• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.

xmas70

Full Member
  • Content count

    8
  • Joined

  • Last visited

About xmas70

  • Rank
    Member
  • Birthday
  1. Hi! I have run Combofix. Here is the log. Thanks. Hi ComboFix 13-01-23.01 - ATTILA 013.01.24. 0:31.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.36.1033.18.895.393 [GMT 1:00] Running from: c:\documents and settings\ATTILA\Desktop\ComboFix.exe AV: AVG Internet Security Business Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Emsisoft Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255} FW: *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66} FW: AVG Internet Security Business Edition 2012 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\ATTILA\Local Settings\Application Data\81.tmp c:\documents and settings\ATTILA\Local Settings\Application Data\82.tmp c:\documents and settings\ATTILA\Local Settings\Application Data\83.tmp c:\documents and settings\ATTILA\Local Settings\Temporary Internet Files\50.tmp c:\documents and settings\ATTILA\Local Settings\Temporary Internet Files\51.tmp c:\documents and settings\ATTILA\Local Settings\Temporary Internet Files\52.tmp c:\documents and settings\ATTILA\Local Settings\Temporary Internet Files\7E.tmp c:\documents and settings\ATTILA\Local Settings\Temporary Internet Files\7F.tmp c:\documents and settings\ATTILA\Local Settings\Temporary Internet Files\80.tmp c:\documents and settings\ATTILA\ntuser.tmp . . ((((((((((((((((((((((((( Files Created from 2012-12-23 to 2013-01-23 ))))))))))))))))))))))))))))))) . . 2013-01-23 00:09 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll 2013-01-23 00:09 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll 2013-01-23 00:09 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2013-01-23 00:07 . 2013-01-23 00:07 -------- d-----w- c:\windows\Logs 2013-01-22 22:18 . 2013-01-22 23:33 -------- d-----w- c:\program files\ChessBase11 2013-01-22 22:18 . 2013-01-22 22:18 -------- dc----w- c:\documents and settings\All Users\Application Data\ChessBase 2013-01-22 21:52 . 2013-01-22 21:52 -------- d-----w- c:\documents and settings\ATTILA\Local Settings\Application Data\PackageAware 2013-01-21 22:58 . 2013-01-21 23:04 -------- dc----w- C:\mai_files 2013-01-21 22:37 . 2013-01-21 22:37 -------- d-----w- c:\documents and settings\ATTILA\Local Settings\Application Data\Conduit 2013-01-16 22:58 . 2013-01-21 06:30 -------- dc----w- C:\be2 2013-01-16 05:25 . 2013-01-12 02:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-14 05:24 . 2013-01-14 05:26 -------- d-----w- c:\program files\totalcmd 2013-01-14 05:22 . 2013-01-14 05:22 5896408 -c--a-w- C:\tcm801x32_64.exe 2013-01-07 21:37 . 2013-01-07 21:37 -------- dc----w- C:\toolbarImages 2013-01-06 13:20 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-06 13:20 . 2013-01-06 13:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-03 22:38 . 2013-01-23 23:24 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2013-01-02 20:32 . 2013-01-02 20:32 388096 ----a-r- c:\documents and settings\ATTILA\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-01-02 20:32 . 2013-01-02 20:32 -------- d-----w- c:\program files\Trend Micro 2013-01-02 17:55 . 2013-01-20 08:43 -------- dc----w- C:\UZES 2013-01-01 01:33 . 2013-01-01 01:33 -------- d-----w- c:\documents and settings\ATTILA\Local Settings\Application Data\CRE 2012-12-31 23:59 . 2013-01-01 00:06 -------- d-----w- c:\documents and settings\ATTILA\Local Settings\Application Data\Torch 2012-12-31 23:47 . 2012-12-31 23:47 -------- dc----w- c:\documents and settings\All Users\Application Data\WoW Worldwide Software LTD 2012-12-31 23:47 . 2013-01-01 09:58 -------- d-----w- c:\program files\Optimizer Pro 2012-12-31 17:33 . 2012-12-31 18:00 -------- dc----w- C:\DUPLUM_TOROLNI 2012-12-27 13:26 . 2012-06-03 08:45 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2012-12-27 13:26 . 2012-12-27 13:26 -------- d-----w- c:\program files\CDBurnerXP 2012-12-27 10:41 . 2012-12-27 12:51 -------- d-----w- c:\documents and settings\ATTILA\Application Data\DeepBurner 2012-12-27 10:40 . 2012-12-28 10:07 -------- d-----w- c:\program files\Astonsoft . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-21 06:31 . 2013-01-21 06:30 6016969 -c--a-w- C:\be2.zip 2013-01-19 20:16 . 2013-01-19 20:15 5997786 -c--a-w- C:\cumul.zip 2013-01-16 23:38 . 2013-01-16 23:38 5804635 -c--a-w- C:\be.zip 2013-01-09 20:57 . 2012-05-13 08:41 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-09 20:57 . 2011-05-25 06:25 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-04 06:39 . 2013-01-04 06:37 46678599 -c--a-w- C:\kviz.zip 2012-12-16 12:23 . 2004-08-04 08:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-28 09:35 . 2012-06-21 15:31 859072 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-11-28 09:35 . 2010-06-14 02:33 779704 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-13 01:25 . 2004-08-04 08:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-09 05:46 . 2012-11-09 05:46 60496 ----a-w- c:\windows\system32\drivers\Teefer.sys.rmv 2012-11-09 05:46 . 2012-11-09 05:46 21075 ----a-w- c:\windows\system32\drivers\wpsdrvnt.sys.rmv 2012-11-08 16:33 . 2012-08-30 18:27 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\system32\msxml4.dll 2012-11-06 02:01 . 2008-10-11 12:33 1371648 ------w- c:\windows\system32\msxml6.dll 2012-11-02 02:02 . 2004-08-04 08:00 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec 2013-01-19 08:30 . 2013-01-19 08:27 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MountOverlayIcon] @="{0F49CF41-FD97-4942-9F2A-35E8B489E7FB}" [HKEY_CLASSES_ROOT\CLSID\{0F49CF41-FD97-4942-9F2A-35E8B489E7FB}] 2010-10-20 12:22 257024 ----a-w- c:\program files\WinMount\WinMTExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-28 68856] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-01-01 969104] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-03-28 454656] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072] "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-04-21 40960] "Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392] "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-12-21 295072] "emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2012-10-17 3364264] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-06 2777296] "SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-09-06 3673808] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] 2006-05-10 18:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] 2005-06-08 13:44 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] 2006-03-10 00:38 806912 ----a-w- c:\windows\CREATOR\Remind_XP.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler] 2006-02-15 15:43 892928 ----a-w- c:\windows\SMINST\Scheduler.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\ATTILA\\Desktop\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\ATTILA\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"= "c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgwdsvc.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= "c:\\Program Files\\CheckPoint\\SSL Network Extender\\slimsvc.exe"= "c:\\Documents and Settings\\ATTILA\\Local Settings\\Application Data\\Torch\\Plugins\\Torrent\\TorchTorrent.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012.04.19. 3:50 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011.09.13. 5:30 31952] R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2013.01.03. 23:38 17904] R1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2013.01.03. 23:38 37856] R1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2013.01.03. 23:38 11776] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011.10.07. 5:23 237408] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011.07.11. 0:14 301920] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012.08.30. 19:27 26984] R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [2009.08.29. 21:44 27704] R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [2012.06.14. 21:29 32768] R1 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2011.01.09. 20:56 65856] R2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2013.01.03. 23:38 3084688] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012.02.14. 3:53 193288] R2 cpextender;Check Point SSL Network Extender;c:\program files\CheckPoint\SSL Network Extender\slimsvc.exe [2011.10.18. 17:24 355496] R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2012.03.23. 13:25 87040] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2012.11.29. 20:31 38608] R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [2012.06.14. 21:28 587472] R3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [2013.01.03. 23:38 54072] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2012.01.12. 18:52 30944] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011.12.23. 12:32 139856] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011.12.23. 12:32 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011.12.23. 12:32 17232] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005.10.21. 12:19 36352] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013.01.06. 14:20 21104] R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2011.04.12. 15:49 129304] S1 1653946drv;1653946drv;c:\windows\system32\DRIVERS\1653946drv.sys --> c:\windows\system32\DRIVERS\1653946drv.sys [?] S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\attila\focivb\VCdRom.sys --> c:\attila\focivb\VCdRom.sys [?] S2 avgfws;AVG tűzfal;c:\program files\AVG\AVG2012\avgfws.exe [2012.06.13. 2:48 2321560] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012.08.13. 2:24 5167736] S2 gupdate1c9b988b8f0cf10;Google frissítési szolgáltatás (gupdate1c9b988b8f0cf10);c:\program files\Google\Update\GoogleUpdate.exe [2009.04.10. 3:59 133104] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013.01.06. 14:20 398184] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013.01.06. 14:20 682344] S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012.12.13. 14:26 3290896] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012.07.13. 12:28 160944] S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [?] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2012.01.12. 18:52 30944] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012.08.27. 19:38 24576] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010.06.22. 17:01 21248] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [2012.09.05. 16:56 234776] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-11 02:54 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe . Contents of the 'Scheduled Tasks' folder . 2013-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 20:58] . 2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 02:59] . 2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 02:59] . 2013-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1996915223-2441354797-1584383712-1006Core.job - c:\documents and settings\ATTILA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-18 22:30] . 2013-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1996915223-2441354797-1584383712-1006UA.job - c:\documents and settings\ATTILA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-18 22:30] . 2013-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1996915223-2441354797-1584383712-1008Core.job - c:\documents and settings\MATE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-10-02 19:46] . 2013-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1996915223-2441354797-1584383712-1008UA.job - c:\documents and settings\MATE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-10-02 19:46] . 2013-01-23 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1996915223-2441354797-1584383712-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30] . 2013-01-23 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1996915223-2441354797-1584383712-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30] . 2013-01-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1996915223-2441354797-1584383712-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30] . 2013-01-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1996915223-2441354797-1584383712-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30] . 2013-01-23 c:\windows\Tasks\User_Feed_Synchronization-{BFA2D8C0-004E-411F-B5F6-CA001AA56198}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.hu/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 213.46.246.53 213.46.246.54 DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://aoc-bp.aegon.hu/SNX/CSHELL/extender.cab FF - ProfilePath - c:\documents and settings\ATTILA\Application Data\Mozilla\Firefox\Profiles\0a2atyl6.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 4 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-24 00:46 Windows 5.1.2600 Service Pack 3 NTFS . detected NTDLL code modification: ZwOpenFile . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????,?@? ???Pf??????R?@?????,?@ . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1996915223-2441354797-1584383712-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D8B97928-A2ED-B18D-FC74-44A2B5303110}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG10.00.00.01WORKSTATION"="4E6C6DF71329200000208F0DCE3EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14075D575E7D6A3B9808A6171C11EC38DE3DF684DAC54526AE79097D08821BF57C5161764F6FF732107C580706BD2A58B751B97E274B41B4192C012AF98FD196AB84A971DED54BC5C2D08AAC1CC0E1D6272F47E342247F3FC5EDCD511D335049E4D6E334396F5649F05148F5F1790EB0D8525E9C1BA3A8E7749F6D1429E1527A815B70407D7703142F69725F34886D4B371C80C0856FED410836A3C93B67178D7DBC72C8337DC3F532972E1A6FE2C003517D741EB88180D488B877FBD461E2557A38523443E58DB0D3EDE50B96534F255B7D4437CF27179DA2C3B4E957C4FD1B3D1EBD9F7A68587B121244CA7F73E0762A3A3EC04B81EC0B250969858D57B29DAF5522598A90A0FC8E3FBCA4E536C42E3961F3250D88C002054A69F524B2D10C5CD43666873F68D78FC3031A675ECBF529B53B7FDD83D3DAD9E1CC952947AD0DF62BF0FC6D26321A7E8190DE06874BECB90F2FA3E711EEE0DE3BEC7293579FB651F90E88194F87CBEAEEA25D291C1E2655D82E17BBA25B55F456E8CFB978821967768EA84A1576668416BA2F9A5D202A041259124B00E66920C8A624D99735355369B6B127270DD7A1159D278961B4F0764D97036F40E6480739491993F19C7DD7300EAAB809E2033E1E54C9078F406DFE34938A63D2AF8D77E4BF8DEA9A9FDCD9BB60CF6D948D3D75782DCE89A42D7F937F3A0046791DC6DE1C3615C7F82A30E0133F0F1773ACCF0BFDB7226DB1E900D07F3D6B1BC90D7AD34322F5F747ABC81BCCFD0DE827DEFA649B4A656E1CE5397497148A492D62218B51B929AB1418EA59983422FE02C86E8AD5FCECB19C986A623E794E1DE004A3E3D3F6DE7643E64F10B6BED7D32B14D02D412E41BABFFAC6A080E95EC4775C64DCEB9B78510A93A358FB3DEE4B216DBD9C097D1E76E58A74D97BA812D4D6D93719CA280D99741F89EED115DA2AB08440CF6BD17532C3498EDDE3BA78C339EF64E0BB65678D600B15B5366D4318800FDDDF3A53E91F62BCA51F016B51ECAB15A6A09A5E065201605030BA32832506C4890B5B6FD6569E6FBB35AC4993910F432FE7D5E19BF1DD2A36070394AA410EE22FB24A57C550A96DC7D9D82569D29BF8216AF2038C5650F83A894A87FC4237AA2CDD94FEF8EB084834EC0615AEB9D83B95008A98765108DEC0A55CC3F0E077DF52B55CA1E4EB121761EFCC757530250E9725493EA697877521719A46343B154A6808D8BAB17674F3220B58E0030732FB287A6ED39E4125562A277BCDA3D2ABB7A7C7D38C3B95B17ABB89683D51EF07953AC14DFA96490D241DA2875ED40C2C79BF89AA1B14B71BCD6BD9502E0E" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1844) c:\windows\system32\Ati2evxx.dll . Completion time: 2013-01-24 00:50:24 ComboFix-quarantined-files.txt 2013-01-23 23:50 ComboFix2.txt 2013-01-13 21:44 ComboFix3.txt 2013-01-02 21:47 . Pre-Run: 2 237 415 424 bytes free Post-Run: 2 347 081 728 bytes free . - - End Of File - - 4EDBE5E1476B8FC78352AC2B5575907B
  2. All the extensions in the firefox are disabled. I did not find the above mentioned .js on my disks. But I am a bit emberassed how to descripe the now situation. Sometimes all of my browsers says again for every URL: 'took too long to respond' or '..has timed out' . Now when I wanted to reply this post I had this message again But ipconfig /flushdns ipconfig /renew worked again. Then ususally I have no problem for a while, then again the Firefox returns with this '..has timed out' but usually the other browsers can reach all the sites. And sometimes in some hours all of them returns with this '..has timed out' for all sites. I really don't know what to do. Have you got any idea? Thanks in advance.
  3. Hi! I tested a lot but it is very difficult to say when the problem appears. Now as I mentioned in my previous post it looks like the following: In most cases only the Firefox says abruptly to a site '..has timed out' but after that firefox returns with this message in the case of all pages. I have just tested after some hours normal working Firefox said '..has timed out'. 1. After deleting cookies (restarting firefox) the situation is the same: '..has timed out' for every site. 2. Simultaneously other browsers were able to reach these sites for some minutes but when I tested with the site index.hu the IEXplorer said for some minutes "Oops! Internet Explorer could not connect to index.hu GOOGLE Try reloading: index.hu" But at the same time my wife's computer (on the same internet provider,modem and router) reached this site. 3. After some minutes my IE reached index.hu again. IE reached www.sztaki.hu as well. Firefox returns for everything like this (I restarted it again): The connection has timed out The server at www.sztaki.hu is taking too long to respond. 4. I tried ipconfig /flushdns ipconfig /renew restarted the Firefox Appeared the message Script: resource:///components/nsUrlClassifierLib.js:1208 and nothing changed: The connection has timed out The server at ... is taking too long to respond. for every site. Do you have any idea what to test or what to do? Thanks in advance!
  4. Hi! I run ComboFix without any problems. My experience is that after this run my browsers working but sometimes the Firefox returns with "...has timed out" even in that case when the site is available for other browsers (IE, IOpera). Thank you for the advice and here is the log: ComboFix 13-01-13.01 - ATTILA 013.01.13. 22:26:45.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.36.1033.18.895.427 [GMT 1:00] Running from: c:\documents and settings\ATTILA\Desktop\ComboFix.exe AV: AVG Internet Security Business Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255} FW: *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66} FW: AVG Internet Security Business Edition 2012 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\ATTILA\Local Settings\Temporary Internet Files\1C3.tmp c:\documents and settings\ATTILA\Local Settings\Temporary Internet Files\1C4.tmp c:\documents and settings\ATTILA\Local Settings\Temporary Internet Files\1C5.tmp C:\programfiles c:\programfiles\totalcmd\CABRK.DLL c:\programfiles\totalcmd\CGLPT64.SYS c:\programfiles\totalcmd\CGLPT9X.VXD c:\programfiles\totalcmd\CGLPTNT.SYS c:\programfiles\totalcmd\DEFAULT.BAR c:\programfiles\totalcmd\default.br2 c:\programfiles\totalcmd\descript.ion c:\programfiles\totalcmd\FRERES32.DLL c:\programfiles\totalcmd\HISTORY.TXT c:\programfiles\totalcmd\KEYBOARD.TXT c:\programfiles\totalcmd\LANGUAGE\WCMD_CHN.INC c:\programfiles\totalcmd\LANGUAGE\WCMD_CHN.LNG c:\programfiles\totalcmd\LANGUAGE\WCMD_CHN.MNU c:\programfiles\totalcmd\LANGUAGE\WCMD_CZ.INC c:\programfiles\totalcmd\LANGUAGE\WCMD_CZ.LNG c:\programfiles\totalcmd\LANGUAGE\WCMD_CZ.MNU c:\programfiles\totalcmd\LANGUAGE\WCMD_DAN.INC c:\programfiles\totalcmd\LANGUAGE\WCMD_DAN.LNG c:\programfiles\totalcmd\LANGUAGE\WCMD_DAN.MNU c:\programfiles\totalcmd\LANGUAGE\WCMD_DEU.INC c:\programfiles\totalcmd\LANGUAGE\WCMD_DEU.LNG c:\programfiles\totalcmd\LANGUAGE\WCMD_DEU.MNU c:\programfiles\totalcmd\LANGUAGE\WCMD_DUT.INC c:\programfiles\totalcmd\LANGUAGE\WCMD_DUT.LNG c:\programfiles\totalcmd\LANGUAGE\WCMD_DUT.MNU c:\programfiles\totalcmd\LANGUAGE\WCMD_ENG.MNU c:\programfiles\totalcmd\LANGUAGE\WCMD_ESP.INC c:\programfiles\totalcmd\LANGUAGE\WCMD_ESP.LNG c:\programfiles\totalcmd\LANGUAGE\WCMD_ESP.MNU c:\programfiles\totalcmd\LANGUAGE\WCMD_FRA.INC c:\programfiles\totalcmd\LANGUAGE\WCMD_FRA.LNG c:\programfiles\totalcmd\LANGUAGE\WCMD_FRA.MNU c:\programfiles\totalcmd\LANGUAGE\WCMD_HUN.INC c:\programfiles\totalcmd\LANGUAGE\WCMD_HUN.LNG c:\programfiles\totalcmd\LANGUAGE\WCMD_HUN.MNU c:\programfiles\totalcmd\LANGUAGE\WCMD_ITA.INC c:\programfiles\totalcmd\LANGUAGE\WCMD_ITA.LNG c:\programfiles\totalcmd\LANGUAGE\WCMD_ITA.MNU c:\programfiles\totalcmd\LANGUAGE\WCMD_KOR.INC c:\programfiles\totalcmd\LANGUAGE\WCMD_KOR.LNG c:\programfiles\totalcmd\LANGUAGE\WCMD_KOR.MNU c:\programfiles\totalcmd\LANGUAGE\WCMD_NOR.LNG c:\programfiles\totalcmd\LANGUAGE\WCMD_NOR.MNU c:\programfiles\totalcmd\LANGUAGE\WCMD_POL.LNG c:\programfiles\totalcmd\LANGUAGE\WCMD_POL.MNU c:\programfiles\totalcmd\LANGUAGE\WCMD_ROM.INC c:\programfiles\totalcmd\LANGUAGE\WCMD_ROM.LNG c:\programfiles\totalcmd\LANGUAGE\WCMD_ROM.MNU c:\programfiles\totalcmd\LANGUAGE\WCMD_RUS.INC c:\programfiles\totalcmd\LANGUAGE\WCMD_RUS.LNG c:\programfiles\totalcmd\LANGUAGE\WCMD_RUS.MNU c:\programfiles\totalcmd\LANGUAGE\WCMD_SK.LNG c:\programfiles\totalcmd\LANGUAGE\WCMD_SK.MNU c:\programfiles\totalcmd\LANGUAGE\WCMD_SVN.LNG c:\programfiles\totalcmd\LANGUAGE\WCMD_SVN.MNU c:\programfiles\totalcmd\LANGUAGE\WCMD_SWE.LNG c:\programfiles\totalcmd\LANGUAGE\WCMD_SWE.MNU c:\programfiles\totalcmd\NO.BAR c:\programfiles\totalcmd\NOCLOSE.EXE c:\programfiles\totalcmd\NOCLOSE64.EXE c:\programfiles\totalcmd\REGISTER.RTF c:\programfiles\totalcmd\SFXHEAD.SFX c:\programfiles\totalcmd\SHARE_NT.EXE c:\programfiles\totalcmd\SIZE!.TXT c:\programfiles\totalcmd\TCLZMA64.DLL c:\programfiles\totalcmd\TCMADM64.EXE c:\programfiles\totalcmd\TCMADMIN.EXE c:\programfiles\totalcmd\TCMDLZMA.DLL c:\programfiles\totalcmd\TCMDX32.EXE c:\programfiles\totalcmd\TCMDX64.EXE c:\programfiles\totalcmd\TCUNIN64.EXE c:\programfiles\totalcmd\TCUNIN64.WUL c:\programfiles\totalcmd\TCUNINST.EXE c:\programfiles\totalcmd\TCUNINST.WUL c:\programfiles\totalcmd\TCUNZL64.DLL c:\programfiles\totalcmd\TCUNZLIB.DLL c:\programfiles\totalcmd\TcUsbRun.exe c:\programfiles\totalcmd\TOTALCMD.CHM c:\programfiles\totalcmd\TOTALCMD.EXE c:\programfiles\totalcmd\TOTALCMD.EXE.MANIFEST c:\programfiles\totalcmd\TOTALCMD.INC c:\programfiles\totalcmd\TOTALCMD64.EXE c:\programfiles\totalcmd\TOTALCMD64.EXE.MANIFEST c:\programfiles\totalcmd\UNACEV2.DLL c:\programfiles\totalcmd\UNRAR.DLL c:\programfiles\totalcmd\UNRAR64.DLL c:\programfiles\totalcmd\UNRAR9X.DLL c:\programfiles\totalcmd\WC32TO16.EXE c:\programfiles\totalcmd\WCMICONS.DLL c:\programfiles\totalcmd\WCMICONS.INC c:\programfiles\totalcmd\WCMZIP32.DLL c:\programfiles\totalcmd\WCMZIP64.DLL c:\programfiles\totalcmd\WCUNINST.WUL . . ((((((((((((((((((((((((( Files Created from 2012-12-13 to 2013-01-13 ))))))))))))))))))))))))))))))) . . 2013-01-10 23:22 . 2012-11-28 09:35 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-07 21:37 . 2013-01-07 21:37 -------- dc----w- C:\toolbarImages 2013-01-06 13:20 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-06 13:20 . 2013-01-06 13:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-03 22:38 . 2013-01-13 21:18 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2013-01-02 20:32 . 2013-01-02 20:32 388096 ----a-r- c:\documents and settings\ATTILA\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-01-02 20:32 . 2013-01-02 20:32 -------- d-----w- c:\program files\Trend Micro 2013-01-02 17:55 . 2013-01-11 19:19 -------- dc----w- C:\UZES 2013-01-01 01:33 . 2013-01-01 01:33 -------- d-----w- c:\documents and settings\ATTILA\Local Settings\Application Data\CRE 2012-12-31 23:59 . 2013-01-01 00:06 -------- d-----w- c:\documents and settings\ATTILA\Local Settings\Application Data\Torch 2012-12-31 23:47 . 2012-12-31 23:47 -------- dc----w- c:\documents and settings\All Users\Application Data\WoW Worldwide Software LTD 2012-12-31 23:47 . 2013-01-01 09:58 -------- d-----w- c:\program files\Optimizer Pro 2012-12-31 17:33 . 2012-12-31 18:00 -------- dc----w- C:\DUPLUM_TOROLNI 2012-12-27 13:26 . 2012-06-03 08:45 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2012-12-27 13:26 . 2012-12-27 13:26 -------- d-----w- c:\program files\CDBurnerXP 2012-12-27 10:41 . 2012-12-27 12:51 -------- d-----w- c:\documents and settings\ATTILA\Application Data\DeepBurner 2012-12-27 10:40 . 2012-12-28 10:07 -------- d-----w- c:\program files\Astonsoft 2012-12-24 12:03 . 2012-12-24 12:51 -------- dc----w- C:\csabatemp 2012-12-24 11:48 . 2012-12-24 11:48 -------- d-----w- c:\documents and settings\ATTILA\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 2012-12-24 10:54 . 2012-12-24 10:54 -------- dc----w- C:\Temp 2012-12-24 10:54 . 2007-11-27 02:24 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll 2012-12-21 18:02 . 2012-12-21 18:02 -------- d-----w- c:\documents and settings\ATTILA\Application Data\RealNetworks 2012-12-21 17:46 . 2012-12-21 17:47 -------- d-----w- c:\program files\RealNetworks 2012-12-21 17:46 . 2012-12-21 17:46 -------- dc----w- c:\documents and settings\All Users\Application Data\RealNetworks 2012-12-21 17:44 . 2012-12-21 17:44 -------- d-----w- c:\program files\Common Files\xing shared 2012-12-21 17:43 . 2012-12-21 17:43 153296 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll 2012-12-21 17:42 . 2012-12-21 17:42 124056 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-09 20:57 . 2012-05-13 08:41 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-09 20:57 . 2011-05-25 06:25 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-04 06:39 . 2013-01-04 06:37 46678599 -c--a-w- C:\kviz.zip 2012-12-16 12:23 . 2004-08-04 08:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-13 01:25 . 2004-08-04 08:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-09 05:46 . 2012-11-09 05:46 60496 ----a-w- c:\windows\system32\drivers\Teefer.sys.rmv 2012-11-09 05:46 . 2012-11-09 05:46 21075 ----a-w- c:\windows\system32\drivers\wpsdrvnt.sys.rmv 2012-11-08 16:33 . 2012-08-30 18:27 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\system32\msxml4.dll 2012-11-06 02:01 . 2008-10-11 12:33 1371648 ------w- c:\windows\system32\msxml6.dll 2012-11-02 02:02 . 2004-08-04 08:00 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec 2012-10-26 19:14 . 2012-06-21 15:31 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-26 19:14 . 2010-06-14 02:33 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-12-05 20:20 . 2012-12-05 20:19 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MountOverlayIcon] @="{0F49CF41-FD97-4942-9F2A-35E8B489E7FB}" [HKEY_CLASSES_ROOT\CLSID\{0F49CF41-FD97-4942-9F2A-35E8B489E7FB}] 2010-10-20 12:22 257024 ----a-w- c:\program files\WinMount\WinMTExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-28 68856] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-01-01 969104] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-03-28 454656] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072] "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-04-21 40960] "Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392] "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-12-21 295072] "emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2012-10-17 3364264] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-06 2777296] "SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-09-06 3673808] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] 2006-05-10 18:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] 2005-06-08 13:44 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] 2006-03-10 00:38 806912 ----a-w- c:\windows\CREATOR\Remind_XP.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler] 2006-02-15 15:43 892928 ----a-w- c:\windows\SMINST\Scheduler.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\ATTILA\\Desktop\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\ATTILA\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"= "c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgwdsvc.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= "c:\\Program Files\\CheckPoint\\SSL Network Extender\\slimsvc.exe"= "c:\\Documents and Settings\\ATTILA\\Local Settings\\Application Data\\Torch\\Plugins\\Torrent\\TorchTorrent.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012.04.19. 3:50 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011.09.13. 5:30 31952] R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2013.01.03. 23:38 17904] R1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2013.01.03. 23:38 37856] R1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2013.01.03. 23:38 11776] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011.10.07. 5:23 237408] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011.07.11. 0:14 301920] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012.08.30. 19:27 26984] R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [2009.08.29. 21:44 27704] R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [2012.06.14. 21:29 32768] R1 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2011.01.09. 20:56 65856] R2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2013.01.03. 23:38 3084688] R2 avgfws;AVG tűzfal;c:\program files\AVG\AVG2012\avgfws.exe [2012.06.13. 2:48 2321560] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012.02.14. 3:53 193288] R2 cpextender;Check Point SSL Network Extender;c:\program files\CheckPoint\SSL Network Extender\slimsvc.exe [2011.10.18. 17:24 355496] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013.01.06. 14:20 398184] R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2012.03.23. 13:25 87040] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2012.11.29. 20:31 38608] R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [2012.06.14. 21:28 587472] R3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [2013.01.03. 23:38 54072] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2012.01.12. 18:52 30944] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011.12.23. 12:32 139856] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011.12.23. 12:32 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011.12.23. 12:32 17232] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005.10.21. 12:19 36352] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013.01.06. 14:20 21104] R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2011.04.12. 15:49 129304] S1 1653946drv;1653946drv;c:\windows\system32\DRIVERS\1653946drv.sys --> c:\windows\system32\DRIVERS\1653946drv.sys [?] S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\attila\focivb\VCdRom.sys --> c:\attila\focivb\VCdRom.sys [?] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012.08.13. 2:24 5167736] S2 gupdate1c9b988b8f0cf10;Google frissítési szolgáltatás (gupdate1c9b988b8f0cf10);c:\program files\Google\Update\GoogleUpdate.exe [2009.04.10. 3:59 133104] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013.01.06. 14:20 682344] S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012.12.13. 14:26 3290896] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012.07.13. 12:28 160944] S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [?] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2012.01.12. 18:52 30944] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012.08.27. 19:38 24576] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010.06.22. 17:01 21248] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [2012.09.05. 16:56 234776] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-11 02:54 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe . Contents of the 'Scheduled Tasks' folder . 2013-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 20:58] . 2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 02:59] . 2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 02:59] . 2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1996915223-2441354797-1584383712-1006Core.job - c:\documents and settings\ATTILA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-18 22:30] . 2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1996915223-2441354797-1584383712-1006UA.job - c:\documents and settings\ATTILA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-18 22:30] . 2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1996915223-2441354797-1584383712-1008Core.job - c:\documents and settings\MATE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-10-02 19:46] . 2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1996915223-2441354797-1584383712-1008UA.job - c:\documents and settings\MATE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-10-02 19:46] . 2013-01-13 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1996915223-2441354797-1584383712-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30] . 2013-01-13 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1996915223-2441354797-1584383712-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30] . 2013-01-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1996915223-2441354797-1584383712-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30] . 2013-01-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1996915223-2441354797-1584383712-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30] . 2013-01-13 c:\windows\Tasks\User_Feed_Synchronization-{BFA2D8C0-004E-411F-B5F6-CA001AA56198}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.hu/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 213.46.246.53 213.46.246.54 DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://aoc-bp.aegon.hu/SNX/CSHELL/extender.cab FF - ProfilePath - c:\documents and settings\ATTILA\Application Data\Mozilla\Firefox\Profiles\0a2atyl6.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 4 . - - - - ORPHANS REMOVED - - - - . HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe HKLM-Run-HF_G_Jul - c:\program files\AVG Secure Search\HF_G_Jul.exe HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe AddRemove-SP_56ec1d15 - c:\program files\MocaFlix\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-13 22:41 Windows 5.1.2600 Service Pack 3 NTFS . detected NTDLL code modification: ZwOpenFile . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????,?@? ???Pf??????R?@?????,?@ . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1996915223-2441354797-1584383712-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D8B97928-A2ED-B18D-FC74-44A2B5303110}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG10.00.00.01WORKSTATION"="4E6C6DF71329200000208F0DCE3EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14075D575E7D6A3B9808A6171C11EC38DE3DF684DAC54526AE79097D08821BF57C5161764F6FF732107C580706BD2A58B751B97E274B41B4192C012AF98FD196AB84A971DED54BC5C2D08AAC1CC0E1D6272F47E342247F3FC5EDCD511D335049E4D6E334396F5649F05148F5F1790EB0D8525E9C1BA3A8E7749F6D1429E1527A815B70407D7703142F69725F34886D4B371C80C0856FED410836A3C93B67178D7DBC72C8337DC3F532972E1A6FE2C003517D741EB88180D488B877FBD461E2557A38523443E58DB0D3EDE50B96534F255B7D4437CF27179DA2C3B4E957C4FD1B3D1EBD9F7A68587B121244CA7F73E0762A3A3EC04B81EC0B250969858D57B29DAF5522598A90A0FC8E3FBCA4E536C42E3961F3250D88C002054A69F524B2D10C5CD43666873F68D78FC3031A675ECBF529B53B7FDD83D3DAD9E1CC952947AD0DF62BF0FC6D26321A7E8190DE06874BECB90F2FA3E711EEE0DE3BEC7293579FB651F90E88194F87CBEAEEA25D291C1E2655D82E17BBA25B55F456E8CFB978821967768EA84A1576668416BA2F9A5D202A041259124B00E66920C8A624D99735355369B6B127270DD7A1159D278961B4F0764D97036F40E6480739491993F19C7DD7300EAAB809E2033E1E54C9078F406DFE34938A63D2AF8D77E4BF8DEA9A9FDCD9BB60CF6D948D3D75782DCE89A42D7F937F3A0046791DC6DE1C3615C7F82A30E0133F0F1773ACCF0BFDB7226DB1E900D07F3D6B1BC90D7AD34322F5F747ABC81BCCFD0DE827DEFA649B4A656E1CE5397497148A492D62218B51B929AB1418EA59983422FE02C86E8AD5FCECB19C986A623E794E1DE004A3E3D3F6DE7643E64F10B6BED7D32B14D02D412E41BABFFAC6A080E95EC4775C64DCEB9B78510A93A358FB3DEE4B216DBD9C097D1E76E58A74D97BA812D4D6D93719CA280D99741F89EED115DA2AB08440CF6BD17532C3498EDDE3BA78C339EF64E0BB65678D600B15B5366D4318800FDDDF3A53E91F62BCA51F016B51ECAB15A6A09A5E065201605030BA32832506C4890B5B6FD6569E6FBB35AC4993910F432FE7D5E19BF1DD2A36070394AA410EE22FB24A57C550A96DC7D9D82569D29BF8216AF2038C5650F83A894A87FC4237AA2CDD94FEF8EB084834EC0615AEB9D83B95008A98765108DEC0A55CC3F0E077DF52B55CA1E4EB121761EFCC757530250E9725493EA697877521719A46343B154A6808D8BAB17674F3220B58E0030732FB287A6ED39E4125562A277BCDA3D2ABB7A7C7D38C3B95B17ABB89683D51EF07953AC14DFA96490D241DA2875ED40C2C79BF89AA1B14B71BCD6BD9502E0E" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1844) c:\windows\system32\Ati2evxx.dll . Completion time: 2013-01-13 22:44:55 ComboFix-quarantined-files.txt 2013-01-13 21:44 ComboFix2.txt 2013-01-02 21:47 . Pre-Run: 7 818 903 552 bytes free Post-Run: 8 478 703 616 bytes free . - - End Of File - - 1CFE6747ADF57EC8C5793EAACB8715D4
  5. I tried everything what you suggested and tested my internet connection. I think it is almost everything OK. I summarize for the readers of this post what have I done. After ipconfig /flushdns ipconfig /renew my Internet Connection returned. (I repeated it once later when after a shut down the internet disapperead but now i think it is ok). I run AdwCleaner. I copy the log file at C:\AdwCleaner[sn].txt (n is a number) at the end of this post. >http://support.mozil...sponsive-script These weren't useful but what have you said about c:\program files\Gophoto.it and that it was an add-on that helped. There are no unresponsive messages. I updated the Java successfull. Smaller problems: 1. it occurs sometime that the firefox returns with the message : '...has timed out' meanwhile other browser can see that page. But after restarting the firefox everything is ok again. 2. When I upload the newer adobe reader and try run it something always deletes the exe file. I turned off the AVG but something deleted the adobe update exe file again. Question: What kind of programs do you suggest against malwares and viruses? Now I have AVG and Malwarebyte but I felt sometimes they were fighting against each other. Thank you very much for your help. Here is the AdwCleaner log: # AdwCleaner v2.105 - Logfile created 01/11/2013 at 20:02:32 # Updated 08/01/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : ATTILA - PC270922491494 # Boot Mode : Normal # Running from : C:\UZES\adwcleaner\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Documents and Settings\ATTILA\Application Data\Mozilla\Firefox\Profiles\0a2atyl6.default\prefs.js [OK] File is clean. File : C:\Documents and Settings\VERA\Application Data\Mozilla\Firefox\Profiles\g22v7ale.default\prefs.js [OK] File is clean. File : C:\Documents and Settings\MATE\Application Data\Mozilla\Firefox\Profiles\hd3xy699.default\prefs.js [OK] File is clean. File : C:\Documents and Settings\GERGO\Application Data\Mozilla\Firefox\Profiles\17idr548.default\prefs.js [OK] File is clean. File : C:\Documents and Settings\ZSU\Application Data\Mozilla\Firefox\Profiles\c9wluz1c.default\prefs.js [OK] File is clean. -\\ Google Chrome v24.0.1312.52 File : C:\Documents and Settings\ATTILA\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences Deleted [l.30] : icon_url = "hxxp://search.conduit.com/fav.ico", Deleted [l.33] : keyword = "search.conduit.com", Deleted [l.36] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3[...] File : C:\Documents and Settings\VERA\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences Deleted [l.1] : icon_url ={"browser":{"check_default_browser":false},"countryid_at_install":18517,"default_search_provider":{"[...] -\\ Opera v11.61.1250.0 File : C:\Documents and Settings\ATTILA\Application Data\Opera\Opera\operaprefs.ini [OK] File is clean. File : C:\Documents and Settings\VERA\Application Data\Opera\Opera\operaprefs.ini [OK] File is clean. File : C:\Documents and Settings\ZSU\Application Data\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [122909 octets] - [03/01/2013 22:04:39] AdwCleaner[s1].txt - [34579 octets] - [03/01/2013 22:05:48] AdwCleaner[s2].txt - [3061 octets] - [10/01/2013 21:09:13] AdwCleaner[s3].txt - [2393 octets] - [11/01/2013 20:02:32] ########## EOF - C:\AdwCleaner[s3].txt - [2453 octets] ##########
  6. Hi! I managed to create the new logs, and I have a new problem in my Firefox. My start page is the google com and if I try whether i can reach the Net the following happens: Nonresponsive scripts windows are coming: e.g. 'A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete. Script: resource://gophoto-at-gophoto-dot-it/api-utils/lib/cuddlefish.js -> resource://gophoto-at-gophoto-dot-it/api-utils/lib/sandbox.js -> resource://gophoto-at-gophoto-dot-it/api-utils/data/content-proxy.js:824 And i have no connection with the net but the MAMB can update itself. How can I update my Java? Or should I wait for till I reach the net via browsers? Thank you in advance. Here are the logs: ---------------------------------- Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.09.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 ATTILA :: PC270922491494 [administrator] Protection: Disabled 2013.01.09. 20:00:28 mbam-log-2013-01-09 (20-00-28).txt Scan type: Full scan (C:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 489440 Time elapsed: 5 hour(s), 15 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ---------------------------- DDS.tXT ----------------- DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2 Run by ATTILA at 7:00:33 on 2013-01-10 . ============== Running Processes ================ . \??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe \??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Program Files\Emsisoft Anti-Malware\a2service.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG2012\avgfws.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files\Spyware Terminator\st_rsser.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe \??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\taskmgr.exe C:\programfiles\totalcmd\TOTALCMD.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\oodtray.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\program files\real\realplayer\update\realsched.exe C:\program files\emsisoft anti-malware\a2guard.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\uTorrent\uTorrent.exe C:\WINDOWS\system32\ctfmon.exe C:\programfiles\totalcmd\TOTALCMD.EXE C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe c:\program files\real\realplayer\RealPlay.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k bthsvcs C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k netsvcs . ============== Pseudo HJT Report =============== . mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe mRun: [QlbCtrl] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe mRun: [Recguard] c:\windows\sminst\Recguard.exe mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe mRun: [OODefragTray] c:\windows\system32\oodtray.exe mRun: [smcService] c:\progra~1\sygate\spf\smc.exe -startgui mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [vProt] "c:\program files\avg secure search\vprot.exe" mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60 mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [spywareTerminatorShield] c:\program files\spyware terminator\SpywareTerminatorShield.exe mRun: [spywareTerminatorUpdater] c:\program files\spyware terminator\SpywareTerminatorUpdate.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://aoc-bp.aegon.hu/SNX/CSHELL/extender.cab DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://map2.index.hu/MGViewer/ActiveX/mgaxctrl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: NameServer = 213.46.246.53 213.46.246.54 TCP: Interfaces\{9F986765-D737-4DE3-BC6E-B9108FAACF67} : DHCPNameServer = 213.46.246.53 213.46.246.54 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\attila\application data\mozilla\firefox\profiles\0a2atyl6.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll FF - plugin: c:\documents and settings\attila\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\attila\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\attila\local settings\application data\google\update\1.3.21.129\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ============= SERVICES / DRIVERS =============== . R? 1653946drv;1653946drv R? Avgfwfd;AVG network filter service R? fsssvc;Windows Live Family Safety Service R? gupdate1c9b988b8f0cf10;Google frissítési szolgáltatás (gupdate1c9b988b8f0cf10) R? HTCAND32;HTC Device Driver R? htcnprot;HTC NDIS Protocol Driver R? MBAMService;MBAMService R? McComponentHostService;McAfee Security Scan Component Host Service R? SkypeUpdate;Skype Updater R? vcdrom;Virtual CD-ROM Device Driver R? vsdatant;vsdatant S? a2acc;a2acc S? a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service S? A2DDA;A2 Direct Disk Access Support Driver S? a2injectiondriver;a2injectiondriver S? a2util;a-squared Malware-IDS utility driver S? Avgfwdx;Avgfwdx S? avgfws;AVG t S? AVGIDSAgent;AVGIDSAgent S? AVGIDSDriver;AVGIDSDriver S? AVGIDSFilter;AVGIDSFilter S? AVGIDSHX;AVGIDSHX S? AVGIDSShim;AVGIDSShim S? Avgldx86;AVG AVI Loader Driver S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield S? Avgrkx86;AVG Anti-Rootkit Driver S? Avgtdix;AVG TDI Driver S? avgtp;avgtp S? avgwd;AVG WatchDog S? cdrblock;cdrblock S? cpextender;Check Point SSL Network Extender S? fssfltr;fssfltr S? IFXTPM;IFXTPM S? MBAMProtector;MBAMProtector S? MBAMScheduler;MBAMScheduler S? PassThru Service;Internet Pass-Through Service S? RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service S? Skype C2C Service;Skype C2C Service S? sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver S? ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service S? VNA;Check Point Virtual Network Adapter S? vToolbarUpdater13.2.0;vToolbarUpdater13.2.0 S? WMDrive;WMDrive . =============== File Associations =============== . ShellExec: QSync.exe: Open="c:\program files\logitech\video\QSync.exe" . =============== Created Last 30 ================ . 2013-01-07 21:37:18 -------- dc----w- C:\toolbarImages 2013-01-07 21:35:48 -------- d-----w- c:\documents and settings\attila\local settings\application data\Conduit 2013-01-06 23:20:58 -------- dc----w- c:\documents and settings\all users\application data\SaveAs 2013-01-06 13:20:34 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-06 13:20:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-03 22:38:31 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2013-01-02 23:33:53 -------- dc----w- C:\programfiles 2013-01-02 21:16:25 -------- dcsha-r- C:\cmdcons 2013-01-02 21:09:31 98816 ----a-w- c:\windows\sed.exe 2013-01-02 21:09:31 256000 ----a-w- c:\windows\PEV.exe 2013-01-02 21:09:31 208896 ----a-w- c:\windows\MBR.exe 2013-01-02 20:32:55 388096 ----a-r- c:\documents and settings\attila\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2013-01-02 20:32:35 -------- d-----w- c:\program files\Trend Micro 2013-01-02 17:55:12 -------- dc----w- C:\UZES 2013-01-01 01:33:05 -------- d-----w- c:\documents and settings\attila\local settings\application data\CRE 2012-12-31 23:59:35 -------- d-----w- c:\documents and settings\attila\local settings\application data\Torch 2012-12-31 23:55:23 -------- dc----w- c:\documents and settings\all users\application data\Zoomex 2012-12-31 23:47:50 -------- dc----w- c:\documents and settings\all users\application data\WoW Worldwide Software LTD 2012-12-31 23:47:05 -------- d-----w- c:\program files\Optimizer Pro 2012-12-31 20:36:41 -------- d-----w- c:\program files\Gophoto.it 2012-12-31 17:33:07 -------- dc----w- C:\DUPLUM_TOROLNI 2012-12-27 13:26:37 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2012-12-27 10:40:41 -------- d-----w- c:\program files\Astonsoft 2012-12-24 12:03:53 -------- dc----w- C:\csabatemp 2012-12-24 11:48:56 -------- d-----w- c:\documents and settings\attila\application data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 2012-12-24 10:54:46 -------- dc----w- C:\Temp 2012-12-24 10:54:04 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll 2012-12-21 18:02:03 -------- d-----w- c:\documents and settings\attila\application data\RealNetworks 2012-12-21 17:46:55 -------- d-----w- c:\program files\RealNetworks 2012-12-21 17:46:43 -------- dc----w- c:\documents and settings\all users\application data\RealNetworks 2012-12-21 17:44:47 -------- d-----w- c:\program files\common files\xing shared 2012-12-21 17:43:25 153296 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll 2012-12-21 17:42:44 124056 ----a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll 2012-12-13 13:30:28 5955856 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll . ==================== Find3M ==================== . 2013-01-09 20:57:37 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-09 20:57:36 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-09 05:46:16 60496 ----a-w- c:\windows\system32\drivers\Teefer.sys.rmv 2012-11-09 05:46:16 21075 ----a-w- c:\windows\system32\drivers\wpsdrvnt.sys.rmv 2012-11-08 16:33:44 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-11-08 10:29:12 1402312 ----a-w- c:\windows\system32\msxml4.dll 2012-11-06 02:01:39 1371648 ------w- c:\windows\system32\msxml6.dll 2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec 2012-10-26 19:14:58 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-26 19:14:28 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-10-26 19:14:19 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-26 19:14:19 746984 ----a-w- c:\windows\system32\deployJava1.dll . ============= FINISH: 7:08:11.21 =============== secureCheck: checkup.txt Results of screen317's Security Check version 0.99.56 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! AVG 2012 Sygate Personal Firewall McAfee Security Scan Plus AVG2012 successfully updated! `````````Anti-malware/Other Utilities Check:````````` Spyware Terminator 2012 Malwarebytes Anti-Malware version 1.70.0.1100 CCleaner (remove only) Java 7 Update 9 Adobe Flash Player 11.5.502.146 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (17.0.1) Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe Emsisoft Anti-Malware a2service.exe Malwarebytes' Anti-Malware mbamscheduler.exe emsisoft anti-malware a2guard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` ------------------------- HiJackThis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:28:56, on 2013.01.10. Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Emsisoft Anti-Malware\a2service.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG2012\avgfws.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files\Spyware Terminator\st_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\taskmgr.exe C:\programfiles\totalcmd\TOTALCMD.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\oodtray.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\program files\real\realplayer\update\realsched.exe C:\program files\emsisoft anti-malware\a2guard.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\uTorrent\uTorrent.exe C:\WINDOWS\system32\ctfmon.exe C:\programfiles\totalcmd\TOTALCMD.EXE C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60 O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [spywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe O4 - HKLM\..\Run: [spywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} (SlimClient Class) - https://aoc-bp.aegon.hu/SNX/CSHELL/extender.cab O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://map2.index.hu/MGViewer/ActiveX/mgaxctrl.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Emsisoft Anti-Malware 7.0 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG tűzfal (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe O23 - Service: Google frissítési szolgáltatás (gupdate1c9b988b8f0cf10) (gupdate1c9b988b8f0cf10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files\Spyware Terminator\st_rsser.exe O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 14047 bytes
  7. Hi! Thank you for your guide. I did the 3 fixes with the HijackThis but I can't reach the Net via browsers. The MAMB updated itself successfully. Can I update my java or Adobe in another way? Now I am trying the produce the logs but my first attempt failed : the MAMB scan didn't run in 8 hours just sandglasses.... I will try it again. bye
  8. Similar happened to me like in the topic 'Infected with Privitize VPN'. I downloaded accidentally the Privitize VPN program. I deleted it from Add/Remove programs about next day when I realized that all of my browsers says for every URL: 'took too long to respond' or '..has timed out' . One of my programs updated itself successfully so my Internet is okay (and my wife's computer uses the same modem and router, and it is OK). I had this problem even if i used wifi: I reached one site then the second '..has timed out' .. I read the similar topics about this problem and realized that my browsers are working again for a while if i set the registry as suggested : and Reset WINSOCK entries to installation defaults: netsh winsock reset catalog Reset TCP/IP stack to installation defaults. netsh int ip reset reset.log ----- But it is not a permanent solution amd MAMB found this: 'PUM.Hijack.StartMenu' HElp me, please! Thanks in advance! here is the Malware bytes log: -------- Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.05.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 ATTILA :: PC270922491494 [administrator] Protection: Disabled 2013.01.05. 22:08:40 MBAM-log-2013-01-06 (01-54-22).txt Scan type: Full scan (C:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 488770 Time elapsed: 3 hour(s), 43 minute(s), 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 11 C:\Documents and Settings\ATTILA\Local Settings\Application Data\Torch\User Data\Default\Cache\f_000021 (Adware.DirectDownload) -> No action taken. C:\Documents and Settings\ATTILA\My Documents\My Videos\download.php (Adware.DirectDownload) -> No action taken. C:\Documents and Settings\ATTILA\My Documents\My Videos\product_download.php (PUP.Adware.Agent) -> No action taken. C:\Documents and Settings\ATTILA\My Documents\Downloads\ChessBase.11.2011 (1).exe (Adware.DirectDownload) -> No action taken. C:\Documents and Settings\ATTILA\My Documents\Downloads\ChessBase_Opening_Encyclopaedia_2011.exe (PUP.Adware.Agent) -> No action taken. C:\Documents and Settings\ATTILA\My Documents\Downloads\Chessbase_Opening_Encyclopedia_2012_Setup___Key.exe (PUP.Adware.Agent) -> No action taken. C:\Documents and Settings\ATTILA\My Documents\Downloads\chess_romans_lab_102_killing_the_sicilian_with_the_grand_prix_attack.exe (PUP.Adware.MediaGet) -> No action taken. C:\Documents and Settings\ATTILA\My Documents\Downloads\Excelling_At_Positional_Chess.exe (PUP.Adware.Agent) -> No action taken. C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP1674\A0327252.exe (Adware.DirectDownload) -> No action taken. C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP1674\A0327253.exe (PUP.Adware.Agent) -> No action taken. C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP1674\A0327254.exe (PUP.Adware.Agent) -> No action taken. (end) --------- --------- Here is the DDS log: --------------------------- DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2 Run by ATTILA at 0:04:44 on 2013-01-07 Microsoft Windows XP Home Edition 5.1.2600.3.1250.36.1033.18.895.274 [GMT 1:00] . AV: AVG Internet Security Business Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Emsisoft Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255} FW: Norton Internet Worm Protection *Disabled* FW: AVG Internet Security Business Edition 2012 *Enabled* FW: *Disabled* FW: AVG Firewall *Disabled* . ============== Running Processes ================ . \??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe \??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Program Files\Emsisoft Anti-Malware\a2service.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG2012\avgfws.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files\Spyware Terminator\st_rsser.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\WINDOWS\System32\alg.exe \??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\oodtray.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\program files\real\realplayer\update\realsched.exe C:\program files\emsisoft anti-malware\a2guard.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\uTorrent\uTorrent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe C:\programfiles\totalcmd\TOTALCMD.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k bthsvcs C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k netsvcs . ============== Pseudo HJT Report =============== . mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll BHO: {C508C0E0-E49E-971D-43A0-510B40BCDA75} - <orphaned> BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe mRun: [QlbCtrl] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe mRun: [Recguard] c:\windows\sminst\Recguard.exe mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe mRun: [OODefragTray] c:\windows\system32\oodtray.exe mRun: [smcService] c:\progra~1\sygate\spf\smc.exe -startgui mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [vProt] "c:\program files\avg secure search\vprot.exe" mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60 mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [spywareTerminatorShield] c:\program files\spyware terminator\SpywareTerminatorShield.exe mRun: [spywareTerminatorUpdater] c:\program files\spyware terminator\SpywareTerminatorUpdate.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee security scan plus.lnk - c:\program files\mcafee security scan\3.0.285\SSScheduler.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://aoc-bp.aegon.hu/SNX/CSHELL/extender.cab DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://map2.index.hu/MGViewer/ActiveX/mgaxctrl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: NameServer = 213.46.246.53 213.46.246.54 TCP: Interfaces\{9F986765-D737-4DE3-BC6E-B9108FAACF67} : DHCPNameServer = 213.46.246.53 213.46.246.54 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: AtiExtEvent - Ati2evxx.dll AppInit_DLLs= c:\progra~1\mocaflix\sprotector.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\attila\application data\mozilla\firefox\profiles\0a2atyl6.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll FF - plugin: c:\documents and settings\attila\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\attila\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\attila\local settings\application data\google\update\1.3.21.129\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 31952] R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2013-1-3 17904] R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2013-1-3 37856] R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2013-1-3 11776] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 237408] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 41040] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 301920] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-30 26984] R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [2009-8-29 27704] R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [2012-6-14 32768] R1 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2011-1-9 65856] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-17 54752] R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2013-1-3 54072] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-10-21 36352] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-6 21104] R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2011-4-12 129304] S1 1653946drv;1653946drv;c:\windows\system32\drivers\1653946drv.sys --> c:\windows\system32\drivers\1653946drv.sys [?] S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\attila\focivb\vcdrom.sys --> c:\attila\focivb\VCdRom.sys [?] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012-8-27 24576] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248] S4 vsdatant;vsdatant; [x] . =============== File Associations =============== . ShellExec: QSync.exe: Open="c:\program files\logitech\video\QSync.exe" . =============== Created Last 30 ================ . 2013-01-06 13:20:34 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-06 13:20:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-06 00:55:14 -------- dc----w- C:\jan6 2013-01-03 22:38:31 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2013-01-02 23:33:53 -------- dc----w- C:\programfiles 2013-01-02 21:16:25 -------- dcsha-r- C:\cmdcons 2013-01-02 21:09:31 98816 ----a-w- c:\windows\sed.exe 2013-01-02 21:09:31 256000 ----a-w- c:\windows\PEV.exe 2013-01-02 21:09:31 208896 ----a-w- c:\windows\MBR.exe 2013-01-02 20:32:55 388096 ----a-r- c:\documents and settings\attila\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2013-01-02 20:32:35 -------- d-----w- c:\program files\Trend Micro 2013-01-02 17:55:12 -------- dc----w- C:\UZES 2013-01-01 01:33:05 -------- d-----w- c:\documents and settings\attila\local settings\application data\CRE 2012-12-31 23:59:35 -------- d-----w- c:\documents and settings\attila\local settings\application data\Torch 2012-12-31 23:55:23 -------- dc----w- c:\documents and settings\all users\application data\Zoomex 2012-12-31 23:47:50 -------- dc----w- c:\documents and settings\all users\application data\WoW Worldwide Software LTD 2012-12-31 23:47:05 -------- d-----w- c:\program files\Optimizer Pro 2012-12-31 20:36:41 -------- d-----w- c:\program files\Gophoto.it 2012-12-31 20:35:42 -------- d-----w- c:\program files\TornTV.com 2012-12-31 17:33:07 -------- dc----w- C:\DUPLUM_TOROLNI 2012-12-27 13:26:37 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2012-12-27 10:40:41 -------- d-----w- c:\program files\Astonsoft 2012-12-24 12:03:53 -------- dc----w- C:\csabatemp 2012-12-24 11:48:56 -------- d-----w- c:\documents and settings\attila\application data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 2012-12-24 10:54:46 -------- dc----w- C:\Temp 2012-12-24 10:54:04 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll 2012-12-21 18:02:03 -------- d-----w- c:\documents and settings\attila\application data\RealNetworks 2012-12-21 17:46:55 -------- d-----w- c:\program files\RealNetworks 2012-12-21 17:46:43 -------- dc----w- c:\documents and settings\all users\application data\RealNetworks 2012-12-21 17:44:47 -------- d-----w- c:\program files\common files\xing shared 2012-12-21 17:43:25 153296 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll 2012-12-21 17:42:44 124056 ----a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll 2012-12-13 13:30:28 5955856 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll 2012-12-11 20:05:31 16363960 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe . ==================== Find3M ==================== . 2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-11 20:07:12 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-11 20:07:10 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-09 05:46:16 60496 ----a-w- c:\windows\system32\drivers\Teefer.sys.rmv 2012-11-09 05:46:16 21075 ----a-w- c:\windows\system32\drivers\wpsdrvnt.sys.rmv 2012-11-08 16:33:44 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec 2012-10-26 19:14:58 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-26 19:14:28 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-10-26 19:14:19 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-26 19:14:19 746984 ----a-w- c:\windows\system32\deployJava1.dll . ============= FINISH: 0:08:05.98 =============== --------------------------- Here is the security check log: --------------------------- Results of screen317's Security Check version 0.99.56 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! AVG 2012 Sygate Personal Firewall McAfee Security Scan Plus AVG2012 successfully updated! `````````Anti-malware/Other Utilities Check:````````` Spyware Terminator 2012 Malwarebytes Anti-Malware version 1.70.0.1100 CCleaner (remove only) Java 7 Update 9 Adobe Flash Player 11.5.502.135 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (17.0.1) Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe Emsisoft Anti-Malware a2service.exe Malwarebytes' Anti-Malware mbamscheduler.exe emsisoft anti-malware a2guard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` --------------------------- Here is the HIjack log --------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 0:08:35, on 2013.01.08. Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Emsisoft Anti-Malware\a2service.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG2012\avgfws.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files\Spyware Terminator\st_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\oodtray.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\program files\real\realplayer\update\realsched.exe C:\program files\emsisoft anti-malware\a2guard.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\uTorrent\uTorrent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe C:\WINDOWS\system32\taskmgr.exe C:\programfiles\totalcmd\TOTALCMD.EXE C:\programfiles\totalcmd\TOTALCMD.EXE C:\WINDOWS\notepad.exe C:\WINDOWS\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msfeedssync.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll O2 - BHO: SaveAs - {C508C0E0-E49E-971D-43A0-510B40BCDA75} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60 O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [spywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe O4 - HKLM\..\Run: [spywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} (SlimClient Class) - https://aoc-bp.aegon.hu/SNX/CSHELL/extender.cab O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://map2.index.hu/MGViewer/ActiveX/mgaxctrl.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll O20 - AppInit_DLLs: c:\PROGRA~1\MocaFlix\sprotector.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Emsisoft Anti-Malware 7.0 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG tűzfal (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe O23 - Service: Google frissítési szolgáltatás (gupdate1c9b988b8f0cf10) (gupdate1c9b988b8f0cf10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files\Spyware Terminator\st_rsser.exe O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 14255 bytes ---------------------------