poprosim o kontrolu:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:46:47, on 15. 2. 2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Users\VERONIKA\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Users\VERONIKA\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5620
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5620
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50081
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHelper Class - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Program Files\MTWBSA\mtwb3sh.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Stiahnuť &všetky odkazy pomocou BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Stiahnuť odkaz &pomocou BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stiahnuť všetky v&ideá pomocou BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Správca pre program Google Desktop 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (file missing)
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 6506 bytes
C:\Users\VERONIKA\AppData\Local\Temp\RtkBtMnt.exe - nedokážem odstraniť, už som mazal aj čistil reg a po reštarte je tam. Poprosim o radu. Dik.
Kontrola - RtkBtMnt.exe
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Kontrola - RtkBtMnt.exe
Ten soubor patří zvukovce Realtek
odinstaluj Spybot
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
odinstaluj Spybot
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Kontrola - RtkBtMnt.exe
15. 2. 2011 16:32:46
mbam-log-2011-02-15 (16-32-46).txt
Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 140488
Uplynutý čas: 3 min, 31 sek
Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 0
Infikované služby pamäte:
(Škodlivé položky neboli zistené)
Infikované moduly pamäte:
(Škodlivé položky neboli zistené)
Infikované registračné kľúče:
(Škodlivé položky neboli zistené)
Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)
Infikované položky registračných dát:
(Škodlivé položky neboli zistené)
Infikované priečinky:
(Škodlivé položky neboli zistené)
Infikované súbory:
(Škodlivé položky neboli zistené)
mbam-log-2011-02-15 (16-32-46).txt
Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 140488
Uplynutý čas: 3 min, 31 sek
Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 0
Infikované služby pamäte:
(Škodlivé položky neboli zistené)
Infikované moduly pamäte:
(Škodlivé položky neboli zistené)
Infikované registračné kľúče:
(Škodlivé položky neboli zistené)
Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)
Infikované položky registračných dát:
(Škodlivé položky neboli zistené)
Infikované priečinky:
(Škodlivé položky neboli zistené)
Infikované súbory:
(Škodlivé položky neboli zistené)
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Kontrola - RtkBtMnt.exe
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Kontrola - RtkBtMnt.exe
ComboFix 11-02-14.02 - VERONIKA . 02. 2011 17:22:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.421.1051.18.3062.2035 [GMT 1:00]
Running from: c:\users\VERONIKA\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Desktop
.
((((((((((((((((((((((((( Files Created from 2011-01-15 to 2011-02-15 )))))))))))))))))))))))))))))))
.
2011-02-15 16:19 . 2011-02-15 16:20 -------- d-----w- C:\32788R22FWJFW
2011-02-15 14:31 . 2011-02-15 14:31 -------- d-----w- c:\users\VERONIKA\AppData\Roaming\Malwarebytes
2011-02-15 14:31 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-15 14:30 . 2011-02-15 14:30 -------- d-----w- c:\programdata\Malwarebytes
2011-02-15 14:30 . 2011-02-15 14:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-15 14:30 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-15 11:28 . 2011-02-15 11:28 -------- dc----w- c:\windows\system32\DRVSTORE
2011-02-15 11:28 . 2010-11-22 08:50 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-02-15 11:28 . 2011-02-15 11:28 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-15 11:23 . 2011-02-15 11:23 -------- d-----w- c:\users\VERONIKA\AppData\Local\Sunbelt Software
2011-02-15 11:22 . 2011-02-15 11:28 -------- d-----w- c:\programdata\Lavasoft
2011-02-15 11:17 . 2010-12-03 19:39 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-02-15 11:17 . 2010-12-03 19:39 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-02-15 10:34 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F71AEDE9-9C41-494E-83AD-5F447F8C209D}\mpengine.dll
2011-02-15 10:27 . 2011-02-15 10:27 -------- d-----w- c:\users\VERONIKA\AppData\Roaming\Avira
2011-02-14 19:58 . 2011-02-15 07:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-02-14 19:58 . 2011-02-14 19:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-14 19:25 . 2011-02-14 19:25 -------- d-----w- c:\users\VERONIKA\AppData\Roaming\GlarySoft
2011-02-14 19:22 . 2011-02-14 19:22 -------- d-----w- c:\program files\Glary Utilities
2011-02-14 17:47 . 2011-02-14 17:47 -------- d-----w- c:\program files\CCleaner
2011-02-13 09:57 . 2011-02-13 09:57 -------- d-----w- c:\windows\system32\MpEngineStore
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-10 13:23 . 2009-06-22 16:18 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-10 13:23 . 2009-06-22 16:18 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-28 14:57 . 2011-01-12 10:44 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 15:49 . 2011-01-12 10:43 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^VERONIKA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regedit32
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-01-02 23:55 521776 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-04-27 22:11 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-08-28 20:43 154136 ----a-w- c:\windows\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 13:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-08-28 20:43 141848 ----a-w- c:\windows\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-10-11 10:06 62760 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-01-07 23:51 858632 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
2011-02-13 09:56 37443528 ----a-w- c:\windows\System32\mrt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-08-28 20:43 137752 ----a-w- c:\windows\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2007-10-23 08:56 200704 ----a-w- c:\windows\PLFSetI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-01-22 12:23 81920 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 02:15 1826816 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-28 05:13 144792 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-07 19:35 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-01-29 07:03 303104 ----a-w- c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R1 cxmfrnjw;cxmfrnjw;c:\windows\system32\drivers\cxmfrnjw.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-05-18 28464]
R3 GoogleDesktopManager-080708-050100;Správca pre program Google Desktop 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-04-27 24064]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-11-22 64288]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
2011-02-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-02-14 13:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5620
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5620
uInternet Settings,ProxyServer = http=127.0.0.1:50081
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stiahnuť &všetky odkazy pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Stiahnuť odkaz &pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stiahnuť všetky v&ideá pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
FF - ProfilePath - c:\users\VERONIKA\AppData\Roaming\Mozilla\Firefox\Profiles\kdyxh7lw.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50081
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-FBSSA - c:\program files\MTWBSA\ie3sh.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-15 17:28
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(2916)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Completion time: 2011-02-15 17:30:16
ComboFix-quarantined-files.txt 2011-02-15 16:30
Pre-Run: 93 032 165 376 bytes free
Post-Run: 92 961 873 920 bytes free
- - End Of File - - F594B0AA75F19A0278E63D357D895375
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.421.1051.18.3062.2035 [GMT 1:00]
Running from: c:\users\VERONIKA\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Desktop
.
((((((((((((((((((((((((( Files Created from 2011-01-15 to 2011-02-15 )))))))))))))))))))))))))))))))
.
2011-02-15 16:19 . 2011-02-15 16:20 -------- d-----w- C:\32788R22FWJFW
2011-02-15 14:31 . 2011-02-15 14:31 -------- d-----w- c:\users\VERONIKA\AppData\Roaming\Malwarebytes
2011-02-15 14:31 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-15 14:30 . 2011-02-15 14:30 -------- d-----w- c:\programdata\Malwarebytes
2011-02-15 14:30 . 2011-02-15 14:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-15 14:30 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-15 11:28 . 2011-02-15 11:28 -------- dc----w- c:\windows\system32\DRVSTORE
2011-02-15 11:28 . 2010-11-22 08:50 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-02-15 11:28 . 2011-02-15 11:28 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-15 11:23 . 2011-02-15 11:23 -------- d-----w- c:\users\VERONIKA\AppData\Local\Sunbelt Software
2011-02-15 11:22 . 2011-02-15 11:28 -------- d-----w- c:\programdata\Lavasoft
2011-02-15 11:17 . 2010-12-03 19:39 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-02-15 11:17 . 2010-12-03 19:39 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-02-15 10:34 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F71AEDE9-9C41-494E-83AD-5F447F8C209D}\mpengine.dll
2011-02-15 10:27 . 2011-02-15 10:27 -------- d-----w- c:\users\VERONIKA\AppData\Roaming\Avira
2011-02-14 19:58 . 2011-02-15 07:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-02-14 19:58 . 2011-02-14 19:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-14 19:25 . 2011-02-14 19:25 -------- d-----w- c:\users\VERONIKA\AppData\Roaming\GlarySoft
2011-02-14 19:22 . 2011-02-14 19:22 -------- d-----w- c:\program files\Glary Utilities
2011-02-14 17:47 . 2011-02-14 17:47 -------- d-----w- c:\program files\CCleaner
2011-02-13 09:57 . 2011-02-13 09:57 -------- d-----w- c:\windows\system32\MpEngineStore
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-10 13:23 . 2009-06-22 16:18 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-10 13:23 . 2009-06-22 16:18 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-28 14:57 . 2011-01-12 10:44 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 15:49 . 2011-01-12 10:43 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^VERONIKA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regedit32
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-01-02 23:55 521776 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-04-27 22:11 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-08-28 20:43 154136 ----a-w- c:\windows\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 13:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-08-28 20:43 141848 ----a-w- c:\windows\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-10-11 10:06 62760 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-01-07 23:51 858632 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
2011-02-13 09:56 37443528 ----a-w- c:\windows\System32\mrt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-08-28 20:43 137752 ----a-w- c:\windows\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2007-10-23 08:56 200704 ----a-w- c:\windows\PLFSetI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-01-22 12:23 81920 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 02:15 1826816 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-28 05:13 144792 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-07 19:35 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-01-29 07:03 303104 ----a-w- c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R1 cxmfrnjw;cxmfrnjw;c:\windows\system32\drivers\cxmfrnjw.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-05-18 28464]
R3 GoogleDesktopManager-080708-050100;Správca pre program Google Desktop 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-04-27 24064]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-11-22 64288]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
2011-02-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-02-14 13:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5620
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5620
uInternet Settings,ProxyServer = http=127.0.0.1:50081
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stiahnuť &všetky odkazy pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Stiahnuť odkaz &pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stiahnuť všetky v&ideá pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
FF - ProfilePath - c:\users\VERONIKA\AppData\Roaming\Mozilla\Firefox\Profiles\kdyxh7lw.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50081
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-FBSSA - c:\program files\MTWBSA\ie3sh.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-15 17:28
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(2916)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Completion time: 2011-02-15 17:30:16
ComboFix-quarantined-files.txt 2011-02-15 16:30
Pre-Run: 93 032 165 376 bytes free
Post-Run: 92 961 873 920 bytes free
- - End Of File - - F594B0AA75F19A0278E63D357D895375
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola - RtkBtMnt.exe
Odinstaluj:
Spybot - Search & Destroy
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
uInternet Settings,ProxyServer = http=127.0.0.1:50081---používáš tuto proxy?
Spybot - Search & Destroy
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
File::
c:\windows\system32\drivers\SBREDrv.sys
Folder::
C:\32788R22FWJFW
c:\users\VERONIKA\AppData\Local\Sunbelt Software
Driver::
cxmfrnjw
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regedit32]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000000
RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
uInternet Settings,ProxyServer = http=127.0.0.1:50081---používáš tuto proxy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola - RtkBtMnt.exe
ComboFix 11-02-14.02 - VERONIKA . 02. 2011 19:09:21.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.421.1051.18.3062.1987 [GMT 1:00]
Running from: c:\users\VERONIKA\Desktop\ComboFix.exe
Command switches used :: c:\users\VERONIKA\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FILE ::
"c:\windows\system32\drivers\SBREDrv.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\VERONIKA\AppData\Local\Sunbelt Software
c:\windows\system32\drivers\SBREDrv.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_cxmfrnjw
((((((((((((((((((((((((( Files Created from 2011-01-15 to 2011-02-15 )))))))))))))))))))))))))))))))
.
2011-02-15 18:15 . 2011-02-15 18:16 -------- d-----w- c:\users\VERONIKA\AppData\Local\temp
2011-02-15 14:31 . 2011-02-15 14:31 -------- d-----w- c:\users\VERONIKA\AppData\Roaming\Malwarebytes
2011-02-15 14:31 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-15 14:30 . 2011-02-15 14:30 -------- d-----w- c:\programdata\Malwarebytes
2011-02-15 14:30 . 2011-02-15 14:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-15 14:30 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-15 11:28 . 2011-02-15 11:28 -------- dc----w- c:\windows\system32\DRVSTORE
2011-02-15 11:28 . 2010-11-22 08:50 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-02-15 11:22 . 2011-02-15 11:28 -------- d-----w- c:\programdata\Lavasoft
2011-02-15 11:17 . 2010-12-03 19:39 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-02-15 11:17 . 2010-12-03 19:39 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-02-15 10:34 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F71AEDE9-9C41-494E-83AD-5F447F8C209D}\mpengine.dll
2011-02-15 10:27 . 2011-02-15 10:27 -------- d-----w- c:\users\VERONIKA\AppData\Roaming\Avira
2011-02-14 19:58 . 2011-02-15 17:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-02-14 19:25 . 2011-02-14 19:25 -------- d-----w- c:\users\VERONIKA\AppData\Roaming\GlarySoft
2011-02-14 19:22 . 2011-02-14 19:22 -------- d-----w- c:\program files\Glary Utilities
2011-02-14 17:47 . 2011-02-14 17:47 -------- d-----w- c:\program files\CCleaner
2011-02-13 09:57 . 2011-02-13 09:57 -------- d-----w- c:\windows\system32\MpEngineStore
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-10 13:23 . 2009-06-22 16:18 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-10 13:23 . 2009-06-22 16:18 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-28 14:57 . 2011-01-12 10:44 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 15:49 . 2011-01-12 10:43 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^VERONIKA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-01-02 23:55 521776 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-04-27 22:11 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-08-28 20:43 154136 ----a-w- c:\windows\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 13:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-08-28 20:43 141848 ----a-w- c:\windows\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-10-11 10:06 62760 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-01-07 23:51 858632 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
2011-02-13 09:56 37443528 ----a-w- c:\windows\System32\mrt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-08-28 20:43 137752 ----a-w- c:\windows\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2007-10-23 08:56 200704 ----a-w- c:\windows\PLFSetI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-01-22 12:23 81920 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 02:15 1826816 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-28 05:13 144792 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-07 19:35 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-01-29 07:03 303104 ----a-w- c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-05-18 28464]
R3 GoogleDesktopManager-080708-050100;Správca pre program Google Desktop 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-04-27 24064]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-11-22 64288]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
2011-02-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-02-14 13:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5620
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5620
uInternet Settings,ProxyServer = http=127.0.0.1:50081
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stiahnuť &všetky odkazy pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Stiahnuť odkaz &pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stiahnuť všetky v&ideá pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
FF - ProfilePath - c:\users\VERONIKA\AppData\Roaming\Mozilla\Firefox\Profiles\kdyxh7lw.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50081
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-15 19:18
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3232)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-02-15 19:21:08 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-15 18:21
ComboFix2.txt 2011-02-15 16:30
Pre-Run: 92 943 634 432 bytes free
Post-Run: 92 627 496 960 bytes free
- - End Of File - - 4E953CEB9894A405AE223CBDEAAA175E
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:33:35, on 15. 2. 2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Users\VERONIKA\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\VERONIKA\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5620
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5620
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50081
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Stiahnuť &všetky odkazy pomocou BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Stiahnuť odkaz &pomocou BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stiahnuť všetky v&ideá pomocou BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Správca pre program Google Desktop 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (file missing)
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 5687 bytes
Na poslednu otazku nepoznám odpovedat, pc mam len od dnes na precistenie.
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.421.1051.18.3062.1987 [GMT 1:00]
Running from: c:\users\VERONIKA\Desktop\ComboFix.exe
Command switches used :: c:\users\VERONIKA\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FILE ::
"c:\windows\system32\drivers\SBREDrv.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\VERONIKA\AppData\Local\Sunbelt Software
c:\windows\system32\drivers\SBREDrv.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_cxmfrnjw
((((((((((((((((((((((((( Files Created from 2011-01-15 to 2011-02-15 )))))))))))))))))))))))))))))))
.
2011-02-15 18:15 . 2011-02-15 18:16 -------- d-----w- c:\users\VERONIKA\AppData\Local\temp
2011-02-15 14:31 . 2011-02-15 14:31 -------- d-----w- c:\users\VERONIKA\AppData\Roaming\Malwarebytes
2011-02-15 14:31 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-15 14:30 . 2011-02-15 14:30 -------- d-----w- c:\programdata\Malwarebytes
2011-02-15 14:30 . 2011-02-15 14:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-15 14:30 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-15 11:28 . 2011-02-15 11:28 -------- dc----w- c:\windows\system32\DRVSTORE
2011-02-15 11:28 . 2010-11-22 08:50 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-02-15 11:22 . 2011-02-15 11:28 -------- d-----w- c:\programdata\Lavasoft
2011-02-15 11:17 . 2010-12-03 19:39 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-02-15 11:17 . 2010-12-03 19:39 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-02-15 10:34 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F71AEDE9-9C41-494E-83AD-5F447F8C209D}\mpengine.dll
2011-02-15 10:27 . 2011-02-15 10:27 -------- d-----w- c:\users\VERONIKA\AppData\Roaming\Avira
2011-02-14 19:58 . 2011-02-15 17:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-02-14 19:25 . 2011-02-14 19:25 -------- d-----w- c:\users\VERONIKA\AppData\Roaming\GlarySoft
2011-02-14 19:22 . 2011-02-14 19:22 -------- d-----w- c:\program files\Glary Utilities
2011-02-14 17:47 . 2011-02-14 17:47 -------- d-----w- c:\program files\CCleaner
2011-02-13 09:57 . 2011-02-13 09:57 -------- d-----w- c:\windows\system32\MpEngineStore
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-10 13:23 . 2009-06-22 16:18 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-10 13:23 . 2009-06-22 16:18 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-28 14:57 . 2011-01-12 10:44 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 15:49 . 2011-01-12 10:43 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^VERONIKA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-01-02 23:55 521776 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-04-27 22:11 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-08-28 20:43 154136 ----a-w- c:\windows\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 13:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-08-28 20:43 141848 ----a-w- c:\windows\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-10-11 10:06 62760 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-01-07 23:51 858632 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
2011-02-13 09:56 37443528 ----a-w- c:\windows\System32\mrt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-08-28 20:43 137752 ----a-w- c:\windows\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2007-10-23 08:56 200704 ----a-w- c:\windows\PLFSetI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-01-22 12:23 81920 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 02:15 1826816 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-28 05:13 144792 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-07 19:35 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-01-29 07:03 303104 ----a-w- c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-05-18 28464]
R3 GoogleDesktopManager-080708-050100;Správca pre program Google Desktop 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-04-27 24064]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-11-22 64288]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
2011-02-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-02-14 13:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5620
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5620
uInternet Settings,ProxyServer = http=127.0.0.1:50081
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stiahnuť &všetky odkazy pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Stiahnuť odkaz &pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stiahnuť všetky v&ideá pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
FF - ProfilePath - c:\users\VERONIKA\AppData\Roaming\Mozilla\Firefox\Profiles\kdyxh7lw.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50081
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-15 19:18
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3232)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-02-15 19:21:08 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-15 18:21
ComboFix2.txt 2011-02-15 16:30
Pre-Run: 92 943 634 432 bytes free
Post-Run: 92 627 496 960 bytes free
- - End Of File - - 4E953CEB9894A405AE223CBDEAAA175E
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:33:35, on 15. 2. 2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Users\VERONIKA\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\VERONIKA\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5620
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5620
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50081
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Stiahnuť &všetky odkazy pomocou BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Stiahnuť odkaz &pomocou BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stiahnuť všetky v&ideá pomocou BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Správca pre program Google Desktop 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (file missing)
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 5687 bytes
Na poslednu otazku nepoznám odpovedat, pc mam len od dnes na precistenie.
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Kontrola - RtkBtMnt.exe
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
Folder::
c:\programdata\Spybot - Search & Destroy
c:\programdata\Lavasoft
DDS::
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5620
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5620
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Kontrola - RtkBtMnt.exe
ComboFix 11-02-14.02 - VERONIKA . 02. 2011 20:13:01.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.421.1051.18.3062.1849 [GMT 1:00]
Running from: c:\users\VERONIKA\Desktop\ComboFix.exe
Command switches used :: c:\users\VERONIKA\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Lavasoft
c:\programdata\Lavasoft\Ad-Aware\Defs\core.aawdef.fingerprintdiskcache.bin
c:\programdata\Lavasoft\Ad-Aware\Defs\core.aawdef.hashdiskcache.bin
c:\programdata\Lavasoft\Ad-Aware\Defs\core.aawdef.regdiskcache.bin
c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libMsCab.dll
c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libRTF.dll
c:\programdata\Lavasoft\Ad-Aware\Defs\thorax.aaw
c:\programdata\Lavasoft\License\adaware.da2
c:\programdata\Lavasoft\License\guid.dat
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\ProcCache.sbc
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar1.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar10.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar11.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar12.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar13.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar14.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar15.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar16.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar17.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar18.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar19.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar2.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar20.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar21.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar3.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar4.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar5.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar6.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar7.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar8.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar9.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityInternetExplorer.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WinPalevo.zip
.
((((((((((((((((((((((((( Files Created from 2011-01-15 to 2011-02-15 )))))))))))))))))))))))))))))))
.
2011-02-15 19:18 . 2011-02-15 19:19 -------- d-----w- c:\users\VERONIKA\AppData\Local\temp
2011-02-15 19:18 . 2011-02-15 19:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-15 18:47 . 2011-02-15 18:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-02-15 14:31 . 2011-02-15 14:31 -------- d-----w- c:\users\VERONIKA\AppData\Roaming\Malwarebytes
2011-02-15 14:31 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-15 14:30 . 2011-02-15 14:30 -------- d-----w- c:\programdata\Malwarebytes
2011-02-15 14:30 . 2011-02-15 14:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-15 14:30 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-15 11:28 . 2011-02-15 11:28 -------- dc----w- c:\windows\system32\DRVSTORE
2011-02-15 11:28 . 2010-11-22 08:50 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-02-15 11:17 . 2010-12-03 19:39 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-02-15 11:17 . 2010-12-03 19:39 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-02-15 10:34 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F71AEDE9-9C41-494E-83AD-5F447F8C209D}\mpengine.dll
2011-02-15 10:27 . 2011-02-15 10:27 -------- d-----w- c:\users\VERONIKA\AppData\Roaming\Avira
2011-02-14 19:25 . 2011-02-14 19:25 -------- d-----w- c:\users\VERONIKA\AppData\Roaming\GlarySoft
2011-02-14 19:22 . 2011-02-14 19:22 -------- d-----w- c:\program files\Glary Utilities
2011-02-14 17:47 . 2011-02-14 17:47 -------- d-----w- c:\program files\CCleaner
2011-02-13 09:57 . 2011-02-13 09:57 -------- d-----w- c:\windows\system32\MpEngineStore
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-10 13:23 . 2009-06-22 16:18 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-10 13:23 . 2009-06-22 16:18 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-28 14:57 . 2011-01-12 10:44 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 15:49 . 2011-01-12 10:43 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^VERONIKA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-01-02 23:55 521776 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-04-27 22:11 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-08-28 20:43 154136 ----a-w- c:\windows\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 13:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-08-28 20:43 141848 ----a-w- c:\windows\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-10-11 10:06 62760 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-01-07 23:51 858632 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
2011-02-13 09:56 37443528 ----a-w- c:\windows\System32\mrt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-08-28 20:43 137752 ----a-w- c:\windows\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2007-10-23 08:56 200704 ----a-w- c:\windows\PLFSetI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-01-22 12:23 81920 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 02:15 1826816 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-28 05:13 144792 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-07 19:35 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-01-29 07:03 303104 ----a-w- c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-05-18 28464]
R3 GoogleDesktopManager-080708-050100;Správca pre program Google Desktop 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-04-27 24064]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-11-22 64288]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
2011-02-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-02-14 13:13]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:50081
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stiahnuť &všetky odkazy pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Stiahnuť odkaz &pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stiahnuť všetky v&ideá pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
FF - ProfilePath - c:\users\VERONIKA\AppData\Roaming\Mozilla\Firefox\Profiles\kdyxh7lw.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50081
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-15 20:19
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(1316)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-02-15 20:23:26 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-15 19:23
ComboFix2.txt 2011-02-15 18:21
ComboFix3.txt 2011-02-15 16:30
Pre-Run: 92 640 735 232 bytes free
Post-Run: 92 586 557 440 bytes free
- - End Of File - - 7A7846CE68EA308EB3D7EED5FCAB0FBD
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.421.1051.18.3062.1849 [GMT 1:00]
Running from: c:\users\VERONIKA\Desktop\ComboFix.exe
Command switches used :: c:\users\VERONIKA\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Lavasoft
c:\programdata\Lavasoft\Ad-Aware\Defs\core.aawdef.fingerprintdiskcache.bin
c:\programdata\Lavasoft\Ad-Aware\Defs\core.aawdef.hashdiskcache.bin
c:\programdata\Lavasoft\Ad-Aware\Defs\core.aawdef.regdiskcache.bin
c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libMsCab.dll
c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libRTF.dll
c:\programdata\Lavasoft\Ad-Aware\Defs\thorax.aaw
c:\programdata\Lavasoft\License\adaware.da2
c:\programdata\Lavasoft\License\guid.dat
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\ProcCache.sbc
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar1.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar10.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar11.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar12.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar13.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar14.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar15.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar16.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar17.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar18.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar19.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar2.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar20.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar21.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar3.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar4.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar5.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar6.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar7.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar8.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FastBrowserSearchToolbar9.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FunWebProducts.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityInternetExplorer.zip
c:\programdata\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WinPalevo.zip
.
((((((((((((((((((((((((( Files Created from 2011-01-15 to 2011-02-15 )))))))))))))))))))))))))))))))
.
2011-02-15 19:18 . 2011-02-15 19:19 -------- d-----w- c:\users\VERONIKA\AppData\Local\temp
2011-02-15 19:18 . 2011-02-15 19:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-15 18:47 . 2011-02-15 18:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-02-15 14:31 . 2011-02-15 14:31 -------- d-----w- c:\users\VERONIKA\AppData\Roaming\Malwarebytes
2011-02-15 14:31 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-15 14:30 . 2011-02-15 14:30 -------- d-----w- c:\programdata\Malwarebytes
2011-02-15 14:30 . 2011-02-15 14:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-15 14:30 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-15 11:28 . 2011-02-15 11:28 -------- dc----w- c:\windows\system32\DRVSTORE
2011-02-15 11:28 . 2010-11-22 08:50 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-02-15 11:17 . 2010-12-03 19:39 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-02-15 11:17 . 2010-12-03 19:39 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-02-15 10:34 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F71AEDE9-9C41-494E-83AD-5F447F8C209D}\mpengine.dll
2011-02-15 10:27 . 2011-02-15 10:27 -------- d-----w- c:\users\VERONIKA\AppData\Roaming\Avira
2011-02-14 19:25 . 2011-02-14 19:25 -------- d-----w- c:\users\VERONIKA\AppData\Roaming\GlarySoft
2011-02-14 19:22 . 2011-02-14 19:22 -------- d-----w- c:\program files\Glary Utilities
2011-02-14 17:47 . 2011-02-14 17:47 -------- d-----w- c:\program files\CCleaner
2011-02-13 09:57 . 2011-02-13 09:57 -------- d-----w- c:\windows\system32\MpEngineStore
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-10 13:23 . 2009-06-22 16:18 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-10 13:23 . 2009-06-22 16:18 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-28 14:57 . 2011-01-12 10:44 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 15:49 . 2011-01-12 10:43 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^VERONIKA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-01-02 23:55 521776 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-04-27 22:11 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-08-28 20:43 154136 ----a-w- c:\windows\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 13:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-08-28 20:43 141848 ----a-w- c:\windows\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-10-11 10:06 62760 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-01-07 23:51 858632 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
2011-02-13 09:56 37443528 ----a-w- c:\windows\System32\mrt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-08-28 20:43 137752 ----a-w- c:\windows\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2007-10-23 08:56 200704 ----a-w- c:\windows\PLFSetI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-01-22 12:23 81920 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 02:15 1826816 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-28 05:13 144792 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-07 19:35 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-01-29 07:03 303104 ----a-w- c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-05-18 28464]
R3 GoogleDesktopManager-080708-050100;Správca pre program Google Desktop 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-04-27 24064]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-11-22 64288]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
2011-02-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-02-14 13:13]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:50081
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stiahnuť &všetky odkazy pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Stiahnuť odkaz &pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stiahnuť všetky v&ideá pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
FF - ProfilePath - c:\users\VERONIKA\AppData\Roaming\Mozilla\Firefox\Profiles\kdyxh7lw.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50081
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-15 20:19
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(1316)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-02-15 20:23:26 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-15 19:23
ComboFix2.txt 2011-02-15 18:21
ComboFix3.txt 2011-02-15 16:30
Pre-Run: 92 640 735 232 bytes free
Post-Run: 92 586 557 440 bytes free
- - End Of File - - 7A7846CE68EA308EB3D7EED5FCAB0FBD
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Kontrola - RtkBtMnt.exe
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
Driver::
Lbd
File::
c:\windows\system32\DRIVERS\Lbd.sys
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Kontrola - RtkBtMnt.exe
ComboFix 11-02-14.02 - VERONIKA . 02. 2011 20:39:19.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.421.1051.18.3062.1802 [GMT 1:00]
Running from: c:\users\VERONIKA\Desktop\ComboFix.exe
Command switches used :: c:\users\VERONIKA\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FILE ::
"c:\windows\system32\DRIVERS\Lbd.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\DRIVERS\Lbd.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_LBD
-------\Service_Lbd
((((((((((((((((((((((((( Files Created from 2011-01-15 to 2011-02-15 )))))))))))))))))))))))))))))))
.
2011-02-15 19:43 . 2011-02-15 19:45 -------- d-----w- c:\users\VERONIKA\AppData\Local\temp
2011-02-15 19:43 . 2011-02-15 19:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-15 18:47 . 2011-02-15 18:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-02-15 14:31 . 2011-02-15 14:31 -------- d-----w- c:\users\VERONIKA\AppData\Roaming\Malwarebytes
2011-02-15 14:31 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-15 14:30 . 2011-02-15 14:30 -------- d-----w- c:\programdata\Malwarebytes
2011-02-15 14:30 . 2011-02-15 14:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-15 14:30 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-15 11:28 . 2011-02-15 11:28 -------- dc----w- c:\windows\system32\DRVSTORE
2011-02-15 11:17 . 2010-12-03 19:39 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-02-15 11:17 . 2010-12-03 19:39 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-02-15 10:34 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F71AEDE9-9C41-494E-83AD-5F447F8C209D}\mpengine.dll
2011-02-15 10:27 . 2011-02-15 10:27 -------- d-----w- c:\users\VERONIKA\AppData\Roaming\Avira
2011-02-14 19:25 . 2011-02-14 19:25 -------- d-----w- c:\users\VERONIKA\AppData\Roaming\GlarySoft
2011-02-14 19:22 . 2011-02-14 19:22 -------- d-----w- c:\program files\Glary Utilities
2011-02-14 17:47 . 2011-02-14 17:47 -------- d-----w- c:\program files\CCleaner
2011-02-13 09:57 . 2011-02-13 09:57 -------- d-----w- c:\windows\system32\MpEngineStore
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-10 13:23 . 2009-06-22 16:18 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-10 13:23 . 2009-06-22 16:18 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-28 14:57 . 2011-01-12 10:44 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 15:49 . 2011-01-12 10:43 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^VERONIKA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-01-02 23:55 521776 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-04-27 22:11 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-08-28 20:43 154136 ----a-w- c:\windows\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 13:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-08-28 20:43 141848 ----a-w- c:\windows\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-10-11 10:06 62760 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-01-07 23:51 858632 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
2011-02-13 09:56 37443528 ----a-w- c:\windows\System32\mrt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-08-28 20:43 137752 ----a-w- c:\windows\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2007-10-23 08:56 200704 ----a-w- c:\windows\PLFSetI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-01-22 12:23 81920 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 02:15 1826816 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-28 05:13 144792 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-07 19:35 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-01-29 07:03 303104 ----a-w- c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-05-18 28464]
R3 GoogleDesktopManager-080708-050100;Správca pre program Google Desktop 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-04-27 24064]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
2011-02-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-02-14 13:13]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:50081
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stiahnuť &všetky odkazy pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Stiahnuť odkaz &pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stiahnuť všetky v&ideá pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
FF - ProfilePath - c:\users\VERONIKA\AppData\Roaming\Mozilla\Firefox\Profiles\kdyxh7lw.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50081
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
.
- - - - ORPHANS REMOVED - - - -
BHO-{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - c:\program files\RegTweaker\key.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-15 20:45
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3512)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\system32\WUDFHost.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-02-15 20:49:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-15 19:49
ComboFix2.txt 2011-02-15 19:23
ComboFix3.txt 2011-02-15 18:21
ComboFix4.txt 2011-02-15 16:30
Pre-Run: 92 638 167 040 bytes free
Post-Run: 92 583 284 736 bytes free
- - End Of File - - E7DD38ECF30974494C2849EDE0FD23ED
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.421.1051.18.3062.1802 [GMT 1:00]
Running from: c:\users\VERONIKA\Desktop\ComboFix.exe
Command switches used :: c:\users\VERONIKA\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FILE ::
"c:\windows\system32\DRIVERS\Lbd.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\DRIVERS\Lbd.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_LBD
-------\Service_Lbd
((((((((((((((((((((((((( Files Created from 2011-01-15 to 2011-02-15 )))))))))))))))))))))))))))))))
.
2011-02-15 19:43 . 2011-02-15 19:45 -------- d-----w- c:\users\VERONIKA\AppData\Local\temp
2011-02-15 19:43 . 2011-02-15 19:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-15 18:47 . 2011-02-15 18:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-02-15 14:31 . 2011-02-15 14:31 -------- d-----w- c:\users\VERONIKA\AppData\Roaming\Malwarebytes
2011-02-15 14:31 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-15 14:30 . 2011-02-15 14:30 -------- d-----w- c:\programdata\Malwarebytes
2011-02-15 14:30 . 2011-02-15 14:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-15 14:30 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-15 11:28 . 2011-02-15 11:28 -------- dc----w- c:\windows\system32\DRVSTORE
2011-02-15 11:17 . 2010-12-03 19:39 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-02-15 11:17 . 2010-12-03 19:39 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-02-15 10:34 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F71AEDE9-9C41-494E-83AD-5F447F8C209D}\mpengine.dll
2011-02-15 10:27 . 2011-02-15 10:27 -------- d-----w- c:\users\VERONIKA\AppData\Roaming\Avira
2011-02-14 19:25 . 2011-02-14 19:25 -------- d-----w- c:\users\VERONIKA\AppData\Roaming\GlarySoft
2011-02-14 19:22 . 2011-02-14 19:22 -------- d-----w- c:\program files\Glary Utilities
2011-02-14 17:47 . 2011-02-14 17:47 -------- d-----w- c:\program files\CCleaner
2011-02-13 09:57 . 2011-02-13 09:57 -------- d-----w- c:\windows\system32\MpEngineStore
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-10 13:23 . 2009-06-22 16:18 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-10 13:23 . 2009-06-22 16:18 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-28 14:57 . 2011-01-12 10:44 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 15:49 . 2011-01-12 10:43 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^VERONIKA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-01-02 23:55 521776 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-04-27 22:11 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-08-28 20:43 154136 ----a-w- c:\windows\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 13:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-08-28 20:43 141848 ----a-w- c:\windows\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-10-11 10:06 62760 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-01-07 23:51 858632 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
2011-02-13 09:56 37443528 ----a-w- c:\windows\System32\mrt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-08-28 20:43 137752 ----a-w- c:\windows\System32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2007-10-23 08:56 200704 ----a-w- c:\windows\PLFSetI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-01-22 12:23 81920 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 02:15 1826816 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-28 05:13 144792 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-07 19:35 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-01-29 07:03 303104 ----a-w- c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-05-18 28464]
R3 GoogleDesktopManager-080708-050100;Správca pre program Google Desktop 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-04-27 24064]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
2011-02-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-02-14 13:13]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:50081
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stiahnuť &všetky odkazy pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Stiahnuť odkaz &pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stiahnuť všetky v&ideá pomocou BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
FF - ProfilePath - c:\users\VERONIKA\AppData\Roaming\Mozilla\Firefox\Profiles\kdyxh7lw.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50081
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
.
- - - - ORPHANS REMOVED - - - -
BHO-{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - c:\program files\RegTweaker\key.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-15 20:45
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3512)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\system32\WUDFHost.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-02-15 20:49:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-15 19:49
ComboFix2.txt 2011-02-15 19:23
ComboFix3.txt 2011-02-15 18:21
ComboFix4.txt 2011-02-15 16:30
Pre-Run: 92 638 167 040 bytes free
Post-Run: 92 583 284 736 bytes free
- - End Of File - - E7DD38ECF30974494C2849EDE0FD23ED
Re: Kontrola - RtkBtMnt.exe
je to lepsi
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 105 hostů