- d-----w- c:\program files\Nero
2009-11-26 21:26 . 2009-11-26 18:09 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Nero
2009-11-26 21:26 . 2009-11-26 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-11-21 15:51 . 2006-02-28 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-17 18:14 . 2009-06-19 10:50 47360 ----a-w- c:\documents and settings\Martin Cigas\Application Data\pcouffin.sys
2009-11-17 18:14 . 2009-06-19 10:50 47360 ----a-w- c:\documents and settings\Martin Cigas\Application Data\pcouffin.sys
2009-11-04 14:41 . 2009-11-04 14:41 152576 ----a-w- c:\documents and settings\Martin Cigas\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-29 05:38 . 2006-02-28 12:00 667136 ------w- c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 17:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-02 09:18 2215960 ----a-w- c:\program files\BS_Player\tbBS_0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-04-23 1817600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SMSERIAL"="sm56hlpr.exe" [2003-10-07 548864]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21.1.2010 14:06 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [23.4.2009 20:12 141312]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [17.1.2010 21:07 464264]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.1.2010 14:06 20560]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [14.10.2009 14:30 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [14.10.2009 14:30 476528]
R3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [14.12.2009 16:32 54304]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [21.1.2010 17:01 27632]
S2 gupdate1c9dfcc5ef5a890;Služba Google Update (gupdate1c9dfcc5ef5a890);c:\program files\Google\Update\GoogleUpdate.exe [28.5.2009 20:41 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [27.9.2009 12:28 13224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [21.1.2010 17:01 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [21.1.2010 17:01 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [21.1.2010 17:01 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [21.1.2010 17:01 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [21.1.2010 17:01 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [21.1.2010 17:01 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [21.1.2010 17:01 115752]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-01-21 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]
2010-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 19:41]
2010-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 19:41]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\eoa2mgec.default\
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\MozillaDownload.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 19:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(628)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
- - - - - - - > 'lsass.exe'(692)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2010-01-21 19:14:20
ComboFix-quarantined-files.txt 2010-01-21 18:14
Pre-Run: 15 460 442 112 bytes free
Post-Run: 8 adresárov, 15 473 070 080 voľných bajtov
- - End Of File - - 1CE6F2B50E84838972B10483C0B93549
-
Rudy
- Site Admin
- Příspěvky: 119390
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalý PC,Vírus,Modrá obrazovka
Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Folder::
c:\program files\AskBarDis
Driver::
ASKService
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
martin1973
- Návštěvník
- Příspěvky: 194
- Registrován: 13 led 2010 23:10
Re: Pomalý PC,Vírus,Modrá obrazovka
Trošku mu to trvalo pokiaľ to dokončil ComboFix 10-01-21.01 - Martin Cigas 21.01.2010 21:08:23.7.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.767.325 [GMT 1:00]
Running from: c:\documents and settings\Martin Cigas\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Martin Cigas\Desktop\CFScript.txt..exe
AV: avast! antivirus 4.8.1368 [VPS 100121-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.
2010-01-21 15:59 . 2010-01-21 19:08 -------- d-----w- c:\documents and settings\Martin Cigas\Downloads
2010-01-21 13:06 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-21 13:06 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-21 13:06 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-21 13:06 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-21 13:06 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-21 13:06 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-21 13:06 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-21 13:06 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-21 13:05 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-20 20:50 . 2010-01-20 20:50 -------- d-----w- c:\documents and settings\Martin Cigas\Local Settings\Application Data\ESET
2010-01-20 19:37 . 2010-01-20 19:37 -------- d-----w- c:\program files\ESET
2010-01-17 21:21 . 2010-01-17 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky SDK
2010-01-17 21:01 . 2010-01-17 21:01 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\CheckPoint
2010-01-17 21:00 . 2010-01-17 21:00 -------- d-----w- c:\program files\CheckPoint
2010-01-17 21:00 . 2009-10-12 17:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-01-17 20:58 . 2009-10-17 00:39 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-01-17 20:58 . 2009-10-17 00:39 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-01-17 20:37 . 2010-01-17 20:37 1230960 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Component\GoogleCld_3F6C343113693CD9.dll
2010-01-17 20:12 . 2010-01-17 20:12 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\MailFrontier
2010-01-17 20:07 . 2010-01-17 20:58 -------- d-----w- c:\program files\AskBarDis
2010-01-17 20:06 . 2010-01-21 19:53 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-17 20:06 . 2009-10-17 00:39 72584 ----a-w- c:\windows\zllsputility.exe
2010-01-17 20:05 . 2009-10-17 00:39 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-01-17 20:05 . 2010-01-17 21:04 -------- d-----w- c:\windows\system32\ZoneLabs
2010-01-17 20:05 . 2010-01-17 20:05 -------- d-----w- c:\program files\Zone Labs
2010-01-17 20:04 . 2010-01-21 20:23 -------- d-----w- c:\windows\Internet Logs
2010-01-15 14:39 . 2010-01-15 14:39 177024 ----a-w- c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\eoa2mgec.default\FlashGot.exe
2010-01-14 17:14 . 2010-01-14 17:14 -------- d-----w- c:\program files\sunmedia
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Malwarebytes
2010-01-13 21:14 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-13 21:14 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 15:10 . 2008-05-29 08:28 28416 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-13 15:10 . 2010-01-13 15:10 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-01-13 15:10 . 2010-01-13 15:10 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\TuneUp Software
2010-01-13 15:10 . 2010-01-13 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-01-13 15:09 . 2010-01-16 22:07 -------- d-----w- c:\program files\TuneUp Utilities 2008
2010-01-13 15:08 . 2010-01-14 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-13 11:56 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 19:40 . 2010-01-11 19:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-10 19:46 . 2010-01-10 19:46 -------- d-----w- c:\program files\Ubi Soft
2009-12-28 10:46 . 2009-12-28 10:46 -------- d-----w- c:\program files\iTeddy File Converter
2009-12-27 16:01 . 2009-12-27 16:01 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Media Player Classic
2009-12-25 17:30 . 2009-12-25 17:29 36 ----a-w- C:\mediamp3.dat
2009-12-25 09:36 . 2009-12-25 09:36 -------- d-sh--w- c:\windows\ftpcache
2009-12-25 09:36 . 2009-12-25 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Compedia
2009-12-25 09:06 . 2009-12-25 09:06 160695 ----a-w- c:\windows\Star Assault Uninstaller.exe
2009-12-25 09:05 . 2009-12-25 09:06 -------- d-----w- c:\program files\Star Assault
2009-12-24 20:37 . 2009-12-24 21:44 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\DisneyMagicEnglish
2009-12-24 20:36 . 2010-01-05 15:23 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 23:03 . 2009-04-23 19:16 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\skypePM
2010-01-21 22:52 . 2009-04-23 19:14 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Skype
2010-01-21 17:57 . 2009-04-23 19:18 -------- d-----w- c:\program files\Sony Ericsson
2010-01-21 17:57 . 2009-04-23 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2010-01-21 16:55 . 2010-01-21 16:56 1874944 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-01-21 16:55 . 2010-01-21 16:56 275968 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-01-21 16:00 . 2009-04-23 18:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-21 11:13 . 2009-04-23 19:12 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Spyware Terminator
2010-01-21 11:12 . 2009-04-23 19:12 -------- d-----w- c:\program files\Spyware Terminator
2010-01-21 11:08 . 2010-01-21 11:09 1834496 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-01-21 11:08 . 2010-01-21 11:09 220160 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-01-20 15:06 . 2009-04-23 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-01-19 20:31 . 2010-01-19 20:32 1802240 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-01-19 20:31 . 2010-01-19 20:32 57856 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-01-19 20:28 . 2009-06-19 10:50 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Vso
2010-01-18 21:45 . 2010-01-19 14:14 2381312 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-01-17 21:01 . 2010-01-17 21:01 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\CheckPoint
2010-01-17 21:00 . 2010-01-17 21:00 -------- d-----w- c:\program files\CheckPoint
2010-01-13 15:09 . 2009-06-07 20:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-12 16:03 . 2009-12-14 15:32 110592 ----a-w- c:\windows\system32\Prop7134.dll
2010-01-12 16:03 . 2009-12-14 15:32 54304 ----a-w- c:\windows\system32\drivers\PhTVTune.sys
2010-01-12 16:03 . 2009-12-14 15:32 346304 ----a-w- c:\windows\system32\drivers\Cap7134.sys
2010-01-11 19:40 . 2009-04-23 20:40 -------- d-----w- c:\program files\Opera
2010-01-11 19:04 . 2009-10-11 07:36 -------- d-----w- c:\program files\BS_Player
2009-12-24 20:35 . 2009-11-30 16:04 -------- d-----w- c:\program files\Disney Interactive
2009-12-22 18:11 . 2009-10-16 17:07 -------- d-----w- c:\program files\GP Vs Superbike
2009-12-22 18:11 . 2009-10-14 14:37 -------- d-----w- c:\program files\FoxJones
2009-12-18 21:08 . 2009-12-18 21:08 -------- d-----w- c:\program files\Buena Vista Games
2009-12-15 17:00 . 2009-04-23 18:30 19080 ----a-w- c:\documents and settings\Martin Cigas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-29 07:10 . 2009-11-28 17:05 -------- d-----w- c:\program files\CDBurnerXP
2009-11-28 17:05 . 2009-11-28 17:05 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Canneverbe_Limited
2009-11-28 17:05 . 2009-11-28 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2009-11-28 17:00 . 2009-11-28 17:00 -------- d-----w- c:\program files\MSBuild
2009-11-28 17:00 . 2009-11-28 17:00 -------- d-----w- c:\program files\Reference Assemblies
2009-11-28 07:38 . 2009-11-26 17:52 -------- d-----w- c:\program files\Common Files\Nero
2009-11-28 07:37 . 2009-04-23 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-11-28 07:37 . 2009-04-23 20:00 -------- d-----w- c:\program files\Nero
2009-11-26 21:26 . 2009-11-26 18:09 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Nero
2009-11-26 21:26 . 2009-11-26 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-11-21 15:51 . 2006-02-28 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-17 18:14 . 2009-06-19 10:50 47360 ----a-w- c:\documents and settings\Martin Cigas\Application Data\pcouffin.sys
2009-11-17 18:14 . 2009-06-19 10:50 47360 ----a-w- c:\documents and settings\Martin Cigas\Application Data\pcouffin.sys
2009-11-04 14:41 . 2009-11-04 14:41 152576 ----a-w- c:\documents and settings\Martin Cigas\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-29 05:38 . 2006-02-28 12:00 667136 ------w- c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-21_18.11.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-21 19:52 . 2010-01-21 19:52 16384 c:\windows\Temp\Perflib_Perfdata_a38.dat
- 2010-01-21 16:58 . 2010-01-21 16:58 16384 c:\windows\Temp\Perflib_Perfdata_a38.dat
+ 2010-01-21 19:52 . 2010-01-21 19:52 16384 c:\windows\Temp\Perflib_Perfdata_750.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 17:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-02 09:18 2215960 ----a-w- c:\program files\BS_Player\tbBS_0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-12 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-04-23 1817600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SMSERIAL"="sm56hlpr.exe" [2003-10-07 548864]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21.1.2010 14:06 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [23.4.2009 20:12 141312]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [17.1.2010 21:07 464264]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.1.2010 14:06 20560]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [14.10.2009 14:30 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [14.10.2009 14:30 476528]
R3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [14.12.2009 16:32 54304]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [21.1.2010 17:01 27632]
S2 gupdate1c9dfcc5ef5a890;Služba Google Update (gupdate1c9dfcc5ef5a890);c:\program files\Google\Update\GoogleUpdate.exe [28.5.2009 20:41 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [27.9.2009 12:28 13224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [21.1.2010 17:01 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [21.1.2010 17:01 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [21.1.2010 17:01 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [21.1.2010 17:01 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [21.1.2010 17:01 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [21.1.2010 17:01 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [21.1.2010 17:01 115752]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-01-21 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]
2010-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 19:41]
2010-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 19:41]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\eoa2mgec.default\
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\MozillaDownload.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-22 00:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(624)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
- - - - - - - > 'lsass.exe'(680)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
- - - - - - - > 'explorer.exe'(3700)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\Zone Labs\ZoneAlarm\MailFrontier\mlfhook.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-22 00:33:34
ComboFix-quarantined-files.txt 2010-01-21 23:33
ComboFix2.txt 2010-01-21 18:14
Pre-Run: 15 416 184 832 bytes free
Post-Run: 7 adresárov, 15 229 087 744 voľných bajtov
- - End Of File - - 06F664630C2639530600E75A8BC98507
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.767.325 [GMT 1:00]
Running from: c:\documents and settings\Martin Cigas\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Martin Cigas\Desktop\CFScript.txt..exe
AV: avast! antivirus 4.8.1368 [VPS 100121-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.
2010-01-21 15:59 . 2010-01-21 19:08 -------- d-----w- c:\documents and settings\Martin Cigas\Downloads
2010-01-21 13:06 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-21 13:06 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-21 13:06 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-21 13:06 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-21 13:06 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-21 13:06 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-21 13:06 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-21 13:06 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-21 13:05 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-20 20:50 . 2010-01-20 20:50 -------- d-----w- c:\documents and settings\Martin Cigas\Local Settings\Application Data\ESET
2010-01-20 19:37 . 2010-01-20 19:37 -------- d-----w- c:\program files\ESET
2010-01-17 21:21 . 2010-01-17 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky SDK
2010-01-17 21:01 . 2010-01-17 21:01 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\CheckPoint
2010-01-17 21:00 . 2010-01-17 21:00 -------- d-----w- c:\program files\CheckPoint
2010-01-17 21:00 . 2009-10-12 17:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-01-17 20:58 . 2009-10-17 00:39 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-01-17 20:58 . 2009-10-17 00:39 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-01-17 20:37 . 2010-01-17 20:37 1230960 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Component\GoogleCld_3F6C343113693CD9.dll
2010-01-17 20:12 . 2010-01-17 20:12 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\MailFrontier
2010-01-17 20:07 . 2010-01-17 20:58 -------- d-----w- c:\program files\AskBarDis
2010-01-17 20:06 . 2010-01-21 19:53 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-17 20:06 . 2009-10-17 00:39 72584 ----a-w- c:\windows\zllsputility.exe
2010-01-17 20:05 . 2009-10-17 00:39 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-01-17 20:05 . 2010-01-17 21:04 -------- d-----w- c:\windows\system32\ZoneLabs
2010-01-17 20:05 . 2010-01-17 20:05 -------- d-----w- c:\program files\Zone Labs
2010-01-17 20:04 . 2010-01-21 20:23 -------- d-----w- c:\windows\Internet Logs
2010-01-15 14:39 . 2010-01-15 14:39 177024 ----a-w- c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\eoa2mgec.default\FlashGot.exe
2010-01-14 17:14 . 2010-01-14 17:14 -------- d-----w- c:\program files\sunmedia
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Malwarebytes
2010-01-13 21:14 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-13 21:14 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 15:10 . 2008-05-29 08:28 28416 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-13 15:10 . 2010-01-13 15:10 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-01-13 15:10 . 2010-01-13 15:10 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\TuneUp Software
2010-01-13 15:10 . 2010-01-13 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-01-13 15:09 . 2010-01-16 22:07 -------- d-----w- c:\program files\TuneUp Utilities 2008
2010-01-13 15:08 . 2010-01-14 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-13 11:56 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 19:40 . 2010-01-11 19:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-10 19:46 . 2010-01-10 19:46 -------- d-----w- c:\program files\Ubi Soft
2009-12-28 10:46 . 2009-12-28 10:46 -------- d-----w- c:\program files\iTeddy File Converter
2009-12-27 16:01 . 2009-12-27 16:01 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Media Player Classic
2009-12-25 17:30 . 2009-12-25 17:29 36 ----a-w- C:\mediamp3.dat
2009-12-25 09:36 . 2009-12-25 09:36 -------- d-sh--w- c:\windows\ftpcache
2009-12-25 09:36 . 2009-12-25 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Compedia
2009-12-25 09:06 . 2009-12-25 09:06 160695 ----a-w- c:\windows\Star Assault Uninstaller.exe
2009-12-25 09:05 . 2009-12-25 09:06 -------- d-----w- c:\program files\Star Assault
2009-12-24 20:37 . 2009-12-24 21:44 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\DisneyMagicEnglish
2009-12-24 20:36 . 2010-01-05 15:23 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 23:03 . 2009-04-23 19:16 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\skypePM
2010-01-21 22:52 . 2009-04-23 19:14 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Skype
2010-01-21 17:57 . 2009-04-23 19:18 -------- d-----w- c:\program files\Sony Ericsson
2010-01-21 17:57 . 2009-04-23 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2010-01-21 16:55 . 2010-01-21 16:56 1874944 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-01-21 16:55 . 2010-01-21 16:56 275968 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-01-21 16:00 . 2009-04-23 18:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-21 11:13 . 2009-04-23 19:12 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Spyware Terminator
2010-01-21 11:12 . 2009-04-23 19:12 -------- d-----w- c:\program files\Spyware Terminator
2010-01-21 11:08 . 2010-01-21 11:09 1834496 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-01-21 11:08 . 2010-01-21 11:09 220160 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-01-20 15:06 . 2009-04-23 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-01-19 20:31 . 2010-01-19 20:32 1802240 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-01-19 20:31 . 2010-01-19 20:32 57856 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-01-19 20:28 . 2009-06-19 10:50 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Vso
2010-01-18 21:45 . 2010-01-19 14:14 2381312 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-01-17 21:01 . 2010-01-17 21:01 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\CheckPoint
2010-01-17 21:00 . 2010-01-17 21:00 -------- d-----w- c:\program files\CheckPoint
2010-01-13 15:09 . 2009-06-07 20:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-12 16:03 . 2009-12-14 15:32 110592 ----a-w- c:\windows\system32\Prop7134.dll
2010-01-12 16:03 . 2009-12-14 15:32 54304 ----a-w- c:\windows\system32\drivers\PhTVTune.sys
2010-01-12 16:03 . 2009-12-14 15:32 346304 ----a-w- c:\windows\system32\drivers\Cap7134.sys
2010-01-11 19:40 . 2009-04-23 20:40 -------- d-----w- c:\program files\Opera
2010-01-11 19:04 . 2009-10-11 07:36 -------- d-----w- c:\program files\BS_Player
2009-12-24 20:35 . 2009-11-30 16:04 -------- d-----w- c:\program files\Disney Interactive
2009-12-22 18:11 . 2009-10-16 17:07 -------- d-----w- c:\program files\GP Vs Superbike
2009-12-22 18:11 . 2009-10-14 14:37 -------- d-----w- c:\program files\FoxJones
2009-12-18 21:08 . 2009-12-18 21:08 -------- d-----w- c:\program files\Buena Vista Games
2009-12-15 17:00 . 2009-04-23 18:30 19080 ----a-w- c:\documents and settings\Martin Cigas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-29 07:10 . 2009-11-28 17:05 -------- d-----w- c:\program files\CDBurnerXP
2009-11-28 17:05 . 2009-11-28 17:05 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Canneverbe_Limited
2009-11-28 17:05 . 2009-11-28 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2009-11-28 17:00 . 2009-11-28 17:00 -------- d-----w- c:\program files\MSBuild
2009-11-28 17:00 . 2009-11-28 17:00 -------- d-----w- c:\program files\Reference Assemblies
2009-11-28 07:38 . 2009-11-26 17:52 -------- d-----w- c:\program files\Common Files\Nero
2009-11-28 07:37 . 2009-04-23 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-11-28 07:37 . 2009-04-23 20:00 -------- d-----w- c:\program files\Nero
2009-11-26 21:26 . 2009-11-26 18:09 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Nero
2009-11-26 21:26 . 2009-11-26 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-11-21 15:51 . 2006-02-28 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-17 18:14 . 2009-06-19 10:50 47360 ----a-w- c:\documents and settings\Martin Cigas\Application Data\pcouffin.sys
2009-11-17 18:14 . 2009-06-19 10:50 47360 ----a-w- c:\documents and settings\Martin Cigas\Application Data\pcouffin.sys
2009-11-04 14:41 . 2009-11-04 14:41 152576 ----a-w- c:\documents and settings\Martin Cigas\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-29 05:38 . 2006-02-28 12:00 667136 ------w- c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-21_18.11.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-21 19:52 . 2010-01-21 19:52 16384 c:\windows\Temp\Perflib_Perfdata_a38.dat
- 2010-01-21 16:58 . 2010-01-21 16:58 16384 c:\windows\Temp\Perflib_Perfdata_a38.dat
+ 2010-01-21 19:52 . 2010-01-21 19:52 16384 c:\windows\Temp\Perflib_Perfdata_750.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 17:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-02 09:18 2215960 ----a-w- c:\program files\BS_Player\tbBS_0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-12 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-04-23 1817600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SMSERIAL"="sm56hlpr.exe" [2003-10-07 548864]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21.1.2010 14:06 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [23.4.2009 20:12 141312]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [17.1.2010 21:07 464264]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.1.2010 14:06 20560]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [14.10.2009 14:30 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [14.10.2009 14:30 476528]
R3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [14.12.2009 16:32 54304]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [21.1.2010 17:01 27632]
S2 gupdate1c9dfcc5ef5a890;Služba Google Update (gupdate1c9dfcc5ef5a890);c:\program files\Google\Update\GoogleUpdate.exe [28.5.2009 20:41 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [27.9.2009 12:28 13224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [21.1.2010 17:01 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [21.1.2010 17:01 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [21.1.2010 17:01 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [21.1.2010 17:01 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [21.1.2010 17:01 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [21.1.2010 17:01 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [21.1.2010 17:01 115752]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-01-21 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]
2010-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 19:41]
2010-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 19:41]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\eoa2mgec.default\
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\MozillaDownload.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-22 00:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(624)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
- - - - - - - > 'lsass.exe'(680)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
- - - - - - - > 'explorer.exe'(3700)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\Zone Labs\ZoneAlarm\MailFrontier\mlfhook.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-22 00:33:34
ComboFix-quarantined-files.txt 2010-01-21 23:33
ComboFix2.txt 2010-01-21 18:14
Pre-Run: 15 416 184 832 bytes free
Post-Run: 7 adresárov, 15 229 087 744 voľných bajtov
- - End Of File - - 06F664630C2639530600E75A8BC98507
-
Rudy
- Site Admin
- Příspěvky: 119390
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalý PC,Vírus,Modrá obrazovka
CF nemazal, protože jste chybně uložil soubor skriptu (CFScript.txt..exe). Takto to nefunguje. Skript musí být uložen jako CFScript.txt. Nic víc a nic méně.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
martin1973
- Návštěvník
- Příspěvky: 194
- Registrován: 13 led 2010 23:10
Re: Pomalý PC,Vírus,Modrá obrazovka
Neviem čo robím zle,ale akosi sa mi to nedarí.Predtým som mal notepad v príslučenstvách,ale teraz tam nieje-dam vyhľadať,nájde mi neaký otvorím ho je prázdny,skopírujem doň čo ste mi prikázal a keď dam uložiť pýta sa či mám zmeniť uloženie alebo niečo podobné,tak kliknem že ano a nejdeto uložiť.Premenujem na CFScript.txt a stále mi vyhodí ten log čo je vyššie s exe.Poraďte ako to mám správne urobiť?
-
Rudy
- Site Admin
- Příspěvky: 119390
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalý PC,Vírus,Modrá obrazovka
Zkontrolujte skript, zda v něm není něco navíc (např. mezera) a spusťte znovu. Pokud se to nezdaří, udělejte sken MBAM: http://www.malwarebytes.org/mbam.php a dejte z něj log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
martin1973
- Návštěvník
- Příspěvky: 194
- Registrován: 13 led 2010 23:10
Re: Pomalý PC,Vírus,Modrá obrazovka
No dúfam ,že to už dobré.ComboFix 10-01-22.01 - Martin Cigas 23.01.2010 8:46.14.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.767.266 [GMT 1:00]
Running from: c:\documents and settings\Martin Cigas\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Martin Cigas\Desktop\CFScript.txt.txt
AV: avast! antivirus 4.8.1368 [VPS 100123-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
((((((((((((((((((((((((( Files Created from 2009-12-23 to 2010-01-23 )))))))))))))))))))))))))))))))
.
2010-01-21 15:59 . 2010-01-21 19:08 -------- d-----w- c:\documents and settings\Martin Cigas\Downloads
2010-01-21 13:06 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-21 13:06 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-21 13:06 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-21 13:06 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-21 13:06 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-21 13:06 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-21 13:06 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-21 13:06 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-21 13:05 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-20 20:50 . 2010-01-20 20:50 -------- d-----w- c:\documents and settings\Martin Cigas\Local Settings\Application Data\ESET
2010-01-20 19:37 . 2010-01-20 19:37 -------- d-----w- c:\program files\ESET
2010-01-17 21:21 . 2010-01-17 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky SDK
2010-01-17 21:01 . 2010-01-17 21:01 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\CheckPoint
2010-01-17 21:00 . 2010-01-17 21:00 -------- d-----w- c:\program files\CheckPoint
2010-01-17 21:00 . 2009-10-12 17:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-01-17 20:58 . 2009-10-17 00:39 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-01-17 20:58 . 2009-10-17 00:39 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-01-17 20:37 . 2010-01-17 20:37 1230960 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Component\GoogleCld_3F6C343113693CD9.dll
2010-01-17 20:12 . 2010-01-17 20:12 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\MailFrontier
2010-01-17 20:06 . 2010-01-23 10:44 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-17 20:06 . 2009-10-17 00:39 72584 ----a-w- c:\windows\zllsputility.exe
2010-01-17 20:05 . 2009-10-17 00:39 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-01-17 20:05 . 2010-01-17 21:04 -------- d-----w- c:\windows\system32\ZoneLabs
2010-01-17 20:05 . 2010-01-17 20:05 -------- d-----w- c:\program files\Zone Labs
2010-01-17 20:04 . 2010-01-23 13:18 -------- d-----w- c:\windows\Internet Logs
2010-01-15 14:39 . 2010-01-15 14:39 177024 ----a-w- c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\eoa2mgec.default\FlashGot.exe
2010-01-14 17:14 . 2010-01-14 17:14 -------- d-----w- c:\program files\sunmedia
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Malwarebytes
2010-01-13 21:14 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-13 21:14 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 15:10 . 2008-05-29 08:28 28416 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-13 15:10 . 2010-01-13 15:10 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-01-13 15:10 . 2010-01-13 15:10 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\TuneUp Software
2010-01-13 15:10 . 2010-01-13 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-01-13 15:09 . 2010-01-16 22:07 -------- d-----w- c:\program files\TuneUp Utilities 2008
2010-01-13 15:08 . 2010-01-14 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-13 11:56 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 19:40 . 2010-01-11 19:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-10 19:46 . 2010-01-10 19:46 -------- d-----w- c:\program files\Ubi Soft
2009-12-28 10:46 . 2009-12-28 10:46 -------- d-----w- c:\program files\iTeddy File Converter
2009-12-27 16:01 . 2009-12-27 16:01 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Media Player Classic
2009-12-25 17:30 . 2009-12-25 17:29 36 ----a-w- C:\mediamp3.dat
2009-12-25 09:36 . 2009-12-25 09:36 -------- d-sh--w- c:\windows\ftpcache
2009-12-25 09:36 . 2009-12-25 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Compedia
2009-12-25 09:06 . 2009-12-25 09:06 160695 ----a-w- c:\windows\Star Assault Uninstaller.exe
2009-12-25 09:05 . 2009-12-25 09:06 -------- d-----w- c:\program files\Star Assault
2009-12-24 20:37 . 2009-12-24 21:44 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\DisneyMagicEnglish
2009-12-24 20:36 . 2010-01-05 15:23 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 14:38 . 2009-04-23 19:14 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Skype
2010-01-23 02:16 . 2010-01-23 02:18 2203648 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2010-01-23 02:15 . 2010-01-23 02:18 8704 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2010-01-23 02:14 . 2010-01-23 02:15 14336 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-01-23 02:12 . 2010-01-23 02:14 14336 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-01-23 02:10 . 2010-01-23 02:11 14848 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-01-23 02:09 . 2010-01-23 02:10 3331072 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2010-01-23 01:49 . 2010-01-23 01:49 134732 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_01_23_02_42_05_small.dmp.zip
2010-01-23 01:49 . 2010-01-23 01:49 135564 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_01_23_02_42_04_small.dmp.zip
2010-01-23 01:40 . 2010-01-23 01:41 15360 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-01-23 01:39 . 2010-01-23 01:40 2196992 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2010-01-23 01:39 . 2010-01-23 01:40 3421696 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-01-22 23:01 . 2009-04-23 19:16 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\skypePM
2010-01-22 14:31 . 2010-01-22 14:32 2162688 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-01-21 17:57 . 2009-04-23 19:18 -------- d-----w- c:\program files\Sony Ericsson
2010-01-21 17:57 . 2009-04-23 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2010-01-21 16:55 . 2010-01-21 16:56 1874944 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-01-21 16:55 . 2010-01-21 16:56 275968 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-01-21 16:00 . 2009-04-23 18:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-21 11:13 . 2009-04-23 19:12 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Spyware Terminator
2010-01-21 11:12 . 2009-04-23 19:12 -------- d-----w- c:\program files\Spyware Terminator
2010-01-21 11:08 . 2010-01-21 11:09 1834496 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-01-21 11:08 . 2010-01-21 11:09 220160 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-01-20 15:06 . 2009-04-23 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-01-19 20:31 . 2010-01-19 20:32 1802240 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-01-19 20:31 . 2010-01-19 20:32 57856 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-01-19 20:28 . 2009-06-19 10:50 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Vso
2010-01-19 20:01 . 2010-01-23 07:04 142576 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1051.dat
2010-01-18 21:45 . 2010-01-19 14:14 2381312 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-01-17 21:01 . 2010-01-17 21:01 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\CheckPoint
2010-01-17 21:00 . 2010-01-17 21:00 -------- d-----w- c:\program files\CheckPoint
2010-01-13 15:09 . 2009-06-07 20:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-12 16:03 . 2009-12-14 15:32 110592 ----a-w- c:\windows\system32\Prop7134.dll
2010-01-12 16:03 . 2009-12-14 15:32 54304 ----a-w- c:\windows\system32\drivers\PhTVTune.sys
2010-01-12 16:03 . 2009-12-14 15:32 346304 ----a-w- c:\windows\system32\drivers\Cap7134.sys
2010-01-11 19:40 . 2009-04-23 20:40 -------- d-----w- c:\program files\Opera
2010-01-11 19:04 . 2009-10-11 07:36 -------- d-----w- c:\program files\BS_Player
2009-12-24 20:35 . 2009-11-30 16:04 -------- d-----w- c:\program files\Disney Interactive
2009-12-22 18:11 . 2009-10-16 17:07 -------- d-----w- c:\program files\GP Vs Superbike
2009-12-22 18:11 . 2009-10-14 14:37 -------- d-----w- c:\program files\FoxJones
2009-12-22 05:21 . 2006-02-28 12:00 667136 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 21:08 . 2009-12-18 21:08 -------- d-----w- c:\program files\Buena Vista Games
2009-12-15 17:00 . 2009-04-23 18:30 19080 ----a-w- c:\documents and settings\Martin Cigas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-29 07:10 . 2009-11-28 17:05 -------- d-----w- c:\program files\CDBurnerXP
2009-11-28 17:05 . 2009-11-28 17:05 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Canneverbe_Limited
2009-11-28 17:05 . 2009-11-28 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2009-11-28 17:00 . 2009-11-28 17:00 -------- d-----w- c:\program files\MSBuild
2009-11-28 17:00 . 2009-11-28 17:00 -------- d-----w- c:\program files\Reference Assemblies
2009-11-28 07:38 . 2009-11-26 17:52 -------- d-----w- c:\program files\Common Files\Nero
2009-11-28 07:37 . 2009-04-23 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-11-28 07:37 . 2009-04-23 20:00 -------- d-----w- c:\program files\Nero
2009-11-26 21:26 . 2009-11-26 18:09 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Nero
2009-11-26 21:26 . 2009-11-26 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-11-21 15:51 . 2006-02-28 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-17 18:14 . 2009-06-19 10:50 47360 ----a-w- c:\documents and settings\Martin Cigas\Application Data\pcouffin.sys
2009-11-17 18:14 . 2009-06-19 10:50 47360 ----a-w- c:\documents and settings\Martin Cigas\Application Data\pcouffin.sys
2009-11-04 14:41 . 2009-11-04 14:41 152576 ----a-w- c:\documents and settings\Martin Cigas\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-02 09:18 2215960 ----a-w- c:\program files\BS_Player\tbBS_0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-12 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-04-23 1817600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SMSERIAL"="sm56hlpr.exe" [2003-10-07 548864]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21.1.2010 14:06 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [23.4.2009 20:12 141312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.1.2010 14:06 20560]
R3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [14.12.2009 16:32 54304]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [21.1.2010 17:01 27632]
S2 gupdate1c9dfcc5ef5a890;Služba Google Update (gupdate1c9dfcc5ef5a890);c:\program files\Google\Update\GoogleUpdate.exe [28.5.2009 20:41 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [27.9.2009 12:28 13224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [21.1.2010 17:01 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [21.1.2010 17:01 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [21.1.2010 17:01 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [21.1.2010 17:01 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [21.1.2010 17:01 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [21.1.2010 17:01 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [21.1.2010 17:01 115752]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-01-23 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]
2010-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 19:41]
2010-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 19:41]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\eoa2mgec.default\
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-23 15:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2572)
c:\program files\Zone Labs\ZoneAlarm\MailFrontier\mlfhook.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\UAService7.exe
c:\windows\sm56hlpr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\setup\avast.setup
.
**************************************************************************
.
Completion time: 2010-01-23 15:43:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-23 14:42
Pre-Run: 14 845 263 872 bytes free
Post-Run: 7 adresárov, 14 756 061 184 voľných bajtov
- - End Of File - - F3D48F8B983266BDE04203A90032C311
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.767.266 [GMT 1:00]
Running from: c:\documents and settings\Martin Cigas\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Martin Cigas\Desktop\CFScript.txt.txt
AV: avast! antivirus 4.8.1368 [VPS 100123-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
((((((((((((((((((((((((( Files Created from 2009-12-23 to 2010-01-23 )))))))))))))))))))))))))))))))
.
2010-01-21 15:59 . 2010-01-21 19:08 -------- d-----w- c:\documents and settings\Martin Cigas\Downloads
2010-01-21 13:06 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-21 13:06 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-21 13:06 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-21 13:06 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-21 13:06 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-21 13:06 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-21 13:06 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-21 13:06 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-21 13:05 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-20 20:50 . 2010-01-20 20:50 -------- d-----w- c:\documents and settings\Martin Cigas\Local Settings\Application Data\ESET
2010-01-20 19:37 . 2010-01-20 19:37 -------- d-----w- c:\program files\ESET
2010-01-17 21:21 . 2010-01-17 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky SDK
2010-01-17 21:01 . 2010-01-17 21:01 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\CheckPoint
2010-01-17 21:00 . 2010-01-17 21:00 -------- d-----w- c:\program files\CheckPoint
2010-01-17 21:00 . 2009-10-12 17:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2010-01-17 20:58 . 2009-10-17 00:39 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-01-17 20:58 . 2009-10-17 00:39 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-01-17 20:37 . 2010-01-17 20:37 1230960 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Component\GoogleCld_3F6C343113693CD9.dll
2010-01-17 20:12 . 2010-01-17 20:12 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\MailFrontier
2010-01-17 20:06 . 2010-01-23 10:44 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-17 20:06 . 2009-10-17 00:39 72584 ----a-w- c:\windows\zllsputility.exe
2010-01-17 20:05 . 2009-10-17 00:39 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-01-17 20:05 . 2010-01-17 21:04 -------- d-----w- c:\windows\system32\ZoneLabs
2010-01-17 20:05 . 2010-01-17 20:05 -------- d-----w- c:\program files\Zone Labs
2010-01-17 20:04 . 2010-01-23 13:18 -------- d-----w- c:\windows\Internet Logs
2010-01-15 14:39 . 2010-01-15 14:39 177024 ----a-w- c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\eoa2mgec.default\FlashGot.exe
2010-01-14 17:14 . 2010-01-14 17:14 -------- d-----w- c:\program files\sunmedia
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Malwarebytes
2010-01-13 21:14 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 21:14 . 2010-01-13 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-13 21:14 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 15:10 . 2008-05-29 08:28 28416 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-13 15:10 . 2010-01-13 15:10 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-01-13 15:10 . 2010-01-13 15:10 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\TuneUp Software
2010-01-13 15:10 . 2010-01-13 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-01-13 15:09 . 2010-01-16 22:07 -------- d-----w- c:\program files\TuneUp Utilities 2008
2010-01-13 15:08 . 2010-01-14 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-13 11:56 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 19:40 . 2010-01-11 19:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-10 19:46 . 2010-01-10 19:46 -------- d-----w- c:\program files\Ubi Soft
2009-12-28 10:46 . 2009-12-28 10:46 -------- d-----w- c:\program files\iTeddy File Converter
2009-12-27 16:01 . 2009-12-27 16:01 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Media Player Classic
2009-12-25 17:30 . 2009-12-25 17:29 36 ----a-w- C:\mediamp3.dat
2009-12-25 09:36 . 2009-12-25 09:36 -------- d-sh--w- c:\windows\ftpcache
2009-12-25 09:36 . 2009-12-25 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Compedia
2009-12-25 09:06 . 2009-12-25 09:06 160695 ----a-w- c:\windows\Star Assault Uninstaller.exe
2009-12-25 09:05 . 2009-12-25 09:06 -------- d-----w- c:\program files\Star Assault
2009-12-24 20:37 . 2009-12-24 21:44 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\DisneyMagicEnglish
2009-12-24 20:36 . 2010-01-05 15:23 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 14:38 . 2009-04-23 19:14 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Skype
2010-01-23 02:16 . 2010-01-23 02:18 2203648 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2010-01-23 02:15 . 2010-01-23 02:18 8704 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2010-01-23 02:14 . 2010-01-23 02:15 14336 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-01-23 02:12 . 2010-01-23 02:14 14336 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-01-23 02:10 . 2010-01-23 02:11 14848 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-01-23 02:09 . 2010-01-23 02:10 3331072 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2010-01-23 01:49 . 2010-01-23 01:49 134732 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_01_23_02_42_05_small.dmp.zip
2010-01-23 01:49 . 2010-01-23 01:49 135564 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_01_23_02_42_04_small.dmp.zip
2010-01-23 01:40 . 2010-01-23 01:41 15360 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-01-23 01:39 . 2010-01-23 01:40 2196992 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2010-01-23 01:39 . 2010-01-23 01:40 3421696 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-01-22 23:01 . 2009-04-23 19:16 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\skypePM
2010-01-22 14:31 . 2010-01-22 14:32 2162688 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-01-21 17:57 . 2009-04-23 19:18 -------- d-----w- c:\program files\Sony Ericsson
2010-01-21 17:57 . 2009-04-23 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2010-01-21 16:55 . 2010-01-21 16:56 1874944 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-01-21 16:55 . 2010-01-21 16:56 275968 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-01-21 16:00 . 2009-04-23 18:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-21 11:13 . 2009-04-23 19:12 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Spyware Terminator
2010-01-21 11:12 . 2009-04-23 19:12 -------- d-----w- c:\program files\Spyware Terminator
2010-01-21 11:08 . 2010-01-21 11:09 1834496 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-01-21 11:08 . 2010-01-21 11:09 220160 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-01-20 15:06 . 2009-04-23 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-01-19 20:31 . 2010-01-19 20:32 1802240 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-01-19 20:31 . 2010-01-19 20:32 57856 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-01-19 20:28 . 2009-06-19 10:50 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Vso
2010-01-19 20:01 . 2010-01-23 07:04 142576 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1051.dat
2010-01-18 21:45 . 2010-01-19 14:14 2381312 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-01-17 21:01 . 2010-01-17 21:01 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\CheckPoint
2010-01-17 21:00 . 2010-01-17 21:00 -------- d-----w- c:\program files\CheckPoint
2010-01-13 15:09 . 2009-06-07 20:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-12 16:03 . 2009-12-14 15:32 110592 ----a-w- c:\windows\system32\Prop7134.dll
2010-01-12 16:03 . 2009-12-14 15:32 54304 ----a-w- c:\windows\system32\drivers\PhTVTune.sys
2010-01-12 16:03 . 2009-12-14 15:32 346304 ----a-w- c:\windows\system32\drivers\Cap7134.sys
2010-01-11 19:40 . 2009-04-23 20:40 -------- d-----w- c:\program files\Opera
2010-01-11 19:04 . 2009-10-11 07:36 -------- d-----w- c:\program files\BS_Player
2009-12-24 20:35 . 2009-11-30 16:04 -------- d-----w- c:\program files\Disney Interactive
2009-12-22 18:11 . 2009-10-16 17:07 -------- d-----w- c:\program files\GP Vs Superbike
2009-12-22 18:11 . 2009-10-14 14:37 -------- d-----w- c:\program files\FoxJones
2009-12-22 05:21 . 2006-02-28 12:00 667136 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 21:08 . 2009-12-18 21:08 -------- d-----w- c:\program files\Buena Vista Games
2009-12-15 17:00 . 2009-04-23 18:30 19080 ----a-w- c:\documents and settings\Martin Cigas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-29 07:10 . 2009-11-28 17:05 -------- d-----w- c:\program files\CDBurnerXP
2009-11-28 17:05 . 2009-11-28 17:05 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Canneverbe_Limited
2009-11-28 17:05 . 2009-11-28 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2009-11-28 17:00 . 2009-11-28 17:00 -------- d-----w- c:\program files\MSBuild
2009-11-28 17:00 . 2009-11-28 17:00 -------- d-----w- c:\program files\Reference Assemblies
2009-11-28 07:38 . 2009-11-26 17:52 -------- d-----w- c:\program files\Common Files\Nero
2009-11-28 07:37 . 2009-04-23 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-11-28 07:37 . 2009-04-23 20:00 -------- d-----w- c:\program files\Nero
2009-11-26 21:26 . 2009-11-26 18:09 -------- d-----w- c:\documents and settings\Martin Cigas\Application Data\Nero
2009-11-26 21:26 . 2009-11-26 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-11-21 15:51 . 2006-02-28 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-17 18:14 . 2009-06-19 10:50 47360 ----a-w- c:\documents and settings\Martin Cigas\Application Data\pcouffin.sys
2009-11-17 18:14 . 2009-06-19 10:50 47360 ----a-w- c:\documents and settings\Martin Cigas\Application Data\pcouffin.sys
2009-11-04 14:41 . 2009-11-04 14:41 152576 ----a-w- c:\documents and settings\Martin Cigas\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-02 09:18 2215960 ----a-w- c:\program files\BS_Player\tbBS_0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-12 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-04-23 1817600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SMSERIAL"="sm56hlpr.exe" [2003-10-07 548864]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21.1.2010 14:06 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [23.4.2009 20:12 141312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.1.2010 14:06 20560]
R3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [14.12.2009 16:32 54304]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [21.1.2010 17:01 27632]
S2 gupdate1c9dfcc5ef5a890;Služba Google Update (gupdate1c9dfcc5ef5a890);c:\program files\Google\Update\GoogleUpdate.exe [28.5.2009 20:41 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [27.9.2009 12:28 13224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [21.1.2010 17:01 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [21.1.2010 17:01 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [21.1.2010 17:01 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [21.1.2010 17:01 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [21.1.2010 17:01 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [21.1.2010 17:01 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [21.1.2010 17:01 115752]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-01-23 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]
2010-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 19:41]
2010-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 19:41]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Martin Cigas\Application Data\Mozilla\Firefox\Profiles\eoa2mgec.default\
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-23 15:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2572)
c:\program files\Zone Labs\ZoneAlarm\MailFrontier\mlfhook.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\UAService7.exe
c:\windows\sm56hlpr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\setup\avast.setup
.
**************************************************************************
.
Completion time: 2010-01-23 15:43:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-23 14:42
Pre-Run: 14 845 263 872 bytes free
Post-Run: 7 adresárov, 14 756 061 184 voľných bajtov
- - End Of File - - F3D48F8B983266BDE04203A90032C311
-
martin1973
- Návštěvník
- Příspěvky: 194
- Registrován: 13 led 2010 23:10
Re: Pomalý PC,Vírus,Modrá obrazovka
Tu je log MBMMalwarebytes' Anti-Malware 1.44
Verzia databázy: 3556
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
23.1.2010 17:04:08
mbam-log-2010-01-23 (17-04-04).txt
Typ kontroly: Úplná (C:\|D:\|)
Objektov kontrolovaných: 200046
Uplynutý cas: 36 minute(s), 31 second(s)
Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 29
Infikovaných procesov pamäte:
(Žiadne škodlivé položky)
Infikovaných modulov pamäte:
(Žiadne škodlivé položky)
Infikovaných registracných klúcov:
(Žiadne škodlivé položky)
Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)
Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)
Infikovaných priecinkov:
(Žiadne škodlivé položky)
Infikovaných súborov:
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP294\A0049866.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP294\A0049916.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP294\A0050013.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP294\A0050082.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP294\A0050166.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP294\A0050255.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP294\A0050317.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP294\A0050482.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0051616.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0051800.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0051721.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0051871.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0051950.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0052007.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0052149.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0052217.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0052292.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0052444.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0052495.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0052583.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0052640.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0054741.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0054798.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP297\A0059933.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP297\A0060131.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP297\A0060191.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP297\A0061225.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP297\A0061276.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP297\A0061065.sys (Malware.Trace) -> No action taken.
Verzia databázy: 3556
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
23.1.2010 17:04:08
mbam-log-2010-01-23 (17-04-04).txt
Typ kontroly: Úplná (C:\|D:\|)
Objektov kontrolovaných: 200046
Uplynutý cas: 36 minute(s), 31 second(s)
Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 29
Infikovaných procesov pamäte:
(Žiadne škodlivé položky)
Infikovaných modulov pamäte:
(Žiadne škodlivé položky)
Infikovaných registracných klúcov:
(Žiadne škodlivé položky)
Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)
Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)
Infikovaných priecinkov:
(Žiadne škodlivé položky)
Infikovaných súborov:
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP294\A0049866.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP294\A0049916.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP294\A0050013.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP294\A0050082.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP294\A0050166.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP294\A0050255.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP294\A0050317.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP294\A0050482.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0051616.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0051800.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0051721.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0051871.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0051950.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0052007.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0052149.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0052217.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0052292.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0052444.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0052495.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0052583.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0052640.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0054741.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP296\A0054798.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP297\A0059933.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP297\A0060131.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP297\A0060191.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP297\A0061225.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP297\A0061276.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{16182753-FC7C-4880-A59D-3F848CFF0682}\RP297\A0061065.sys (Malware.Trace) -> No action taken.
-
Rudy
- Site Admin
- Příspěvky: 119390
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalý PC,Vírus,Modrá obrazovka
1 položku CF opravil. Zbytek logu CF vypadá čistý. MBAM našel infekci v záloze systému. Vše, co MBAM našel, smažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
martin1973
- Návštěvník
- Příspěvky: 194
- Registrován: 13 led 2010 23:10
Re: Pomalý PC,Vírus,Modrá obrazovka
C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\WER348e.dir00\Mini012310-08.dmp C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\WER348e.dir00\sysdata.xml Po vymazaní MBM mal reštartovať pc aj sa stalo,ale keď sa už mal rozbehnúť tak naskočila modrá obrazovka a hneď sa reštartol.Tu je podpis chyby:BC Code 1000000a,BCP 1:00000016,BCP2:0000002,BCP3:00000000,BCP4:804DBDA3,OSVer 5_1_2600,SP3_0,PRODUKTY:768-1 . A tie dva súbory budú zahrnuté v správe.Mám ich ručne odstrániť,alebo čo stým?
-
Rudy
- Site Admin
- Příspěvky: 119390
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalý PC,Vírus,Modrá obrazovka
Můžete smazat celý obsah adresáře C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp . Jinak mám pocit, že muže být poškozen některý ovladač. Zkuste přeinstalovat ovladače od zákl. desky a gr. karty.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
martin1973
- Návštěvník
- Příspěvky: 194
- Registrován: 13 led 2010 23:10
Re: Pomalý PC,Vírus,Modrá obrazovka
Zmazať to nejde,radiče som preinštaloval tak uvidíme,zatiaľ ďakujem
-
Rudy
- Site Admin
- Příspěvky: 119390
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalý PC,Vírus,Modrá obrazovka
Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?