Odvčera sa môj počítač začal správať čudne. Antivírus niečo našiel, ale blbne to stále. Pomôžte prosím, prikladám log z HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:05, on 24.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\eISIS\servers\postgresql\bin\pg_ctl.exe
c:\eISIS\servers\postgresql\bin\postgres.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
c:\eISIS\servers\postgresql\bin\postgres.exe
c:\eISIS\servers\postgresql\bin\postgres.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hmonitor\hmonitor.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\program files\relevantknowledge\rlvknlg.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\vpc32.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\vpdn_lu.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pavol.zabavcik.szm.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.pavol.zabavcik.szm.sk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pavol.zabavcik.szm.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\PC Translator\WEBIE.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\PC Translator\WEBIE.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hmonitor] C:\Program Files\Hmonitor\hmonitor.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CassinyEx.lnk = C:\qbe_calc\CassiniEx\CassiniExWebServer.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D660099D-2221-4A52-B322-1EC128502C38}: NameServer = 217.119.121.225,217.119.113.244
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: eISIS PostgreSQL Database Server (eISISPostgreSQL) - PostgreSQL Global Development Group - c:\eISIS\servers\postgresql\bin\pg_ctl.exe
O23 - Service: eISIS Tomcat (eISISTomcat) - Apache Software Foundation - c:\eISIS\servers\tomcat\bin\tomcat5.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
--
End of file - 8560 bytes
			
									
									
						Blbne mi počítač. pomôžte prosím + Vyřešeno
- memphisto
- Guru Level 13 
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:  
- Stav:
		Offline
Re: Blbne mi počítač. pomôžte prosím
odinstaluj AskSearch.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
			
									
									Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod,  Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
						Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Blbne mi počítač. pomôžte prosím
Malwarebytes' Anti-Malware 1.39
Verzia databázy: 2492
Windows 5.1.2600 Service Pack 2
24.7.2009 12:29:31
mbam-log-2009-07-24 (12-29-26).txt
Typ kontroly: Rýchla
Objektov kontrolovaných: 89748
Uplynutý cas: 5 minute(s), 15 second(s)
Infikovaných procesov pamäte: 1
Infikovaných modulov pamäte: 1
Infikovaných registracných klúcov: 3
Infikovaných registracných hodnôt: 1
Infikovaných registracných údajov položiek: 1
Infikovaných priecinkov: 2
Infikovaných súborov: 13
Infikovaných procesov pamäte:
C:\program files\relevantknowledge\rlvknlg.exe (Spyware.Marketscore) -> No action taken.
Infikovaných modulov pamäte:
C:\program files\relevantknowledge\rlls.dll (Spyware.Marketscore) -> No action taken.
Infikovaných registracných klúcov:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{87fd33c2-7891-45d5-acd1-7935f9aea26b} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> No action taken.
Infikovaných registracných hodnôt:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.
Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infikovaných priecinkov:
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge (Spyware.Marketscore) -> No action taken.
C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> No action taken.
Infikovaných súborov:
c:\documents and settings\all users\start menu\Programs\relevantknowledge\About RelevantKnowledge.lnk (Spyware.Marketscore) -> No action taken.
c:\documents and settings\all users\start menu\Programs\relevantknowledge\Privacy Policy and User License Agreement.lnk (Spyware.Marketscore) -> No action taken.
c:\documents and settings\all users\start menu\Programs\relevantknowledge\Support.lnk (Spyware.Marketscore) -> No action taken.
c:\documents and settings\all users\start menu\Programs\relevantknowledge\Uninstall Instructions.lnk (Spyware.Marketscore) -> No action taken.
c:\program files\relevantknowledge\rlls.dll (Spyware.Marketscore) -> No action taken.
c:\program files\relevantknowledge\rloci.bin (Spyware.Marketscore) -> No action taken.
c:\program files\relevantknowledge\rlservice.exe (Spyware.Marketscore) -> No action taken.
c:\program files\relevantknowledge\rlvknlg.exe (Spyware.Marketscore) -> No action taken.
c:\program files\Implode.dll (Spyware.OnlineGames) -> No action taken.
c:\program files\pg32conv.dll (Spyware.OnlineGames) -> No action taken.
c:\program files\u25store.dll (Spyware.OnlineGames) -> No action taken.
c:\program files\u25total.dll (Spyware.OnlineGames) -> No action taken.
c:\program files\u2lbar.dll (Spyware.OnlineGames) -> No action taken.
			
									
									
						Verzia databázy: 2492
Windows 5.1.2600 Service Pack 2
24.7.2009 12:29:31
mbam-log-2009-07-24 (12-29-26).txt
Typ kontroly: Rýchla
Objektov kontrolovaných: 89748
Uplynutý cas: 5 minute(s), 15 second(s)
Infikovaných procesov pamäte: 1
Infikovaných modulov pamäte: 1
Infikovaných registracných klúcov: 3
Infikovaných registracných hodnôt: 1
Infikovaných registracných údajov položiek: 1
Infikovaných priecinkov: 2
Infikovaných súborov: 13
Infikovaných procesov pamäte:
C:\program files\relevantknowledge\rlvknlg.exe (Spyware.Marketscore) -> No action taken.
Infikovaných modulov pamäte:
C:\program files\relevantknowledge\rlls.dll (Spyware.Marketscore) -> No action taken.
Infikovaných registracných klúcov:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{87fd33c2-7891-45d5-acd1-7935f9aea26b} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> No action taken.
Infikovaných registracných hodnôt:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.
Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infikovaných priecinkov:
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge (Spyware.Marketscore) -> No action taken.
C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> No action taken.
Infikovaných súborov:
c:\documents and settings\all users\start menu\Programs\relevantknowledge\About RelevantKnowledge.lnk (Spyware.Marketscore) -> No action taken.
c:\documents and settings\all users\start menu\Programs\relevantknowledge\Privacy Policy and User License Agreement.lnk (Spyware.Marketscore) -> No action taken.
c:\documents and settings\all users\start menu\Programs\relevantknowledge\Support.lnk (Spyware.Marketscore) -> No action taken.
c:\documents and settings\all users\start menu\Programs\relevantknowledge\Uninstall Instructions.lnk (Spyware.Marketscore) -> No action taken.
c:\program files\relevantknowledge\rlls.dll (Spyware.Marketscore) -> No action taken.
c:\program files\relevantknowledge\rloci.bin (Spyware.Marketscore) -> No action taken.
c:\program files\relevantknowledge\rlservice.exe (Spyware.Marketscore) -> No action taken.
c:\program files\relevantknowledge\rlvknlg.exe (Spyware.Marketscore) -> No action taken.
c:\program files\Implode.dll (Spyware.OnlineGames) -> No action taken.
c:\program files\pg32conv.dll (Spyware.OnlineGames) -> No action taken.
c:\program files\u25store.dll (Spyware.OnlineGames) -> No action taken.
c:\program files\u25total.dll (Spyware.OnlineGames) -> No action taken.
c:\program files\u2lbar.dll (Spyware.OnlineGames) -> No action taken.
- memphisto
- Guru Level 13 
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:  
- Stav:
		Offline
Re: Blbne mi počítač. pomôžte prosím
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
			
									
									- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod,  Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
						Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Blbne mi počítač. pomôžte prosím
ComboFix 09-07-23.04 - DeLUX 24.07.2009 15:10.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1023.589 [GMT 2:00]
Running from: c:\moje dokumenty\Downloads\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *disabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\rlls.dll
c:\windows\system32\Drivers\mfnjr.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ifnpdi
((((((((((((((((((((((((( Files Created from 2009-06-24 to 2009-07-24 )))))))))))))))))))))))))))))))
.
2009-07-24 12:50 . 2009-07-24 12:51 -------- d-----w- c:\documents and settings\DeLUX\Application Data\Notepad++
2009-07-24 12:50 . 2009-07-24 12:50 -------- d-----w- c:\program files\Notepad++
2009-07-24 10:22 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 10:22 . 2009-07-24 10:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 10:22 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-23 15:12 . 2009-07-23 15:12 -------- d-----w- c:\program files\Fotosizer
2009-07-23 14:40 . 2009-07-23 14:40 -------- d-----w- c:\documents and settings\DeLUX\Application Data\Softplicity
2009-07-23 13:23 . 2001-05-16 15:54 309616 ----a-w- c:\windows\system32\wmv8dmod.dll
2009-07-23 13:22 . 2004-05-20 12:24 196608 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2009-07-23 13:22 . 2004-05-20 11:07 335872 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll
2009-07-23 13:22 . 2004-03-02 17:14 307200 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2009-07-23 13:22 . 2004-03-02 17:07 315392 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll
2009-07-23 13:22 . 2003-02-11 12:39 647168 ----a-w- c:\windows\system32\NCTAudioLibrary.dll
2009-07-23 13:22 . 2003-02-11 12:38 892928 ----a-w- c:\windows\system32\NCTAudioInformation.dll
2009-07-23 13:22 . 2003-02-11 12:37 327680 ----a-w- c:\windows\system32\NCTAudioGrabber.dll
2009-07-23 13:22 . 2003-02-11 12:36 1703936 ----a-w- c:\windows\system32\NCTAudioFile.dll
2009-07-23 13:22 . 2004-03-03 16:05 1839104 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2009-07-23 13:22 . 2002-07-23 09:05 413760 ----a-w- c:\windows\system32\mpg4c32.dll
2009-07-20 19:25 . 2009-07-20 19:25 -------- d-----w- c:\program files\FileZilla FTP Client
2009-07-19 19:36 . 2009-07-19 19:36 -------- d-----w- c:\windows\Sun
2009-07-19 15:37 . 2009-07-19 15:37 -------- d-----w- c:\program files\Chami
2009-07-19 14:10 . 2009-07-19 14:10 -------- d-----w- c:\program files\iPod
2009-07-19 14:09 . 2009-07-19 14:10 -------- d-----w- c:\program files\iTunes
2009-07-19 13:57 . 2009-07-19 13:57 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-19 10:39 . 2009-07-19 10:40 -------- d-----w- c:\windows\system32\NtmsData
2009-07-13 12:11 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-13 12:11 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-07-13 10:27 . 2004-08-03 20:58 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-07-13 10:27 . 2004-08-03 20:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-07-13 10:26 . 2004-08-03 21:10 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-07-13 10:26 . 2004-08-03 21:10 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-07-13 10:26 . 2004-08-03 21:10 15360 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-07-13 10:26 . 2004-08-03 21:10 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-07-13 10:26 . 2004-08-03 21:10 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2009-07-13 10:26 . 2004-08-03 21:10 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-07-13 10:26 . 2004-08-03 21:10 19328 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-07-13 10:26 . 2004-08-03 21:10 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-07-13 10:26 . 2004-08-03 21:10 85376 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-07-13 10:26 . 2004-08-03 21:10 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-07-13 10:26 . 2004-08-03 21:10 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-07-13 10:26 . 2004-08-03 21:10 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-07-13 10:25 . 2004-08-03 22:56 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-07-13 10:25 . 2004-08-03 22:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-07-13 10:25 . 2004-08-03 21:10 78464 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2009-07-13 10:25 . 2004-08-03 21:10 78464 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2009-07-13 10:19 . 2009-07-13 10:19 77824 ----a-w- c:\documents and settings\DeLUX\Application Data\Sun\Java\Deployment\cache\6.0\60\3cdbd83c-29a48229-n\scanreg.dll
2009-07-13 10:19 . 2009-07-13 10:19 110592 ----a-w- c:\documents and settings\DeLUX\Application Data\Sun\Java\Deployment\cache\6.0\60\3cdbd83c-29a48229-n\win_dmi.dll
2009-07-13 09:46 . 2009-07-17 19:52 -------- d-----w- c:\documents and settings\DeLUX\Local Settings\Application Data\Temp
2009-07-12 10:21 . 2009-07-12 10:21 -------- d-----w- c:\program files\Borland Delphi Trial Installer
2009-07-12 09:40 . 2009-07-12 09:40 -------- d-----w- c:\documents and settings\DeLUX\Application Data\Apple Computer
2009-07-12 09:39 . 2009-07-12 09:40 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-12 09:33 . 2009-07-12 09:33 -------- d-----w- c:\documents and settings\DeLUX\Local Settings\Application Data\Apple
2009-07-12 09:33 . 2009-07-12 09:33 -------- d-----w- c:\program files\Apple Software Update
2009-07-12 09:33 . 2009-07-19 14:09 -------- d-----w- c:\program files\Common Files\Apple
2009-07-12 09:33 . 2009-07-12 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-12 09:32 . 2009-07-12 09:40 -------- d-----w- c:\documents and settings\DeLUX\Local Settings\Application Data\Apple Computer
2009-06-28 12:33 . 2009-06-30 06:44 -------- d-----w- C:\Projection
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-24 13:19 . 2007-05-31 19:05 40 ----a-w- c:\windows\system32\profile.dat
2009-07-23 22:07 . 2008-09-19 11:01 -------- d-----w- c:\documents and settings\DeLUX\Application Data\FileZilla
2009-07-22 20:16 . 2008-07-10 07:52 -------- d-----w- c:\program files\XoftSpySE
2009-07-22 20:16 . 2007-05-31 17:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-21 19:11 . 2007-05-31 19:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-20 10:56 . 2009-04-08 17:15 -------- d-----w- c:\documents and settings\DeLUX\Application Data\ICQ
2009-07-19 20:00 . 2009-05-03 11:48 -------- d-----w- c:\documents and settings\DeLUX\Application Data\Skype
2009-07-19 18:38 . 2009-05-03 11:50 -------- d-----w- c:\documents and settings\DeLUX\Application Data\skypePM
2009-07-19 15:37 . 2009-07-19 15:37 -------- d-----w- c:\program files\Chami
2009-07-19 14:08 . 2009-02-15 10:47 -------- d-----w- c:\program files\Bonjour
2009-07-19 11:25 . 2007-06-02 09:03 -------- d-----w- c:\program files\Call of Duty
2009-07-16 19:41 . 2008-01-01 14:11 -------- d-----w- c:\documents and settings\DeLUX\Application Data\Azureus
2009-07-12 09:39 . 2007-06-01 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-12 09:34 . 2007-06-01 15:31 -------- d-----w- c:\program files\QuickTime Alternative
2009-06-30 06:32 . 2008-02-26 11:03 -------- d-----w- c:\program files\Kalk Invest 2
2009-06-28 12:42 . 2007-05-31 16:55 47384 ----a-w- c:\documents and settings\DeLUX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-17 17:15 . 2009-05-17 17:15 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-03 11:50 . 2009-05-03 11:50 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2008-02-25 07:33 . 2009-04-06 09:39 378880 ----a-w- c:\program files\ainstall_info.exe
2007-09-03 07:58 . 2007-09-03 07:58 524288 ----a-w- c:\program files\Kalk Invest 2.exe
2007-09-03 07:44 . 2007-09-03 07:44 1036288 ----a-w- c:\program files\sys_db.mdb
2007-08-21 16:32 . 2007-08-21 16:32 20480 ----a-w- c:\program files\ki2_version.exe
2007-01-04 09:46 . 2007-01-04 09:46 378199 ----a-w- c:\program files\uniqa_IZP.rpt
2007-01-03 15:24 . 2007-01-03 15:24 394809 ----a-w- c:\program files\01_izp_newest.rpt
2006-01-27 07:10 . 2006-01-27 07:10 420352 ----a-w- c:\program files\02_izp.rpt
2005-09-29 09:01 . 2005-09-29 09:01 83968 ----a-w- c:\program files\Kalk Invet 2 manuál.doc
2005-02-22 13:41 . 2005-02-22 13:41 437248 ----a-w- c:\program files\01_izp.rpt
2005-02-21 10:28 . 2005-02-21 10:28 1003 ----a-w- c:\program files\licencia.txt
2004-09-28 13:14 . 2004-09-28 13:14 307200 ----a-w- c:\program files\p2sodbc.dll
2004-06-11 10:22 . 2004-06-11 10:22 98304 ----a-w- c:\program files\u2ftext.dll
2004-02-23 19:42 . 2004-02-23 19:42 1386496 ----a-w- c:\program files\MSVBVM60.DLL
2004-02-01 22:46 . 2004-02-01 22:46 208896 ----a-w- c:\program files\p2soledb.dll
2003-11-27 18:47 . 2003-11-27 18:47 40960 ----a-w- c:\program files\u2fsepv.dll
2003-08-12 13:51 . 2003-08-12 13:51 212992 ----a-w- c:\program files\p2ssyb10.dll
2003-08-08 11:56 . 2003-08-08 11:56 225280 ----a-w- c:\program files\u2fxls.dll
2003-07-09 02:24 . 2003-07-09 02:24 53248 ----a-w- c:\program files\u2fodbc.dll
2003-07-02 10:47 . 2003-07-02 10:47 6074429 ----a-w- c:\program files\craxdrt.dll
2003-06-10 13:04 . 2003-06-10 13:04 5558329 ----a-w- c:\program files\crpe32.dll
2003-02-21 05:44 . 2003-02-21 05:44 176128 ----a-w- c:\program files\p2sora7.dll
2002-09-04 15:37 . 2002-09-04 15:37 106496 ----a-w- c:\program files\u2lcom.dll
2002-09-03 19:48 . 2002-09-03 19:48 401462 ----a-w- c:\program files\msvcp60.dll
2002-09-03 19:46 . 2002-09-03 19:46 487424 ----a-w- c:\program files\msado15.dll
2002-09-03 19:44 . 2002-09-03 19:44 995383 ----a-w- c:\program files\mfc42.dll
2002-09-03 19:36 . 2002-09-03 19:36 557128 ----a-w- c:\program files\dao360.dll
2002-09-03 19:34 . 2002-09-03 19:34 258048 ----a-w- c:\program files\comdlg32.dll
2002-09-03 19:34 . 2002-09-03 19:34 557056 ----a-w- c:\program files\comctl32.dll
2002-08-22 22:02 . 2002-08-22 22:02 168000 ----a-w- c:\program files\p2ssql.dll
2002-07-23 21:58 . 2002-07-23 21:58 192512 ----a-w- c:\program files\P2smon.dll
2002-04-10 11:36 . 2002-04-10 11:36 163895 ----a-w- c:\program files\u2frtf.dll
2002-01-04 09:54 . 2002-01-04 09:54 28672 ----a-w- c:\program files\u2ddisk.dll
2001-12-14 14:24 . 2001-12-14 14:24 40960 ----a-w- c:\program files\u2dmapi.dll
2001-12-12 14:33 . 2001-12-12 14:33 40960 ----a-w- c:\program files\u2fwks.dll
2001-12-12 08:14 . 2001-12-12 08:14 36864 ----a-w- c:\program files\u2frec.dll
2001-12-05 16:53 . 2001-12-05 16:53 249856 ----a-w- c:\program files\p2bxbse.dll
2001-07-26 13:32 . 2001-07-26 13:32 53248 ----a-w- c:\program files\u2dnotes.dll
2001-06-19 12:06 . 2001-06-19 12:06 45056 ----a-w- c:\program files\u2fhtml.dll
2001-05-20 23:45 . 2001-05-20 23:45 167936 ----a-w- c:\program files\p2sifmx.dll
2001-04-11 13:49 . 2001-04-11 13:49 106496 ----a-w- c:\program files\u2fwordw.dll
2000-12-05 08:42 . 2000-12-05 08:42 140288 ----a-w- c:\program files\comdlg32.ocx
2000-07-14 23:00 . 2000-07-14 23:00 101888 ----a-w- c:\program files\VB6STKIT.DLL
2000-07-14 22:00 . 2000-07-14 22:00 77824 ----a-w- c:\program files\MSBIND.DLL
2000-07-14 22:00 . 2000-07-14 22:00 73216 ----a-w- c:\program files\ST6UNST.EXE
2000-07-14 22:00 . 2000-07-14 22:00 249856 ----a-w- c:\program files\SETUP1.EXE
2000-07-14 22:00 . 2000-07-14 22:00 118784 ----a-w- c:\program files\MSSTDFMT.DLL
2000-05-21 22:00 . 2000-05-21 22:00 1009336 ----a-w- c:\program files\MSCHRT20.OCX
2000-04-11 22:00 . 2000-04-11 22:00 598288 ----a-w- c:\program files\OLEAUT32.DLL
2000-02-18 17:58 . 2000-02-18 17:58 513424 ----a-w- c:\program files\crviewer.dll
2000-01-19 22:00 . 2000-01-19 22:00 7856352 ----a-w- c:\program files\MDAC_TYP.EXE
2000-01-11 06:09 . 2000-01-11 06:09 618496 ----a-w- c:\program files\Crpaig80.dll
1999-12-10 13:24 . 1999-12-10 13:24 974848 ----a-w- c:\program files\SSCSDK80.DLL
1999-12-10 06:17 . 1999-12-10 06:17 847324 ----a-w- c:\program files\Crystl32.OCX
1999-12-07 07:31 . 1999-12-07 07:31 24576 ----a-w- c:\program files\u2lsamp1.dll
1999-12-07 07:31 . 1999-12-07 07:31 24576 ----a-w- c:\program files\u2ldts.dll
1999-12-07 07:31 . 1999-12-07 07:31 24576 ----a-w- c:\program files\u2l2000.dll
1999-12-07 07:31 . 1999-12-07 07:31 24576 ----a-w- c:\program files\u25dts.dll
1999-12-07 07:31 . 1999-12-07 07:31 24576 ----a-w- c:\program files\u252000.dll
1999-12-07 07:31 . 1999-12-07 07:31 57344 ----a-w- c:\program files\u2dvim.dll
1999-12-07 07:31 . 1999-12-07 07:31 49152 ----a-w- c:\program files\u2dpost.dll
1999-12-07 07:31 . 1999-12-07 07:31 28672 ----a-w- c:\program files\u2fcr.dll
1999-12-07 07:31 . 1999-12-07 07:31 28672 ----a-w- c:\program files\u2dapp.dll
1999-12-07 07:31 . 1999-12-07 07:31 24576 ----a-w- c:\program files\Crxlat32.dll
1999-12-07 06:31 . 1999-12-07 06:31 94208 ----a-w- c:\program files\p2bdao.dll
1999-12-07 06:31 . 1999-12-07 06:31 61440 ----a-w- c:\program files\p2irdao.dll
1999-12-07 06:31 . 1999-12-07 06:31 53248 ----a-w- c:\program files\p2ctdao.dll
1999-12-07 06:31 . 1999-12-07 06:31 23040 ----a-w- c:\program files\P2bbnd.dll
1999-12-07 05:31 . 1999-12-07 05:31 141312 ----a-w- c:\program files\p2bbde.dll
1999-06-02 22:00 . 1999-06-02 22:00 17920 ----a-w- c:\program files\STDOLE2.TLB
1999-05-31 22:00 . 1999-05-31 22:00 326656 ----a-w- c:\program files\MSVCRT40.DLL
1999-03-07 22:00 . 1999-03-07 22:00 164112 ----a-w- c:\program files\OLEPRO32.DLL
1999-03-07 22:00 . 1999-03-07 22:00 147728 ----a-w- c:\program files\ASYCFILT.DLL
1998-06-17 22:00 . 1998-06-17 22:00 89360 ----a-w- c:\program files\VB5DB.DLL
1998-05-30 22:00 . 1998-05-30 22:00 22288 ----a-w- c:\program files\COMCAT.DLL
2009-07-23 19:22 . 2009-02-22 10:54 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2007-03-14 125632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"hmonitor"="c:\program files\Hmonitor\hmonitor.exe" [2006-12-07 851968]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2006-12-01 1583644]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-12 16132608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\DeLUX\Start Menu\Programs\Startup\
CassinyEx.lnk - c:\qbe_calc\CassiniEx\CassiniExWebServer.exe [2008-4-13 45056]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"gupdate1c99017d1c62f66"=2 (0x2)
"ASKUpgrade"=2 (0x2)
"ASKService"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"iPod Service"=3 (0x3)
"bgsvcgen"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"StarWindService"=2 (0x2)
"SavRoam"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ISSVC"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"Bonjour Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 eISISPostgreSQL;eISIS PostgreSQL Database Server;c:\eisis\servers\postgresql\bin\pg_ctl.exe runservice -N eISISPostgreSQL -D c:\eisis\data\db\data" --> c:\eisis\servers\postgresql\bin\pg_ctl.exe runservice -N eISISPostgreSQL -D c:\eisis\data\db\data [?]
R2 eISISTomcat;eISIS Tomcat;c:\eisis\servers\tomcat\bin\tomcat5.exe [22.4.2009 15:54 57344]
R3 EPPSCSIx;EPPSCSI Driver;c:\windows\system32\drivers\eppscan.sys [15.2.2009 12:53 105124]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8.4.2009 20:47 101936]
S4 gupdate1c99017d1c62f66;Google Update Service (gupdate1c99017d1c62f66);c:\program files\Google\Update\GoogleUpdate.exe [16.2.2009 11:20 133104]
S4 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [14.3.2007 20:48 116416]
.
Contents of the 'Scheduled Tasks' folder
2009-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 09:20]
2009-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 09:20]
2009-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-507921405-1801674531-1003Core.job
- c:\documents and settings\DeLUX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-13 18:10]
2009-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-507921405-1801674531-1003UA.job
- c:\documents and settings\DeLUX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-13 18:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.pavol.zabavcik.szm.sk/
mStart Page = hxxp://www.pavol.zabavcik.szm.sk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\PC Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\PC Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\PC Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\PC Translator\WEBIE.DLL
TCP: {D660099D-2221-4A52-B322-1EC128502C38} = 217.119.121.225,217.119.113.244
FF - ProfilePath - c:\documents and settings\DeLUX\Application Data\Mozilla\Firefox\Profiles\qsc79hcq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - plugin: c:\documents and settings\DeLUX\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\TV JOJ Media Player\npplugin_netscape.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-24 15:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\eisis\servers\postgresql\bin\pg_ctl.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
c:\eisis\servers\postgresql\bin\postgres.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
c:\windows\system32\wdfmgr.exe
c:\eisis\servers\postgresql\bin\postgres.exe
c:\eisis\servers\postgresql\bin\postgres.exe
c:\windows\system32\wscntfy.exe
c:\eisis\servers\postgresql\bin\postgres.exe
c:\eisis\servers\postgresql\bin\postgres.exe
c:\eisis\servers\postgresql\bin\postgres.exe
c:\eisis\servers\postgresql\bin\postgres.exe
.
**************************************************************************
.
Completion time: 2009-07-24 15:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-24 13:35
Pre-Run: 16 969 035 776 bytes free
Post-Run: 20 adresárov, 16 840 011 776 voľných bajtov
313
Malwarebytes' Anti-Malware 1.39
Verzia databázy: 2492
Windows 5.1.2600 Service Pack 2
24.7.2009 15:08:14
mbam-log-2009-07-24 (15-08-14).txt
Typ kontroly: Rýchla
Objektov kontrolovaných: 89787
Uplynutý cas: 4 minute(s), 26 second(s)
Infikovaných procesov pamäte: 1
Infikovaných modulov pamäte: 1
Infikovaných registracných klúcov: 2
Infikovaných registracných hodnôt: 1
Infikovaných registracných údajov položiek: 1
Infikovaných priecinkov: 2
Infikovaných súborov: 13
Infikovaných procesov pamäte:
C:\program files\relevantknowledge\rlvknlg.exe (Spyware.Marketscore) -> Unloaded process successfully.
Infikovaných modulov pamäte:
C:\program files\relevantknowledge\rlls.dll (Spyware.Marketscore) -> Delete on reboot.
Infikovaných registracných klúcov:
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
Infikovaných registracných hodnôt:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infikovaných priecinkov:
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> Delete on reboot.
Infikovaných súborov:
c:\documents and settings\all users\start menu\Programs\relevantknowledge\About RelevantKnowledge.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\relevantknowledge\Privacy Policy and User License Agreement.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\relevantknowledge\Support.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\relevantknowledge\Uninstall Instructions.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rlls.dll (Spyware.Marketscore) -> Delete on reboot.
c:\program files\relevantknowledge\rloci.bin (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rlservice.exe (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rlvknlg.exe (Spyware.Marketscore) -> Delete on reboot.
c:\program files\Implode.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files\pg32conv.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files\u25store.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files\u25total.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files\u2lbar.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
			
									
									
						Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1023.589 [GMT 2:00]
Running from: c:\moje dokumenty\Downloads\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *disabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\rlls.dll
c:\windows\system32\Drivers\mfnjr.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ifnpdi
((((((((((((((((((((((((( Files Created from 2009-06-24 to 2009-07-24 )))))))))))))))))))))))))))))))
.
2009-07-24 12:50 . 2009-07-24 12:51 -------- d-----w- c:\documents and settings\DeLUX\Application Data\Notepad++
2009-07-24 12:50 . 2009-07-24 12:50 -------- d-----w- c:\program files\Notepad++
2009-07-24 10:22 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 10:22 . 2009-07-24 10:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 10:22 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-23 15:12 . 2009-07-23 15:12 -------- d-----w- c:\program files\Fotosizer
2009-07-23 14:40 . 2009-07-23 14:40 -------- d-----w- c:\documents and settings\DeLUX\Application Data\Softplicity
2009-07-23 13:23 . 2001-05-16 15:54 309616 ----a-w- c:\windows\system32\wmv8dmod.dll
2009-07-23 13:22 . 2004-05-20 12:24 196608 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2009-07-23 13:22 . 2004-05-20 11:07 335872 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll
2009-07-23 13:22 . 2004-03-02 17:14 307200 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2009-07-23 13:22 . 2004-03-02 17:07 315392 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll
2009-07-23 13:22 . 2003-02-11 12:39 647168 ----a-w- c:\windows\system32\NCTAudioLibrary.dll
2009-07-23 13:22 . 2003-02-11 12:38 892928 ----a-w- c:\windows\system32\NCTAudioInformation.dll
2009-07-23 13:22 . 2003-02-11 12:37 327680 ----a-w- c:\windows\system32\NCTAudioGrabber.dll
2009-07-23 13:22 . 2003-02-11 12:36 1703936 ----a-w- c:\windows\system32\NCTAudioFile.dll
2009-07-23 13:22 . 2004-03-03 16:05 1839104 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2009-07-23 13:22 . 2002-07-23 09:05 413760 ----a-w- c:\windows\system32\mpg4c32.dll
2009-07-20 19:25 . 2009-07-20 19:25 -------- d-----w- c:\program files\FileZilla FTP Client
2009-07-19 19:36 . 2009-07-19 19:36 -------- d-----w- c:\windows\Sun
2009-07-19 15:37 . 2009-07-19 15:37 -------- d-----w- c:\program files\Chami
2009-07-19 14:10 . 2009-07-19 14:10 -------- d-----w- c:\program files\iPod
2009-07-19 14:09 . 2009-07-19 14:10 -------- d-----w- c:\program files\iTunes
2009-07-19 13:57 . 2009-07-19 13:57 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-19 10:39 . 2009-07-19 10:40 -------- d-----w- c:\windows\system32\NtmsData
2009-07-13 12:11 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-13 12:11 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-07-13 10:27 . 2004-08-03 20:58 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-07-13 10:27 . 2004-08-03 20:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-07-13 10:26 . 2004-08-03 21:10 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-07-13 10:26 . 2004-08-03 21:10 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-07-13 10:26 . 2004-08-03 21:10 15360 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-07-13 10:26 . 2004-08-03 21:10 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-07-13 10:26 . 2004-08-03 21:10 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2009-07-13 10:26 . 2004-08-03 21:10 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-07-13 10:26 . 2004-08-03 21:10 19328 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-07-13 10:26 . 2004-08-03 21:10 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-07-13 10:26 . 2004-08-03 21:10 85376 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-07-13 10:26 . 2004-08-03 21:10 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-07-13 10:26 . 2004-08-03 21:10 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-07-13 10:26 . 2004-08-03 21:10 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-07-13 10:25 . 2004-08-03 22:56 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-07-13 10:25 . 2004-08-03 22:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-07-13 10:25 . 2004-08-03 21:10 78464 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2009-07-13 10:25 . 2004-08-03 21:10 78464 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2009-07-13 10:19 . 2009-07-13 10:19 77824 ----a-w- c:\documents and settings\DeLUX\Application Data\Sun\Java\Deployment\cache\6.0\60\3cdbd83c-29a48229-n\scanreg.dll
2009-07-13 10:19 . 2009-07-13 10:19 110592 ----a-w- c:\documents and settings\DeLUX\Application Data\Sun\Java\Deployment\cache\6.0\60\3cdbd83c-29a48229-n\win_dmi.dll
2009-07-13 09:46 . 2009-07-17 19:52 -------- d-----w- c:\documents and settings\DeLUX\Local Settings\Application Data\Temp
2009-07-12 10:21 . 2009-07-12 10:21 -------- d-----w- c:\program files\Borland Delphi Trial Installer
2009-07-12 09:40 . 2009-07-12 09:40 -------- d-----w- c:\documents and settings\DeLUX\Application Data\Apple Computer
2009-07-12 09:39 . 2009-07-12 09:40 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-12 09:33 . 2009-07-12 09:33 -------- d-----w- c:\documents and settings\DeLUX\Local Settings\Application Data\Apple
2009-07-12 09:33 . 2009-07-12 09:33 -------- d-----w- c:\program files\Apple Software Update
2009-07-12 09:33 . 2009-07-19 14:09 -------- d-----w- c:\program files\Common Files\Apple
2009-07-12 09:33 . 2009-07-12 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-12 09:32 . 2009-07-12 09:40 -------- d-----w- c:\documents and settings\DeLUX\Local Settings\Application Data\Apple Computer
2009-06-28 12:33 . 2009-06-30 06:44 -------- d-----w- C:\Projection
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-24 13:19 . 2007-05-31 19:05 40 ----a-w- c:\windows\system32\profile.dat
2009-07-23 22:07 . 2008-09-19 11:01 -------- d-----w- c:\documents and settings\DeLUX\Application Data\FileZilla
2009-07-22 20:16 . 2008-07-10 07:52 -------- d-----w- c:\program files\XoftSpySE
2009-07-22 20:16 . 2007-05-31 17:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-21 19:11 . 2007-05-31 19:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-20 10:56 . 2009-04-08 17:15 -------- d-----w- c:\documents and settings\DeLUX\Application Data\ICQ
2009-07-19 20:00 . 2009-05-03 11:48 -------- d-----w- c:\documents and settings\DeLUX\Application Data\Skype
2009-07-19 18:38 . 2009-05-03 11:50 -------- d-----w- c:\documents and settings\DeLUX\Application Data\skypePM
2009-07-19 15:37 . 2009-07-19 15:37 -------- d-----w- c:\program files\Chami
2009-07-19 14:08 . 2009-02-15 10:47 -------- d-----w- c:\program files\Bonjour
2009-07-19 11:25 . 2007-06-02 09:03 -------- d-----w- c:\program files\Call of Duty
2009-07-16 19:41 . 2008-01-01 14:11 -------- d-----w- c:\documents and settings\DeLUX\Application Data\Azureus
2009-07-12 09:39 . 2007-06-01 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-12 09:34 . 2007-06-01 15:31 -------- d-----w- c:\program files\QuickTime Alternative
2009-06-30 06:32 . 2008-02-26 11:03 -------- d-----w- c:\program files\Kalk Invest 2
2009-06-28 12:42 . 2007-05-31 16:55 47384 ----a-w- c:\documents and settings\DeLUX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-17 17:15 . 2009-05-17 17:15 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-03 11:50 . 2009-05-03 11:50 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2008-02-25 07:33 . 2009-04-06 09:39 378880 ----a-w- c:\program files\ainstall_info.exe
2007-09-03 07:58 . 2007-09-03 07:58 524288 ----a-w- c:\program files\Kalk Invest 2.exe
2007-09-03 07:44 . 2007-09-03 07:44 1036288 ----a-w- c:\program files\sys_db.mdb
2007-08-21 16:32 . 2007-08-21 16:32 20480 ----a-w- c:\program files\ki2_version.exe
2007-01-04 09:46 . 2007-01-04 09:46 378199 ----a-w- c:\program files\uniqa_IZP.rpt
2007-01-03 15:24 . 2007-01-03 15:24 394809 ----a-w- c:\program files\01_izp_newest.rpt
2006-01-27 07:10 . 2006-01-27 07:10 420352 ----a-w- c:\program files\02_izp.rpt
2005-09-29 09:01 . 2005-09-29 09:01 83968 ----a-w- c:\program files\Kalk Invet 2 manuál.doc
2005-02-22 13:41 . 2005-02-22 13:41 437248 ----a-w- c:\program files\01_izp.rpt
2005-02-21 10:28 . 2005-02-21 10:28 1003 ----a-w- c:\program files\licencia.txt
2004-09-28 13:14 . 2004-09-28 13:14 307200 ----a-w- c:\program files\p2sodbc.dll
2004-06-11 10:22 . 2004-06-11 10:22 98304 ----a-w- c:\program files\u2ftext.dll
2004-02-23 19:42 . 2004-02-23 19:42 1386496 ----a-w- c:\program files\MSVBVM60.DLL
2004-02-01 22:46 . 2004-02-01 22:46 208896 ----a-w- c:\program files\p2soledb.dll
2003-11-27 18:47 . 2003-11-27 18:47 40960 ----a-w- c:\program files\u2fsepv.dll
2003-08-12 13:51 . 2003-08-12 13:51 212992 ----a-w- c:\program files\p2ssyb10.dll
2003-08-08 11:56 . 2003-08-08 11:56 225280 ----a-w- c:\program files\u2fxls.dll
2003-07-09 02:24 . 2003-07-09 02:24 53248 ----a-w- c:\program files\u2fodbc.dll
2003-07-02 10:47 . 2003-07-02 10:47 6074429 ----a-w- c:\program files\craxdrt.dll
2003-06-10 13:04 . 2003-06-10 13:04 5558329 ----a-w- c:\program files\crpe32.dll
2003-02-21 05:44 . 2003-02-21 05:44 176128 ----a-w- c:\program files\p2sora7.dll
2002-09-04 15:37 . 2002-09-04 15:37 106496 ----a-w- c:\program files\u2lcom.dll
2002-09-03 19:48 . 2002-09-03 19:48 401462 ----a-w- c:\program files\msvcp60.dll
2002-09-03 19:46 . 2002-09-03 19:46 487424 ----a-w- c:\program files\msado15.dll
2002-09-03 19:44 . 2002-09-03 19:44 995383 ----a-w- c:\program files\mfc42.dll
2002-09-03 19:36 . 2002-09-03 19:36 557128 ----a-w- c:\program files\dao360.dll
2002-09-03 19:34 . 2002-09-03 19:34 258048 ----a-w- c:\program files\comdlg32.dll
2002-09-03 19:34 . 2002-09-03 19:34 557056 ----a-w- c:\program files\comctl32.dll
2002-08-22 22:02 . 2002-08-22 22:02 168000 ----a-w- c:\program files\p2ssql.dll
2002-07-23 21:58 . 2002-07-23 21:58 192512 ----a-w- c:\program files\P2smon.dll
2002-04-10 11:36 . 2002-04-10 11:36 163895 ----a-w- c:\program files\u2frtf.dll
2002-01-04 09:54 . 2002-01-04 09:54 28672 ----a-w- c:\program files\u2ddisk.dll
2001-12-14 14:24 . 2001-12-14 14:24 40960 ----a-w- c:\program files\u2dmapi.dll
2001-12-12 14:33 . 2001-12-12 14:33 40960 ----a-w- c:\program files\u2fwks.dll
2001-12-12 08:14 . 2001-12-12 08:14 36864 ----a-w- c:\program files\u2frec.dll
2001-12-05 16:53 . 2001-12-05 16:53 249856 ----a-w- c:\program files\p2bxbse.dll
2001-07-26 13:32 . 2001-07-26 13:32 53248 ----a-w- c:\program files\u2dnotes.dll
2001-06-19 12:06 . 2001-06-19 12:06 45056 ----a-w- c:\program files\u2fhtml.dll
2001-05-20 23:45 . 2001-05-20 23:45 167936 ----a-w- c:\program files\p2sifmx.dll
2001-04-11 13:49 . 2001-04-11 13:49 106496 ----a-w- c:\program files\u2fwordw.dll
2000-12-05 08:42 . 2000-12-05 08:42 140288 ----a-w- c:\program files\comdlg32.ocx
2000-07-14 23:00 . 2000-07-14 23:00 101888 ----a-w- c:\program files\VB6STKIT.DLL
2000-07-14 22:00 . 2000-07-14 22:00 77824 ----a-w- c:\program files\MSBIND.DLL
2000-07-14 22:00 . 2000-07-14 22:00 73216 ----a-w- c:\program files\ST6UNST.EXE
2000-07-14 22:00 . 2000-07-14 22:00 249856 ----a-w- c:\program files\SETUP1.EXE
2000-07-14 22:00 . 2000-07-14 22:00 118784 ----a-w- c:\program files\MSSTDFMT.DLL
2000-05-21 22:00 . 2000-05-21 22:00 1009336 ----a-w- c:\program files\MSCHRT20.OCX
2000-04-11 22:00 . 2000-04-11 22:00 598288 ----a-w- c:\program files\OLEAUT32.DLL
2000-02-18 17:58 . 2000-02-18 17:58 513424 ----a-w- c:\program files\crviewer.dll
2000-01-19 22:00 . 2000-01-19 22:00 7856352 ----a-w- c:\program files\MDAC_TYP.EXE
2000-01-11 06:09 . 2000-01-11 06:09 618496 ----a-w- c:\program files\Crpaig80.dll
1999-12-10 13:24 . 1999-12-10 13:24 974848 ----a-w- c:\program files\SSCSDK80.DLL
1999-12-10 06:17 . 1999-12-10 06:17 847324 ----a-w- c:\program files\Crystl32.OCX
1999-12-07 07:31 . 1999-12-07 07:31 24576 ----a-w- c:\program files\u2lsamp1.dll
1999-12-07 07:31 . 1999-12-07 07:31 24576 ----a-w- c:\program files\u2ldts.dll
1999-12-07 07:31 . 1999-12-07 07:31 24576 ----a-w- c:\program files\u2l2000.dll
1999-12-07 07:31 . 1999-12-07 07:31 24576 ----a-w- c:\program files\u25dts.dll
1999-12-07 07:31 . 1999-12-07 07:31 24576 ----a-w- c:\program files\u252000.dll
1999-12-07 07:31 . 1999-12-07 07:31 57344 ----a-w- c:\program files\u2dvim.dll
1999-12-07 07:31 . 1999-12-07 07:31 49152 ----a-w- c:\program files\u2dpost.dll
1999-12-07 07:31 . 1999-12-07 07:31 28672 ----a-w- c:\program files\u2fcr.dll
1999-12-07 07:31 . 1999-12-07 07:31 28672 ----a-w- c:\program files\u2dapp.dll
1999-12-07 07:31 . 1999-12-07 07:31 24576 ----a-w- c:\program files\Crxlat32.dll
1999-12-07 06:31 . 1999-12-07 06:31 94208 ----a-w- c:\program files\p2bdao.dll
1999-12-07 06:31 . 1999-12-07 06:31 61440 ----a-w- c:\program files\p2irdao.dll
1999-12-07 06:31 . 1999-12-07 06:31 53248 ----a-w- c:\program files\p2ctdao.dll
1999-12-07 06:31 . 1999-12-07 06:31 23040 ----a-w- c:\program files\P2bbnd.dll
1999-12-07 05:31 . 1999-12-07 05:31 141312 ----a-w- c:\program files\p2bbde.dll
1999-06-02 22:00 . 1999-06-02 22:00 17920 ----a-w- c:\program files\STDOLE2.TLB
1999-05-31 22:00 . 1999-05-31 22:00 326656 ----a-w- c:\program files\MSVCRT40.DLL
1999-03-07 22:00 . 1999-03-07 22:00 164112 ----a-w- c:\program files\OLEPRO32.DLL
1999-03-07 22:00 . 1999-03-07 22:00 147728 ----a-w- c:\program files\ASYCFILT.DLL
1998-06-17 22:00 . 1998-06-17 22:00 89360 ----a-w- c:\program files\VB5DB.DLL
1998-05-30 22:00 . 1998-05-30 22:00 22288 ----a-w- c:\program files\COMCAT.DLL
2009-07-23 19:22 . 2009-02-22 10:54 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2007-03-14 125632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"hmonitor"="c:\program files\Hmonitor\hmonitor.exe" [2006-12-07 851968]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2006-12-01 1583644]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-12 16132608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\DeLUX\Start Menu\Programs\Startup\
CassinyEx.lnk - c:\qbe_calc\CassiniEx\CassiniExWebServer.exe [2008-4-13 45056]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"gupdate1c99017d1c62f66"=2 (0x2)
"ASKUpgrade"=2 (0x2)
"ASKService"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"iPod Service"=3 (0x3)
"bgsvcgen"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"StarWindService"=2 (0x2)
"SavRoam"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ISSVC"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"Bonjour Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 eISISPostgreSQL;eISIS PostgreSQL Database Server;c:\eisis\servers\postgresql\bin\pg_ctl.exe runservice -N eISISPostgreSQL -D c:\eisis\data\db\data" --> c:\eisis\servers\postgresql\bin\pg_ctl.exe runservice -N eISISPostgreSQL -D c:\eisis\data\db\data [?]
R2 eISISTomcat;eISIS Tomcat;c:\eisis\servers\tomcat\bin\tomcat5.exe [22.4.2009 15:54 57344]
R3 EPPSCSIx;EPPSCSI Driver;c:\windows\system32\drivers\eppscan.sys [15.2.2009 12:53 105124]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8.4.2009 20:47 101936]
S4 gupdate1c99017d1c62f66;Google Update Service (gupdate1c99017d1c62f66);c:\program files\Google\Update\GoogleUpdate.exe [16.2.2009 11:20 133104]
S4 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [14.3.2007 20:48 116416]
.
Contents of the 'Scheduled Tasks' folder
2009-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 09:20]
2009-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 09:20]
2009-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-507921405-1801674531-1003Core.job
- c:\documents and settings\DeLUX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-13 18:10]
2009-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-507921405-1801674531-1003UA.job
- c:\documents and settings\DeLUX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-13 18:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.pavol.zabavcik.szm.sk/
mStart Page = hxxp://www.pavol.zabavcik.szm.sk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\PC Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\PC Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\PC Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\PC Translator\WEBIE.DLL
TCP: {D660099D-2221-4A52-B322-1EC128502C38} = 217.119.121.225,217.119.113.244
FF - ProfilePath - c:\documents and settings\DeLUX\Application Data\Mozilla\Firefox\Profiles\qsc79hcq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - plugin: c:\documents and settings\DeLUX\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\TV JOJ Media Player\npplugin_netscape.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-24 15:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\eisis\servers\postgresql\bin\pg_ctl.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
c:\eisis\servers\postgresql\bin\postgres.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
c:\windows\system32\wdfmgr.exe
c:\eisis\servers\postgresql\bin\postgres.exe
c:\eisis\servers\postgresql\bin\postgres.exe
c:\windows\system32\wscntfy.exe
c:\eisis\servers\postgresql\bin\postgres.exe
c:\eisis\servers\postgresql\bin\postgres.exe
c:\eisis\servers\postgresql\bin\postgres.exe
c:\eisis\servers\postgresql\bin\postgres.exe
.
**************************************************************************
.
Completion time: 2009-07-24 15:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-24 13:35
Pre-Run: 16 969 035 776 bytes free
Post-Run: 20 adresárov, 16 840 011 776 voľných bajtov
313
Malwarebytes' Anti-Malware 1.39
Verzia databázy: 2492
Windows 5.1.2600 Service Pack 2
24.7.2009 15:08:14
mbam-log-2009-07-24 (15-08-14).txt
Typ kontroly: Rýchla
Objektov kontrolovaných: 89787
Uplynutý cas: 4 minute(s), 26 second(s)
Infikovaných procesov pamäte: 1
Infikovaných modulov pamäte: 1
Infikovaných registracných klúcov: 2
Infikovaných registracných hodnôt: 1
Infikovaných registracných údajov položiek: 1
Infikovaných priecinkov: 2
Infikovaných súborov: 13
Infikovaných procesov pamäte:
C:\program files\relevantknowledge\rlvknlg.exe (Spyware.Marketscore) -> Unloaded process successfully.
Infikovaných modulov pamäte:
C:\program files\relevantknowledge\rlls.dll (Spyware.Marketscore) -> Delete on reboot.
Infikovaných registracných klúcov:
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
Infikovaných registracných hodnôt:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infikovaných priecinkov:
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> Delete on reboot.
Infikovaných súborov:
c:\documents and settings\all users\start menu\Programs\relevantknowledge\About RelevantKnowledge.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\relevantknowledge\Privacy Policy and User License Agreement.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\relevantknowledge\Support.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\relevantknowledge\Uninstall Instructions.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rlls.dll (Spyware.Marketscore) -> Delete on reboot.
c:\program files\relevantknowledge\rloci.bin (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rlservice.exe (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rlvknlg.exe (Spyware.Marketscore) -> Delete on reboot.
c:\program files\Implode.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files\pg32conv.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files\u25store.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files\u25total.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\program files\u2lbar.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
- jaro3
- člen Security týmu
- 
		Guru Level 15
		
   
- Příspěvky: 43355
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:  
- Stav:
		Offline
Re: Blbne mi počítač. pomôžte prosím +
Ty jednotlivé soubory v c:\program files\, to si tam dával sám?
Toto otestuj na Virustotal
c:\documents and settings\DeLUX\Application Data\Sun\Java\Deployment\cache\6.0\60\3cdbd83c-29a48229-n\win_dmi.dll
c:\documents and settings\DeLUX\Application Data\Sun\Java\Deployment\cache\6.0\60\3cdbd83c-29a48229-n\scanreg.dll
c:\program files\ainstall_info.exe
c:\program files\Kalk Invest 2.exe
Vlož sem pak odkazy výsledků.
Vymaž potom Java cache, návod:
http://www.java.com/en/download/help/5000020300.xml
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
Stáhni si :Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
			
									
									Toto otestuj na Virustotal
c:\documents and settings\DeLUX\Application Data\Sun\Java\Deployment\cache\6.0\60\3cdbd83c-29a48229-n\win_dmi.dll
c:\documents and settings\DeLUX\Application Data\Sun\Java\Deployment\cache\6.0\60\3cdbd83c-29a48229-n\scanreg.dll
c:\program files\ainstall_info.exe
c:\program files\Kalk Invest 2.exe
Vlož sem pak odkazy výsledků.
Vymaž potom Java cache, návod:
http://www.java.com/en/download/help/5000020300.xml
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
Stáhni si :Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
DirLook:.
c:\documents and settings\DeLUX\Local Settings\Application Data\Temp
File::
c:\windows\system32\d3d9caps.dat
c:\windows\system32\ezsidmv.dat
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
						Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Blbne mi počítač. pomôžte prosím +
Tie súbory z Program files som ta nevložil sám, nechal som to bežať podľa tvojich inštrukcií.
To čo si chcel som vyčistil, ale čo ak používam hlavne Google Chrome ? A dr Web nedal žiadne výsledky.
Prikladám logy z HJT a ComboFix
ComboFix 09-07-23.04 - DeLUX 24.07.2009 17:02.2.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1023.209 [GMT 2:00]
Running from: c:\moje dokumenty\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\DeLUX\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *disabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
"c:\windows\system32\d3d9caps.dat"
"c:\windows\system32\ezsidmv.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\d3d9caps.dat
c:\windows\system32\ezsidmv.dat
.
((((((((((((((((((((((((( Files Created from 2009-06-24 to 2009-07-24 )))))))))))))))))))))))))))))))
.
2009-07-24 12:50 . 2009-07-24 12:51 -------- d-----w- c:\documents and settings\DeLUX\Application Data\Notepad++
2009-07-24 12:50 . 2009-07-24 12:50 -------- d-----w- c:\program files\Notepad++
2009-07-24 10:22 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 10:22 . 2009-07-24 10:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 10:22 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-23 15:12 . 2009-07-23 15:12 -------- d-----w- c:\program files\Fotosizer
2009-07-23 14:40 . 2009-07-23 14:40 -------- d-----w- c:\documents and settings\DeLUX\Application Data\Softplicity
2009-07-23 13:23 . 2001-05-16 15:54 309616 ----a-w- c:\windows\system32\wmv8dmod.dll
2009-07-23 13:22 . 2004-05-20 12:24 196608 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2009-07-23 13:22 . 2004-05-20 11:07 335872 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll
2009-07-23 13:22 . 2004-03-02 17:14 307200 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2009-07-23 13:22 . 2004-03-02 17:07 315392 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll
2009-07-23 13:22 . 2003-02-11 12:39 647168 ----a-w- c:\windows\system32\NCTAudioLibrary.dll
2009-07-23 13:22 . 2003-02-11 12:38 892928 ----a-w- c:\windows\system32\NCTAudioInformation.dll
2009-07-23 13:22 . 2003-02-11 12:37 327680 ----a-w- c:\windows\system32\NCTAudioGrabber.dll
2009-07-23 13:22 . 2003-02-11 12:36 1703936 ----a-w- c:\windows\system32\NCTAudioFile.dll
2009-07-23 13:22 . 2004-03-03 16:05 1839104 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2009-07-23 13:22 . 2002-07-23 09:05 413760 ----a-w- c:\windows\system32\mpg4c32.dll
2009-07-20 19:25 . 2009-07-20 19:25 -------- d-----w- c:\program files\FileZilla FTP Client
2009-07-19 19:36 . 2009-07-19 19:36 -------- d-----w- c:\windows\Sun
2009-07-19 15:37 . 2009-07-19 15:37 -------- d-----w- c:\program files\Chami
2009-07-19 14:10 . 2009-07-19 14:10 -------- d-----w- c:\program files\iPod
2009-07-19 14:09 . 2009-07-19 14:10 -------- d-----w- c:\program files\iTunes
2009-07-19 13:57 . 2009-07-19 13:57 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-19 10:39 . 2009-07-19 10:40 -------- d-----w- c:\windows\system32\NtmsData
2009-07-13 12:11 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-13 12:11 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-07-13 10:27 . 2004-08-03 20:58 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-07-13 10:27 . 2004-08-03 20:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-07-13 10:26 . 2004-08-03 21:10 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-07-13 10:26 . 2004-08-03 21:10 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-07-13 10:26 . 2004-08-03 21:10 15360 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-07-13 10:26 . 2004-08-03 21:10 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-07-13 10:26 . 2004-08-03 21:10 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2009-07-13 10:26 . 2004-08-03 21:10 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-07-13 10:26 . 2004-08-03 21:10 19328 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-07-13 10:26 . 2004-08-03 21:10 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-07-13 10:26 . 2004-08-03 21:10 85376 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-07-13 10:26 . 2004-08-03 21:10 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-07-13 10:26 . 2004-08-03 21:10 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-07-13 10:26 . 2004-08-03 21:10 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-07-13 10:25 . 2004-08-03 22:56 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-07-13 10:25 . 2004-08-03 22:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-07-13 10:25 . 2004-08-03 21:10 78464 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2009-07-13 10:25 . 2004-08-03 21:10 78464 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2009-07-13 09:46 . 2009-07-17 19:52 -------- d-----w- c:\documents and settings\DeLUX\Local Settings\Application Data\Temp
2009-07-12 10:21 . 2009-07-12 10:21 -------- d-----w- c:\program files\Borland Delphi Trial Installer
2009-07-12 09:40 . 2009-07-12 09:40 -------- d-----w- c:\documents and settings\DeLUX\Application Data\Apple Computer
2009-07-12 09:39 . 2009-07-12 09:40 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-12 09:33 . 2009-07-12 09:33 -------- d-----w- c:\documents and settings\DeLUX\Local Settings\Application Data\Apple
2009-07-12 09:33 . 2009-07-12 09:33 -------- d-----w- c:\program files\Apple Software Update
2009-07-12 09:33 . 2009-07-19 14:09 -------- d-----w- c:\program files\Common Files\Apple
2009-07-12 09:33 . 2009-07-12 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-12 09:32 . 2009-07-12 09:40 -------- d-----w- c:\documents and settings\DeLUX\Local Settings\Application Data\Apple Computer
2009-06-28 12:33 . 2009-06-30 06:44 -------- d-----w- C:\Projection
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-24 13:19 . 2007-05-31 19:05 40 ----a-w- c:\windows\system32\profile.dat
2009-07-23 22:07 . 2008-09-19 11:01 -------- d-----w- c:\documents and settings\DeLUX\Application Data\FileZilla
2009-07-22 20:16 . 2008-07-10 07:52 -------- d-----w- c:\program files\XoftSpySE
2009-07-22 20:16 . 2007-05-31 17:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-21 19:11 . 2007-05-31 19:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-20 10:56 . 2009-04-08 17:15 -------- d-----w- c:\documents and settings\DeLUX\Application Data\ICQ
2009-07-19 20:00 . 2009-05-03 11:48 -------- d-----w- c:\documents and settings\DeLUX\Application Data\Skype
2009-07-19 18:38 . 2009-05-03 11:50 -------- d-----w- c:\documents and settings\DeLUX\Application Data\skypePM
2009-07-19 15:37 . 2009-07-19 15:37 -------- d-----w- c:\program files\Chami
2009-07-19 14:08 . 2009-02-15 10:47 -------- d-----w- c:\program files\Bonjour
2009-07-19 11:25 . 2007-06-02 09:03 -------- d-----w- c:\program files\Call of Duty
2009-07-16 19:41 . 2008-01-01 14:11 -------- d-----w- c:\documents and settings\DeLUX\Application Data\Azureus
2009-07-12 09:39 . 2007-06-01 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-12 09:34 . 2007-06-01 15:31 -------- d-----w- c:\program files\QuickTime Alternative
2009-06-30 06:32 . 2008-02-26 11:03 -------- d-----w- c:\program files\Kalk Invest 2
2009-06-28 12:42 . 2007-05-31 16:55 47384 ----a-w- c:\documents and settings\DeLUX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-02-25 07:33 . 2009-04-06 09:39 378880 ----a-w- c:\program files\ainstall_info.exe
2007-09-03 07:58 . 2007-09-03 07:58 524288 ----a-w- c:\program files\Kalk Invest 2.exe
2007-09-03 07:44 . 2007-09-03 07:44 1036288 ----a-w- c:\program files\sys_db.mdb
2007-08-21 16:32 . 2007-08-21 16:32 20480 ----a-w- c:\program files\ki2_version.exe
2007-01-04 09:46 . 2007-01-04 09:46 378199 ----a-w- c:\program files\uniqa_IZP.rpt
2007-01-03 15:24 . 2007-01-03 15:24 394809 ----a-w- c:\program files\01_izp_newest.rpt
2006-01-27 07:10 . 2006-01-27 07:10 420352 ----a-w- c:\program files\02_izp.rpt
2005-09-29 09:01 . 2005-09-29 09:01 83968 ----a-w- c:\program files\Kalk Invet 2 manuál.doc
2005-02-22 13:41 . 2005-02-22 13:41 437248 ----a-w- c:\program files\01_izp.rpt
2005-02-21 10:28 . 2005-02-21 10:28 1003 ----a-w- c:\program files\licencia.txt
2004-09-28 13:14 . 2004-09-28 13:14 307200 ----a-w- c:\program files\p2sodbc.dll
2004-06-11 10:22 . 2004-06-11 10:22 98304 ----a-w- c:\program files\u2ftext.dll
2004-02-23 19:42 . 2004-02-23 19:42 1386496 ----a-w- c:\program files\MSVBVM60.DLL
2004-02-01 22:46 . 2004-02-01 22:46 208896 ----a-w- c:\program files\p2soledb.dll
2003-11-27 18:47 . 2003-11-27 18:47 40960 ----a-w- c:\program files\u2fsepv.dll
2003-08-12 13:51 . 2003-08-12 13:51 212992 ----a-w- c:\program files\p2ssyb10.dll
2003-08-08 11:56 . 2003-08-08 11:56 225280 ----a-w- c:\program files\u2fxls.dll
2003-07-09 02:24 . 2003-07-09 02:24 53248 ----a-w- c:\program files\u2fodbc.dll
2003-07-02 10:47 . 2003-07-02 10:47 6074429 ----a-w- c:\program files\craxdrt.dll
2003-06-10 13:04 . 2003-06-10 13:04 5558329 ----a-w- c:\program files\crpe32.dll
2003-02-21 05:44 . 2003-02-21 05:44 176128 ----a-w- c:\program files\p2sora7.dll
2002-09-04 15:37 . 2002-09-04 15:37 106496 ----a-w- c:\program files\u2lcom.dll
2002-09-03 19:48 . 2002-09-03 19:48 401462 ----a-w- c:\program files\msvcp60.dll
2002-09-03 19:46 . 2002-09-03 19:46 487424 ----a-w- c:\program files\msado15.dll
2002-09-03 19:44 . 2002-09-03 19:44 995383 ----a-w- c:\program files\mfc42.dll
2002-09-03 19:36 . 2002-09-03 19:36 557128 ----a-w- c:\program files\dao360.dll
2002-09-03 19:34 . 2002-09-03 19:34 258048 ----a-w- c:\program files\comdlg32.dll
2002-09-03 19:34 . 2002-09-03 19:34 557056 ----a-w- c:\program files\comctl32.dll
2002-08-22 22:02 . 2002-08-22 22:02 168000 ----a-w- c:\program files\p2ssql.dll
2002-07-23 21:58 . 2002-07-23 21:58 192512 ----a-w- c:\program files\P2smon.dll
2002-04-10 11:36 . 2002-04-10 11:36 163895 ----a-w- c:\program files\u2frtf.dll
2002-01-04 09:54 . 2002-01-04 09:54 28672 ----a-w- c:\program files\u2ddisk.dll
2001-12-14 14:24 . 2001-12-14 14:24 40960 ----a-w- c:\program files\u2dmapi.dll
2001-12-12 14:33 . 2001-12-12 14:33 40960 ----a-w- c:\program files\u2fwks.dll
2001-12-12 08:14 . 2001-12-12 08:14 36864 ----a-w- c:\program files\u2frec.dll
2001-12-05 16:53 . 2001-12-05 16:53 249856 ----a-w- c:\program files\p2bxbse.dll
2001-07-26 13:32 . 2001-07-26 13:32 53248 ----a-w- c:\program files\u2dnotes.dll
2001-06-19 12:06 . 2001-06-19 12:06 45056 ----a-w- c:\program files\u2fhtml.dll
2001-05-20 23:45 . 2001-05-20 23:45 167936 ----a-w- c:\program files\p2sifmx.dll
2001-04-11 13:49 . 2001-04-11 13:49 106496 ----a-w- c:\program files\u2fwordw.dll
2000-12-05 08:42 . 2000-12-05 08:42 140288 ----a-w- c:\program files\comdlg32.ocx
2000-07-14 23:00 . 2000-07-14 23:00 101888 ----a-w- c:\program files\VB6STKIT.DLL
2000-07-14 22:00 . 2000-07-14 22:00 77824 ----a-w- c:\program files\MSBIND.DLL
2000-07-14 22:00 . 2000-07-14 22:00 73216 ----a-w- c:\program files\ST6UNST.EXE
2000-07-14 22:00 . 2000-07-14 22:00 249856 ----a-w- c:\program files\SETUP1.EXE
2000-07-14 22:00 . 2000-07-14 22:00 118784 ----a-w- c:\program files\MSSTDFMT.DLL
2000-05-21 22:00 . 2000-05-21 22:00 1009336 ----a-w- c:\program files\MSCHRT20.OCX
2000-04-11 22:00 . 2000-04-11 22:00 598288 ----a-w- c:\program files\OLEAUT32.DLL
2000-02-18 17:58 . 2000-02-18 17:58 513424 ----a-w- c:\program files\crviewer.dll
2000-01-19 22:00 . 2000-01-19 22:00 7856352 ----a-w- c:\program files\MDAC_TYP.EXE
2000-01-11 06:09 . 2000-01-11 06:09 618496 ----a-w- c:\program files\Crpaig80.dll
1999-12-10 13:24 . 1999-12-10 13:24 974848 ----a-w- c:\program files\SSCSDK80.DLL
1999-12-10 06:17 . 1999-12-10 06:17 847324 ----a-w- c:\program files\Crystl32.OCX
1999-12-07 07:31 . 1999-12-07 07:31 24576 ----a-w- c:\program files\u2lsamp1.dll
1999-12-07 07:31 . 1999-12-07 07:31 24576 ----a-w- c:\program files\u2ldts.dll
1999-12-07 07:31 . 1999-12-07 07:31 24576 ----a-w- c:\program files\u2l2000.dll
1999-12-07 07:31 . 1999-12-07 07:31 24576 ----a-w- c:\program files\u25dts.dll
1999-12-07 07:31 . 1999-12-07 07:31 24576 ----a-w- c:\program files\u252000.dll
1999-12-07 07:31 . 1999-12-07 07:31 57344 ----a-w- c:\program files\u2dvim.dll
1999-12-07 07:31 . 1999-12-07 07:31 49152 ----a-w- c:\program files\u2dpost.dll
1999-12-07 07:31 . 1999-12-07 07:31 28672 ----a-w- c:\program files\u2fcr.dll
1999-12-07 07:31 . 1999-12-07 07:31 28672 ----a-w- c:\program files\u2dapp.dll
1999-12-07 07:31 . 1999-12-07 07:31 24576 ----a-w- c:\program files\Crxlat32.dll
1999-12-07 06:31 . 1999-12-07 06:31 94208 ----a-w- c:\program files\p2bdao.dll
1999-12-07 06:31 . 1999-12-07 06:31 61440 ----a-w- c:\program files\p2irdao.dll
1999-12-07 06:31 . 1999-12-07 06:31 53248 ----a-w- c:\program files\p2ctdao.dll
1999-12-07 06:31 . 1999-12-07 06:31 23040 ----a-w- c:\program files\P2bbnd.dll
1999-12-07 05:31 . 1999-12-07 05:31 141312 ----a-w- c:\program files\p2bbde.dll
1999-06-02 22:00 . 1999-06-02 22:00 17920 ----a-w- c:\program files\STDOLE2.TLB
1999-05-31 22:00 . 1999-05-31 22:00 326656 ----a-w- c:\program files\MSVCRT40.DLL
1999-03-07 22:00 . 1999-03-07 22:00 164112 ----a-w- c:\program files\OLEPRO32.DLL
1999-03-07 22:00 . 1999-03-07 22:00 147728 ----a-w- c:\program files\ASYCFILT.DLL
1998-06-17 22:00 . 1998-06-17 22:00 89360 ----a-w- c:\program files\VB5DB.DLL
1998-05-30 22:00 . 1998-05-30 22:00 22288 ----a-w- c:\program files\COMCAT.DLL
2009-07-23 19:22 . 2009-02-22 10:54 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2007-03-14 125632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"hmonitor"="c:\program files\Hmonitor\hmonitor.exe" [2006-12-07 851968]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2006-12-01 1583644]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-12 16132608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\DeLUX\Start Menu\Programs\Startup\
CassinyEx.lnk - c:\qbe_calc\CassiniEx\CassiniExWebServer.exe [2008-4-13 45056]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"gupdate1c99017d1c62f66"=2 (0x2)
"ASKUpgrade"=2 (0x2)
"ASKService"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"iPod Service"=3 (0x3)
"bgsvcgen"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"StarWindService"=2 (0x2)
"SavRoam"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ISSVC"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"Bonjour Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 eISISPostgreSQL;eISIS PostgreSQL Database Server;c:\eisis\servers\postgresql\bin\pg_ctl.exe runservice -N eISISPostgreSQL -D c:\eisis\data\db\data" --> c:\eisis\servers\postgresql\bin\pg_ctl.exe runservice -N eISISPostgreSQL -D c:\eisis\data\db\data [?]
R2 eISISTomcat;eISIS Tomcat;c:\eisis\servers\tomcat\bin\tomcat5.exe [22.4.2009 15:54 57344]
R3 EPPSCSIx;EPPSCSI Driver;c:\windows\system32\drivers\eppscan.sys [15.2.2009 12:53 105124]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8.4.2009 20:47 101936]
S4 gupdate1c99017d1c62f66;Google Update Service (gupdate1c99017d1c62f66);c:\program files\Google\Update\GoogleUpdate.exe [16.2.2009 11:20 133104]
S4 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [14.3.2007 20:48 116416]
--- Other Services/Drivers In Memory ---
*Deregistered* - DwShield000004B7
.
Contents of the 'Scheduled Tasks' folder
2009-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 09:20]
2009-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 09:20]
2009-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-507921405-1801674531-1003Core.job
- c:\documents and settings\DeLUX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-13 18:10]
2009-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-507921405-1801674531-1003UA.job
- c:\documents and settings\DeLUX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-13 18:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.pavol.zabavcik.szm.sk/
mStart Page = hxxp://www.pavol.zabavcik.szm.sk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\PC Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\PC Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\PC Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\PC Translator\WEBIE.DLL
TCP: {D660099D-2221-4A52-B322-1EC128502C38} = 217.119.121.225,217.119.113.244
FF - ProfilePath - c:\documents and settings\DeLUX\Application Data\Mozilla\Firefox\Profiles\qsc79hcq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - plugin: c:\documents and settings\DeLUX\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\TV JOJ Media Player\npplugin_netscape.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-24 17:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2009-07-24 17:22
ComboFix-quarantined-files.txt 2009-07-24 15:22
ComboFix2.txt 2009-07-24 13:35
Pre-Run: 16 892 571 648 bytes free
Post-Run: 20 adresárov, 16 892 276 736 voľných bajtov
282
Please help us improve HijackThis by reporting this error
Click 'Yes' to submit
Error Details:
An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=system.ini, sSection=boot, sValue=Shell)
Error #5 - Invalid procedure call or argument
Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 2.0.2
			
									
									
						To čo si chcel som vyčistil, ale čo ak používam hlavne Google Chrome ? A dr Web nedal žiadne výsledky.
Prikladám logy z HJT a ComboFix
ComboFix 09-07-23.04 - DeLUX 24.07.2009 17:02.2.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1023.209 [GMT 2:00]
Running from: c:\moje dokumenty\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\DeLUX\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *disabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
"c:\windows\system32\d3d9caps.dat"
"c:\windows\system32\ezsidmv.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\d3d9caps.dat
c:\windows\system32\ezsidmv.dat
.
((((((((((((((((((((((((( Files Created from 2009-06-24 to 2009-07-24 )))))))))))))))))))))))))))))))
.
2009-07-24 12:50 . 2009-07-24 12:51 -------- d-----w- c:\documents and settings\DeLUX\Application Data\Notepad++
2009-07-24 12:50 . 2009-07-24 12:50 -------- d-----w- c:\program files\Notepad++
2009-07-24 10:22 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 10:22 . 2009-07-24 10:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 10:22 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-23 15:12 . 2009-07-23 15:12 -------- d-----w- c:\program files\Fotosizer
2009-07-23 14:40 . 2009-07-23 14:40 -------- d-----w- c:\documents and settings\DeLUX\Application Data\Softplicity
2009-07-23 13:23 . 2001-05-16 15:54 309616 ----a-w- c:\windows\system32\wmv8dmod.dll
2009-07-23 13:22 . 2004-05-20 12:24 196608 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2009-07-23 13:22 . 2004-05-20 11:07 335872 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll
2009-07-23 13:22 . 2004-03-02 17:14 307200 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2009-07-23 13:22 . 2004-03-02 17:07 315392 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll
2009-07-23 13:22 . 2003-02-11 12:39 647168 ----a-w- c:\windows\system32\NCTAudioLibrary.dll
2009-07-23 13:22 . 2003-02-11 12:38 892928 ----a-w- c:\windows\system32\NCTAudioInformation.dll
2009-07-23 13:22 . 2003-02-11 12:37 327680 ----a-w- c:\windows\system32\NCTAudioGrabber.dll
2009-07-23 13:22 . 2003-02-11 12:36 1703936 ----a-w- c:\windows\system32\NCTAudioFile.dll
2009-07-23 13:22 . 2004-03-03 16:05 1839104 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2009-07-23 13:22 . 2002-07-23 09:05 413760 ----a-w- c:\windows\system32\mpg4c32.dll
2009-07-20 19:25 . 2009-07-20 19:25 -------- d-----w- c:\program files\FileZilla FTP Client
2009-07-19 19:36 . 2009-07-19 19:36 -------- d-----w- c:\windows\Sun
2009-07-19 15:37 . 2009-07-19 15:37 -------- d-----w- c:\program files\Chami
2009-07-19 14:10 . 2009-07-19 14:10 -------- d-----w- c:\program files\iPod
2009-07-19 14:09 . 2009-07-19 14:10 -------- d-----w- c:\program files\iTunes
2009-07-19 13:57 . 2009-07-19 13:57 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-19 10:39 . 2009-07-19 10:40 -------- d-----w- c:\windows\system32\NtmsData
2009-07-13 12:11 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-13 12:11 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-07-13 10:27 . 2004-08-03 20:58 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-07-13 10:27 . 2004-08-03 20:58 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-07-13 10:26 . 2004-08-03 21:10 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-07-13 10:26 . 2004-08-03 21:10 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-07-13 10:26 . 2004-08-03 21:10 15360 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-07-13 10:26 . 2004-08-03 21:10 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-07-13 10:26 . 2004-08-03 21:10 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2009-07-13 10:26 . 2004-08-03 21:10 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-07-13 10:26 . 2004-08-03 21:10 19328 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-07-13 10:26 . 2004-08-03 21:10 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-07-13 10:26 . 2004-08-03 21:10 85376 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-07-13 10:26 . 2004-08-03 21:10 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-07-13 10:26 . 2004-08-03 21:10 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-07-13 10:26 . 2004-08-03 21:10 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-07-13 10:25 . 2004-08-03 22:56 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-07-13 10:25 . 2004-08-03 22:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-07-13 10:25 . 2004-08-03 21:10 78464 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2009-07-13 10:25 . 2004-08-03 21:10 78464 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2009-07-13 09:46 . 2009-07-17 19:52 -------- d-----w- c:\documents and settings\DeLUX\Local Settings\Application Data\Temp
2009-07-12 10:21 . 2009-07-12 10:21 -------- d-----w- c:\program files\Borland Delphi Trial Installer
2009-07-12 09:40 . 2009-07-12 09:40 -------- d-----w- c:\documents and settings\DeLUX\Application Data\Apple Computer
2009-07-12 09:39 . 2009-07-12 09:40 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-12 09:33 . 2009-07-12 09:33 -------- d-----w- c:\documents and settings\DeLUX\Local Settings\Application Data\Apple
2009-07-12 09:33 . 2009-07-12 09:33 -------- d-----w- c:\program files\Apple Software Update
2009-07-12 09:33 . 2009-07-19 14:09 -------- d-----w- c:\program files\Common Files\Apple
2009-07-12 09:33 . 2009-07-12 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-12 09:32 . 2009-07-12 09:40 -------- d-----w- c:\documents and settings\DeLUX\Local Settings\Application Data\Apple Computer
2009-06-28 12:33 . 2009-06-30 06:44 -------- d-----w- C:\Projection
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-24 13:19 . 2007-05-31 19:05 40 ----a-w- c:\windows\system32\profile.dat
2009-07-23 22:07 . 2008-09-19 11:01 -------- d-----w- c:\documents and settings\DeLUX\Application Data\FileZilla
2009-07-22 20:16 . 2008-07-10 07:52 -------- d-----w- c:\program files\XoftSpySE
2009-07-22 20:16 . 2007-05-31 17:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-21 19:11 . 2007-05-31 19:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-20 10:56 . 2009-04-08 17:15 -------- d-----w- c:\documents and settings\DeLUX\Application Data\ICQ
2009-07-19 20:00 . 2009-05-03 11:48 -------- d-----w- c:\documents and settings\DeLUX\Application Data\Skype
2009-07-19 18:38 . 2009-05-03 11:50 -------- d-----w- c:\documents and settings\DeLUX\Application Data\skypePM
2009-07-19 15:37 . 2009-07-19 15:37 -------- d-----w- c:\program files\Chami
2009-07-19 14:08 . 2009-02-15 10:47 -------- d-----w- c:\program files\Bonjour
2009-07-19 11:25 . 2007-06-02 09:03 -------- d-----w- c:\program files\Call of Duty
2009-07-16 19:41 . 2008-01-01 14:11 -------- d-----w- c:\documents and settings\DeLUX\Application Data\Azureus
2009-07-12 09:39 . 2007-06-01 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-12 09:34 . 2007-06-01 15:31 -------- d-----w- c:\program files\QuickTime Alternative
2009-06-30 06:32 . 2008-02-26 11:03 -------- d-----w- c:\program files\Kalk Invest 2
2009-06-28 12:42 . 2007-05-31 16:55 47384 ----a-w- c:\documents and settings\DeLUX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-02-25 07:33 . 2009-04-06 09:39 378880 ----a-w- c:\program files\ainstall_info.exe
2007-09-03 07:58 . 2007-09-03 07:58 524288 ----a-w- c:\program files\Kalk Invest 2.exe
2007-09-03 07:44 . 2007-09-03 07:44 1036288 ----a-w- c:\program files\sys_db.mdb
2007-08-21 16:32 . 2007-08-21 16:32 20480 ----a-w- c:\program files\ki2_version.exe
2007-01-04 09:46 . 2007-01-04 09:46 378199 ----a-w- c:\program files\uniqa_IZP.rpt
2007-01-03 15:24 . 2007-01-03 15:24 394809 ----a-w- c:\program files\01_izp_newest.rpt
2006-01-27 07:10 . 2006-01-27 07:10 420352 ----a-w- c:\program files\02_izp.rpt
2005-09-29 09:01 . 2005-09-29 09:01 83968 ----a-w- c:\program files\Kalk Invet 2 manuál.doc
2005-02-22 13:41 . 2005-02-22 13:41 437248 ----a-w- c:\program files\01_izp.rpt
2005-02-21 10:28 . 2005-02-21 10:28 1003 ----a-w- c:\program files\licencia.txt
2004-09-28 13:14 . 2004-09-28 13:14 307200 ----a-w- c:\program files\p2sodbc.dll
2004-06-11 10:22 . 2004-06-11 10:22 98304 ----a-w- c:\program files\u2ftext.dll
2004-02-23 19:42 . 2004-02-23 19:42 1386496 ----a-w- c:\program files\MSVBVM60.DLL
2004-02-01 22:46 . 2004-02-01 22:46 208896 ----a-w- c:\program files\p2soledb.dll
2003-11-27 18:47 . 2003-11-27 18:47 40960 ----a-w- c:\program files\u2fsepv.dll
2003-08-12 13:51 . 2003-08-12 13:51 212992 ----a-w- c:\program files\p2ssyb10.dll
2003-08-08 11:56 . 2003-08-08 11:56 225280 ----a-w- c:\program files\u2fxls.dll
2003-07-09 02:24 . 2003-07-09 02:24 53248 ----a-w- c:\program files\u2fodbc.dll
2003-07-02 10:47 . 2003-07-02 10:47 6074429 ----a-w- c:\program files\craxdrt.dll
2003-06-10 13:04 . 2003-06-10 13:04 5558329 ----a-w- c:\program files\crpe32.dll
2003-02-21 05:44 . 2003-02-21 05:44 176128 ----a-w- c:\program files\p2sora7.dll
2002-09-04 15:37 . 2002-09-04 15:37 106496 ----a-w- c:\program files\u2lcom.dll
2002-09-03 19:48 . 2002-09-03 19:48 401462 ----a-w- c:\program files\msvcp60.dll
2002-09-03 19:46 . 2002-09-03 19:46 487424 ----a-w- c:\program files\msado15.dll
2002-09-03 19:44 . 2002-09-03 19:44 995383 ----a-w- c:\program files\mfc42.dll
2002-09-03 19:36 . 2002-09-03 19:36 557128 ----a-w- c:\program files\dao360.dll
2002-09-03 19:34 . 2002-09-03 19:34 258048 ----a-w- c:\program files\comdlg32.dll
2002-09-03 19:34 . 2002-09-03 19:34 557056 ----a-w- c:\program files\comctl32.dll
2002-08-22 22:02 . 2002-08-22 22:02 168000 ----a-w- c:\program files\p2ssql.dll
2002-07-23 21:58 . 2002-07-23 21:58 192512 ----a-w- c:\program files\P2smon.dll
2002-04-10 11:36 . 2002-04-10 11:36 163895 ----a-w- c:\program files\u2frtf.dll
2002-01-04 09:54 . 2002-01-04 09:54 28672 ----a-w- c:\program files\u2ddisk.dll
2001-12-14 14:24 . 2001-12-14 14:24 40960 ----a-w- c:\program files\u2dmapi.dll
2001-12-12 14:33 . 2001-12-12 14:33 40960 ----a-w- c:\program files\u2fwks.dll
2001-12-12 08:14 . 2001-12-12 08:14 36864 ----a-w- c:\program files\u2frec.dll
2001-12-05 16:53 . 2001-12-05 16:53 249856 ----a-w- c:\program files\p2bxbse.dll
2001-07-26 13:32 . 2001-07-26 13:32 53248 ----a-w- c:\program files\u2dnotes.dll
2001-06-19 12:06 . 2001-06-19 12:06 45056 ----a-w- c:\program files\u2fhtml.dll
2001-05-20 23:45 . 2001-05-20 23:45 167936 ----a-w- c:\program files\p2sifmx.dll
2001-04-11 13:49 . 2001-04-11 13:49 106496 ----a-w- c:\program files\u2fwordw.dll
2000-12-05 08:42 . 2000-12-05 08:42 140288 ----a-w- c:\program files\comdlg32.ocx
2000-07-14 23:00 . 2000-07-14 23:00 101888 ----a-w- c:\program files\VB6STKIT.DLL
2000-07-14 22:00 . 2000-07-14 22:00 77824 ----a-w- c:\program files\MSBIND.DLL
2000-07-14 22:00 . 2000-07-14 22:00 73216 ----a-w- c:\program files\ST6UNST.EXE
2000-07-14 22:00 . 2000-07-14 22:00 249856 ----a-w- c:\program files\SETUP1.EXE
2000-07-14 22:00 . 2000-07-14 22:00 118784 ----a-w- c:\program files\MSSTDFMT.DLL
2000-05-21 22:00 . 2000-05-21 22:00 1009336 ----a-w- c:\program files\MSCHRT20.OCX
2000-04-11 22:00 . 2000-04-11 22:00 598288 ----a-w- c:\program files\OLEAUT32.DLL
2000-02-18 17:58 . 2000-02-18 17:58 513424 ----a-w- c:\program files\crviewer.dll
2000-01-19 22:00 . 2000-01-19 22:00 7856352 ----a-w- c:\program files\MDAC_TYP.EXE
2000-01-11 06:09 . 2000-01-11 06:09 618496 ----a-w- c:\program files\Crpaig80.dll
1999-12-10 13:24 . 1999-12-10 13:24 974848 ----a-w- c:\program files\SSCSDK80.DLL
1999-12-10 06:17 . 1999-12-10 06:17 847324 ----a-w- c:\program files\Crystl32.OCX
1999-12-07 07:31 . 1999-12-07 07:31 24576 ----a-w- c:\program files\u2lsamp1.dll
1999-12-07 07:31 . 1999-12-07 07:31 24576 ----a-w- c:\program files\u2ldts.dll
1999-12-07 07:31 . 1999-12-07 07:31 24576 ----a-w- c:\program files\u2l2000.dll
1999-12-07 07:31 . 1999-12-07 07:31 24576 ----a-w- c:\program files\u25dts.dll
1999-12-07 07:31 . 1999-12-07 07:31 24576 ----a-w- c:\program files\u252000.dll
1999-12-07 07:31 . 1999-12-07 07:31 57344 ----a-w- c:\program files\u2dvim.dll
1999-12-07 07:31 . 1999-12-07 07:31 49152 ----a-w- c:\program files\u2dpost.dll
1999-12-07 07:31 . 1999-12-07 07:31 28672 ----a-w- c:\program files\u2fcr.dll
1999-12-07 07:31 . 1999-12-07 07:31 28672 ----a-w- c:\program files\u2dapp.dll
1999-12-07 07:31 . 1999-12-07 07:31 24576 ----a-w- c:\program files\Crxlat32.dll
1999-12-07 06:31 . 1999-12-07 06:31 94208 ----a-w- c:\program files\p2bdao.dll
1999-12-07 06:31 . 1999-12-07 06:31 61440 ----a-w- c:\program files\p2irdao.dll
1999-12-07 06:31 . 1999-12-07 06:31 53248 ----a-w- c:\program files\p2ctdao.dll
1999-12-07 06:31 . 1999-12-07 06:31 23040 ----a-w- c:\program files\P2bbnd.dll
1999-12-07 05:31 . 1999-12-07 05:31 141312 ----a-w- c:\program files\p2bbde.dll
1999-06-02 22:00 . 1999-06-02 22:00 17920 ----a-w- c:\program files\STDOLE2.TLB
1999-05-31 22:00 . 1999-05-31 22:00 326656 ----a-w- c:\program files\MSVCRT40.DLL
1999-03-07 22:00 . 1999-03-07 22:00 164112 ----a-w- c:\program files\OLEPRO32.DLL
1999-03-07 22:00 . 1999-03-07 22:00 147728 ----a-w- c:\program files\ASYCFILT.DLL
1998-06-17 22:00 . 1998-06-17 22:00 89360 ----a-w- c:\program files\VB5DB.DLL
1998-05-30 22:00 . 1998-05-30 22:00 22288 ----a-w- c:\program files\COMCAT.DLL
2009-07-23 19:22 . 2009-02-22 10:54 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2007-03-14 125632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"hmonitor"="c:\program files\Hmonitor\hmonitor.exe" [2006-12-07 851968]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2006-12-01 1583644]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-12 16132608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\DeLUX\Start Menu\Programs\Startup\
CassinyEx.lnk - c:\qbe_calc\CassiniEx\CassiniExWebServer.exe [2008-4-13 45056]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"gupdate1c99017d1c62f66"=2 (0x2)
"ASKUpgrade"=2 (0x2)
"ASKService"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"iPod Service"=3 (0x3)
"bgsvcgen"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"StarWindService"=2 (0x2)
"SavRoam"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ISSVC"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"Bonjour Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 eISISPostgreSQL;eISIS PostgreSQL Database Server;c:\eisis\servers\postgresql\bin\pg_ctl.exe runservice -N eISISPostgreSQL -D c:\eisis\data\db\data" --> c:\eisis\servers\postgresql\bin\pg_ctl.exe runservice -N eISISPostgreSQL -D c:\eisis\data\db\data [?]
R2 eISISTomcat;eISIS Tomcat;c:\eisis\servers\tomcat\bin\tomcat5.exe [22.4.2009 15:54 57344]
R3 EPPSCSIx;EPPSCSI Driver;c:\windows\system32\drivers\eppscan.sys [15.2.2009 12:53 105124]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8.4.2009 20:47 101936]
S4 gupdate1c99017d1c62f66;Google Update Service (gupdate1c99017d1c62f66);c:\program files\Google\Update\GoogleUpdate.exe [16.2.2009 11:20 133104]
S4 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [14.3.2007 20:48 116416]
--- Other Services/Drivers In Memory ---
*Deregistered* - DwShield000004B7
.
Contents of the 'Scheduled Tasks' folder
2009-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 09:20]
2009-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 09:20]
2009-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-507921405-1801674531-1003Core.job
- c:\documents and settings\DeLUX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-13 18:10]
2009-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-507921405-1801674531-1003UA.job
- c:\documents and settings\DeLUX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-13 18:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.pavol.zabavcik.szm.sk/
mStart Page = hxxp://www.pavol.zabavcik.szm.sk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\PC Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\PC Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\PC Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\PC Translator\WEBIE.DLL
TCP: {D660099D-2221-4A52-B322-1EC128502C38} = 217.119.121.225,217.119.113.244
FF - ProfilePath - c:\documents and settings\DeLUX\Application Data\Mozilla\Firefox\Profiles\qsc79hcq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - plugin: c:\documents and settings\DeLUX\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\TV JOJ Media Player\npplugin_netscape.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-24 17:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2009-07-24 17:22
ComboFix-quarantined-files.txt 2009-07-24 15:22
ComboFix2.txt 2009-07-24 13:35
Pre-Run: 16 892 571 648 bytes free
Post-Run: 20 adresárov, 16 892 276 736 voľných bajtov
282
Please help us improve HijackThis by reporting this error
Click 'Yes' to submit
Error Details:
An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=system.ini, sSection=boot, sValue=Shell)
Error #5 - Invalid procedure call or argument
Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 2.0.2
- jaro3
- člen Security týmu
- 
		Guru Level 15
		
   
- Příspěvky: 43355
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:  
- Stav:
		Offline
Re: Blbne mi počítač. pomôžte prosím +
Stáhni si  ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
Co ty soubory na virusTotal?
Problém s HJT? Odinstaluj hijackthis, smaž, stáhni nový a vlož sem z něj log.
			
									
									Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
Co ty soubory na virusTotal?
Problém s HJT? Odinstaluj hijackthis, smaž, stáhni nový a vlož sem z něj log.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
						Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Blbne mi počítač. pomôžte prosím +
Spravená tá vec s ATF, prikladám čo si chcel
scanreg.dl - http://www.virustotal.com/cs/analisis/0 ... 1235297618
windmi.dll - http://www.virustotal.com/cs/analisis/d ... 1248446899
ainstall_info.exe - http://www.virustotal.com/cs/analisis/c ... 1241831781
kalk_invest 2.exe - http://www.virustotal.com/cs/analisis/5 ... 1248447129
Logfile of HijackThis v1.99.1
Scan saved at 18:04:17, on 24.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\eISIS\servers\postgresql\bin\pg_ctl.exe
c:\eISIS\servers\tomcat\bin\tomcat5.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
c:\eISIS\servers\postgresql\bin\postgres.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
c:\eISIS\servers\postgresql\bin\postgres.exe
c:\eISIS\servers\postgresql\bin\postgres.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hmonitor\hmonitor.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\system32\ctfmon.exe
c:\eISIS\servers\postgresql\bin\postgres.exe
c:\eISIS\servers\postgresql\bin\postgres.exe
c:\eISIS\servers\postgresql\bin\postgres.exe
c:\eISIS\servers\postgresql\bin\postgres.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\DeLUX\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DeLUX\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DeLUX\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Moje dokumenty\Downloads\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pavol.zabavcik.szm.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pavol.zabavcik.szm.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\PC Translator\WEBIE.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\PC Translator\WEBIE.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hmonitor] C:\Program Files\Hmonitor\hmonitor.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: CassinyEx.lnk = C:\qbe_calc\CassiniEx\CassiniExWebServer.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D660099D-2221-4A52-B322-1EC128502C38}: NameServer = 217.119.121.225,217.119.113.244
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: eISIS PostgreSQL Database Server (eISISPostgreSQL) - PostgreSQL Global Development Group - c:\eISIS\servers\postgresql\bin\pg_ctl.exe
O23 - Service: eISIS Tomcat (eISISTomcat) - Apache Software Foundation - c:\eISIS\servers\tomcat\bin\tomcat5.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
			
									
									
						scanreg.dl - http://www.virustotal.com/cs/analisis/0 ... 1235297618
windmi.dll - http://www.virustotal.com/cs/analisis/d ... 1248446899
ainstall_info.exe - http://www.virustotal.com/cs/analisis/c ... 1241831781
kalk_invest 2.exe - http://www.virustotal.com/cs/analisis/5 ... 1248447129
Logfile of HijackThis v1.99.1
Scan saved at 18:04:17, on 24.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\eISIS\servers\postgresql\bin\pg_ctl.exe
c:\eISIS\servers\tomcat\bin\tomcat5.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
c:\eISIS\servers\postgresql\bin\postgres.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
c:\eISIS\servers\postgresql\bin\postgres.exe
c:\eISIS\servers\postgresql\bin\postgres.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hmonitor\hmonitor.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\system32\ctfmon.exe
c:\eISIS\servers\postgresql\bin\postgres.exe
c:\eISIS\servers\postgresql\bin\postgres.exe
c:\eISIS\servers\postgresql\bin\postgres.exe
c:\eISIS\servers\postgresql\bin\postgres.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\DeLUX\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DeLUX\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DeLUX\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Moje dokumenty\Downloads\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pavol.zabavcik.szm.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pavol.zabavcik.szm.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\PC Translator\WEBIE.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\PC Translator\WEBIE.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hmonitor] C:\Program Files\Hmonitor\hmonitor.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: CassinyEx.lnk = C:\qbe_calc\CassiniEx\CassiniExWebServer.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\PC Translator\WEBIE.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D660099D-2221-4A52-B322-1EC128502C38}: NameServer = 217.119.121.225,217.119.113.244
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: eISIS PostgreSQL Database Server (eISISPostgreSQL) - PostgreSQL Global Development Group - c:\eISIS\servers\postgresql\bin\pg_ctl.exe
O23 - Service: eISIS Tomcat (eISISTomcat) - Apache Software Foundation - c:\eISIS\servers\tomcat\bin\tomcat5.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
- jaro3
- člen Security týmu
- 
		Guru Level 15
		
   
- Příspěvky: 43355
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:  
- Stav:
		Offline
Re: Blbne mi počítač. pomôžte prosím +
Ty soubory v Program Files tam nemají co dělat , tam patří programové složky, pokud si nezadával v určitých programech cestu k nim ( do složky Program Files) tak bych je všechny smazal.
Vyčistil si cache v javě?
Odstraňuje cache ve všech prohlížečích , čili mělo by i v chrome.
Stáhni novější verzi HJT:
http://www.trendsecure.com/portal/en-US ... ckThis.exe
Jak se chová PC?
			
									
									Vyčistil si cache v javě?
Odstraňuje cache ve všech prohlížečích , čili mělo by i v chrome.
Stáhni novější verzi HJT:
http://www.trendsecure.com/portal/en-US ... ckThis.exe
Jak se chová PC?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
						Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Blbne mi počítač. pomôžte prosím +
To RelevantKonwlegde, čo bolo v Program Files bol malware a bol odstraneny. Otec je poistovaci makler, a ten Kalk Invest sem tak blbo nainstaloval on. Cache bola vymazana. Pocitac sa zatial chova uplne normalne, dokonca je o nieco rychlejsi
			
									
									
						- jaro3
- člen Security týmu
- 
		Guru Level 15
		
   
- Příspěvky: 43355
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:  
- Stav:
		Offline
Re: Blbne mi počítač. pomôžte prosím +
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
 
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , fajfku.
			
									
									Start-Spustit a zadej ComboFix[mezera]/u
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Kód: Vybrat vše
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
						Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 39 hostů




