viry - môžu byť len v likálnom disku C alebo aj vD.

[JankaJBLK]

takze rozumiem spravne, najprv to mam dat odstranit v tom malware a potom si mam stiahnut ten comb. spravne

[Reklama]

[JankaJBLK]

ALE PISE ZE TREBA RESTARTOVAT PC..mam tak urobit


Malwarebytes' Anti-Malware 1.40
Verze databáze: 2745
Windows 5.1.2600 Service Pack 3

5. 9. 2009 19:26:13
mbam-log-2009-09-05 (19-26-13).txt

Typ skenu: Úplný sken (C:\|D:\|)
Objektu skenováno: 143966
Uplynulý cas: 42 minute(s), 58 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 3
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
D:\System Volume Information\_restore{59848296-772D-4FD8-8928-BB8427DA397F}\RP12\A0005815.exe (Rogue.FusionCodec) -> Quarantined and deleted successfully.

[Damned]

Ano, nejdříve odstraň nákazy MbAMem a pak si stáhni ComboFix.

Pokud potřebuje restart a sám nerestartuje, tak restartuj.

[JankaJBLK]

to je jedno ktory ten combo si stiahnem??? A ako mam vypnut ten avast, prosim ta?

[Damned]

Je tam buď a nebo - dávám dva odkazy, kdyby jeden nebyl funkční. Vyber si jaký chceš.

Avast vypni takto: Klikni pravým myšítkem na ikonu A v liště vedle hodin a vyber "Vypnout rezidentní ochranu" a pak potvrď

[JankaJBLK]

tak toto napisal Comob, ale nie je tam to D, preco


ComboFix 09-09-04.02 - Administrator . 09. 2009 20:03.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1688 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090904-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06 )))))))))))))))))))))))))))))))
.

2009-09-06 01:25 . 2009-09-06 01:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-06 01:25 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-06 01:25 . 2009-09-06 01:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-06 01:25 . 2009-09-06 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-06 01:25 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-02 04:26 . 2003-06-19 07:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-09-02 04:24 . 2009-09-02 04:25 -------- d-----w- c:\windows\SHELLNEW
2009-09-02 04:24 . 2009-09-02 04:24 -------- d-----w- c:\program files\Microsoft.NET
2009-09-01 21:48 . 2009-09-01 21:48 -------- d-----w- c:\program files\Everest
2009-09-01 21:46 . 2009-09-01 22:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nero
2009-09-01 21:30 . 2009-09-01 21:32 -------- d-----w- c:\program files\Nero
2009-09-01 21:29 . 2009-09-01 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-09-01 21:29 . 2009-09-01 21:33 -------- d-----w- c:\program files\Common Files\Nero
2009-09-01 21:22 . 2009-09-01 21:23 -------- d-----w- c:\program files\KMP
2009-09-01 21:19 . 2009-09-01 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-09-01 21:19 . 2009-09-01 21:19 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-09-01 21:19 . 2009-09-01 21:19 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-09-01 21:17 . 2009-09-01 21:17 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-01 21:17 . 2009-09-01 21:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2009-09-01 21:16 . 2009-09-01 21:16 -------- d-----w- c:\program files\TotalCmd
2009-09-01 17:22 . 2009-09-01 17:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM
2009-09-01 17:22 . 2009-09-03 19:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-09-01 17:18 . 2009-09-03 19:09 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-30 23:57 . 2009-08-30 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-08-30 23:57 . 2009-08-30 23:57 -------- d-----w- c:\program files\Common Files\HP
2009-08-30 23:54 . 2009-08-30 23:54 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-30 23:53 . 2009-08-30 23:53 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-08-30 23:52 . 2005-03-08 04:43 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-08-30 23:52 . 2005-03-08 04:43 51120 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-08-30 23:51 . 2005-03-08 04:43 21744 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-08-30 23:51 . 2008-04-14 07:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-08-30 23:51 . 2008-04-14 07:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-08-30 23:50 . 2004-09-29 19:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2009-08-30 23:50 . 2004-09-29 19:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2009-08-30 23:50 . 2004-09-29 19:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2009-08-30 23:50 . 2004-09-29 19:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-08-30 23:50 . 2004-09-29 19:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-08-30 23:50 . 2004-09-29 19:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2009-08-30 23:50 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-08-30 23:47 . 2009-08-30 23:57 -------- d-----w- c:\program files\HP
2009-08-30 23:39 . 2009-08-30 23:58 112903 ----a-w- c:\windows\hpoins07.dat
2009-08-30 23:39 . 2005-05-24 02:48 21124 ------w- c:\windows\hpomdl07.dat
2009-08-30 23:38 . 2009-08-31 00:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\HP
2009-08-30 22:43 . 2009-08-30 22:43 -------- d-----w- C:\Binaries
2009-08-30 22:42 . 2009-08-30 22:42 -------- d-----w- c:\program files\OLYMPUS
2009-08-30 22:42 . 2004-06-09 00:41 319488 ------w- c:\windows\system32\Pvmjpg21.dll
2009-08-30 22:42 . 2004-03-08 19:55 13567 ----a-w- c:\windows\system32\drivers\CDRBSDRV.SYS
2009-08-30 22:42 . 2009-08-30 22:42 -------- d-----w- c:\program files\PIXELA
2009-08-30 22:38 . 1999-11-10 19:05 86016 ----a-w- c:\windows\unvise32qt.exe
2009-08-30 22:37 . 2009-08-30 22:42 -------- d-----w- c:\windows\system32\QuickTime
2009-08-30 22:37 . 2009-08-30 22:39 -------- d-----w- c:\program files\QuickTime
2009-08-30 22:37 . 2009-08-30 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-08-30 19:11 . 2009-08-30 19:11 -------- d-----w- c:\windows\system32\LogFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 01:27 . 2009-08-29 15:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Any Video Converter
2009-09-02 17:51 . 2009-08-29 20:45 42168 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-30 22:43 . 2009-08-29 20:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-30 22:37 . 2009-08-29 20:48 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-29 20:51 . 2009-08-29 20:51 -------- d-----w- c:\program files\Realtek Sound Manager
2009-08-29 20:51 . 2009-08-29 20:51 -------- d-----w- c:\program files\AvRack
2009-08-29 20:51 . 2009-08-29 20:51 -------- d-----w- c:\program files\Realtek AC97
2009-08-29 20:50 . 2009-08-29 20:50 -------- d-----w- c:\program files\AMD
2009-08-29 20:44 . 2009-08-29 20:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2009-08-29 20:41 . 2009-08-29 20:41 -------- d-----w- c:\program files\microsoft frontpage
2009-08-29 20:40 . 2009-08-29 20:40 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-08-29 20:40 . 2009-08-29 20:40 -------- d-----w- c:\program files\Java
2009-08-29 20:37 . 2009-08-29 20:37 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-29 20:34 . 2009-08-29 20:34 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-29 20:33 . 2009-08-29 20:33 -------- d-----w- c:\program files\Windows Desktop Search
2009-08-29 20:33 . 2009-08-29 20:33 -------- d-----w- c:\program files\MSXML 4.0
2009-08-29 20:32 . 2009-08-29 20:32 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-29 15:37 . 2009-08-29 15:37 -------- d-----w- c:\program files\Any Video Converter
2009-08-29 12:41 . 2009-08-29 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2009-08-29 12:39 . 2009-08-29 12:39 -------- d-----w- c:\program files\Alwil Software
2009-08-29 12:29 . 2009-08-29 12:29 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-08-29 12:29 . 2009-08-29 12:29 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-08-29 12:29 . 2009-08-29 12:29 179792 ----a-w- c:\windows\system32\guard32.dll
2009-08-29 12:29 . 2009-08-29 12:29 132168 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-08-29 12:29 . 2009-08-29 12:29 -------- d-----w- c:\program files\COMODO
2009-08-29 12:26 . 2009-08-29 12:26 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-29 12:26 . 2009-08-29 12:26 -------- d-----w- c:\program files\Lavasoft
2009-08-29 12:26 . 2009-08-29 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-29 12:22 . 2009-08-29 12:22 -------- d-----w- c:\program files\Winamp
2009-08-29 12:22 . 2009-08-29 12:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2009-08-29 12:17 . 2009-08-29 12:16 -------- d-----w- c:\program files\FreeCommander
2009-08-29 12:14 . 2009-08-29 12:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-08-29 12:09 . 2009-08-29 12:09 0 ----a-w- c:\windows\nsreg.dat
2009-08-29 12:09 . 2009-08-29 12:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Lavasoft
2009-08-17 16:10 . 2009-08-29 12:39 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-08-29 12:40 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-08-29 12:40 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-08-29 12:40 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-08-29 12:40 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-08-29 12:40 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-08-29 12:40 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-08-29 12:40 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-08-29 12:40 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 09:01 . 2008-04-14 15:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2008-04-14 15:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2008-04-14 15:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 19:01 . 2008-04-14 15:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2006-10-18 23:47 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2009-03-08 06:34 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 14:49 . 2009-08-29 12:29 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-26 22:11 . 2009-02-09 13:56 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:41 . 2009-02-04 12:12 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:41 . 2008-12-05 09:58 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:41 . 2008-04-14 15:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:41 . 2009-03-24 15:27 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:41 . 2009-01-23 19:05 136704 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 10:28 . 2008-04-14 15:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-12 12:31 . 2008-04-14 15:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2008-04-14 15:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2008-04-14 15:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:17 . 2008-04-28 17:05 134144 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-09 15:21 . 2009-08-29 20:30 2067968 ----a-w- c:\windows\system32\mstscax.dll
.

------- Sigcheck -------

[-] 2009-04-18 23:52 361600 25A740D70E8007814A48D3FA1B34FA34 c:\windows\system32\drivers\tcpip.sys

[-] 2009-04-18 23:52 1614848 C951DB3D9B6EF3CF4B82454D30A8BF59 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [29. 8. 2009 5:29 64160]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [29. 8. 2009 13:49 16640]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29. 8. 2009 5:40 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [29. 8. 2009 5:29 132168]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [29. 8. 2009 5:29 25160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29. 8. 2009 5:40 20560]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3. 7. 2009 7:49 1029456]
.
Contents of the 'Scheduled Tasks' folder

2009-08-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jr7gi0bb.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-05 20:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1123561945-1035525444-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,ab,f3,82,4b,c2,84,4c,84,0d,57,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,ab,f3,82,4b,c2,84,4c,84,0d,57,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3104)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-06 20:07
ComboFix-quarantined-files.txt 2009-09-06 03:07

Pre-Run: 28 015 964 160 bytes free
Post-Run: 29 824 999 424 bytes free

215

[JankaJBLK]

ked sa ten combo dokonicl tak mi vyhodilo log Notepad a tam bolo to co som ti poslala. A aj tak treba ist do C ComboFix.txt a tam to skopirovat.a ak ano treba mat stale vypnuty avast .diky

[Damned]

Stačí jen ten co ti vyskočí, pokud by nevyskočil, je popsáno kde ho najdeš.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj (Přesně!) následující celý text označený zeleně:

File::
c:\windows\system32\emptyregdb.dat

Folder::
c:\program files\DAEMON Tools Toolbar




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

[JankaJBLK]

diiky, a kde mam prosim ta najst ten poznamkovy blok....kedze mam vsetko v anglictine...dam start a dalej co diiky

[Damned]

Klepni na Start a tam máš asi "RUN... " nebo něco takového a do toho řádku, který se ti po klepnutí objeví napíšeš Notepad. Úplně stejný jako slovenský win, jen jazyk je trochu divný

[JankaJBLK]

combo pise toto> a v tom D to nevadi ze sa to nedala tiez kdesi...

ComboFix 09-09-04.02 - Administrator . 09. 2009 20:54.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1663 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt.txt
AV: avast! antivirus 4.8.1351 [VPS 090904-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\system32\emptyregdb.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DAEMON Tools Toolbar
c:\windows\system32\emptyregdb.dat

.
((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06 )))))))))))))))))))))))))))))))
.

2009-09-06 01:25 . 2009-09-06 01:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-06 01:25 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-06 01:25 . 2009-09-06 01:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-06 01:25 . 2009-09-06 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-06 01:25 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-02 04:26 . 2003-06-19 07:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-09-02 04:24 . 2009-09-02 04:25 -------- d-----w- c:\windows\SHELLNEW
2009-09-02 04:24 . 2009-09-02 04:24 -------- d-----w- c:\program files\Microsoft.NET
2009-09-01 21:48 . 2009-09-01 21:48 -------- d-----w- c:\program files\Everest
2009-09-01 21:46 . 2009-09-01 22:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nero
2009-09-01 21:30 . 2009-09-01 21:32 -------- d-----w- c:\program files\Nero
2009-09-01 21:29 . 2009-09-01 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-09-01 21:29 . 2009-09-01 21:33 -------- d-----w- c:\program files\Common Files\Nero
2009-09-01 21:22 . 2009-09-01 21:23 -------- d-----w- c:\program files\KMP
2009-09-01 21:19 . 2009-09-01 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-09-01 21:19 . 2009-09-01 21:19 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-09-01 21:17 . 2009-09-01 21:17 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-01 21:17 . 2009-09-01 21:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2009-09-01 21:16 . 2009-09-01 21:16 -------- d-----w- c:\program files\TotalCmd
2009-09-01 17:22 . 2009-09-01 17:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM
2009-09-01 17:22 . 2009-09-03 19:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-09-01 17:18 . 2009-09-03 19:09 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-30 23:57 . 2009-08-30 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-08-30 23:57 . 2009-08-30 23:57 -------- d-----w- c:\program files\Common Files\HP
2009-08-30 23:54 . 2009-08-30 23:54 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-30 23:53 . 2009-08-30 23:53 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-08-30 23:52 . 2005-03-08 04:43 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-08-30 23:52 . 2005-03-08 04:43 51120 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-08-30 23:51 . 2005-03-08 04:43 21744 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-08-30 23:51 . 2008-04-14 07:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-08-30 23:51 . 2008-04-14 07:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-08-30 23:50 . 2004-09-29 19:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2009-08-30 23:50 . 2004-09-29 19:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2009-08-30 23:50 . 2004-09-29 19:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2009-08-30 23:50 . 2004-09-29 19:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-08-30 23:50 . 2004-09-29 19:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-08-30 23:50 . 2004-09-29 19:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2009-08-30 23:50 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-08-30 23:47 . 2009-08-30 23:57 -------- d-----w- c:\program files\HP
2009-08-30 23:39 . 2009-08-30 23:58 112903 ----a-w- c:\windows\hpoins07.dat
2009-08-30 23:39 . 2005-05-24 02:48 21124 ------w- c:\windows\hpomdl07.dat
2009-08-30 23:38 . 2009-08-31 00:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\HP
2009-08-30 22:43 . 2009-08-30 22:43 -------- d-----w- C:\Binaries
2009-08-30 22:42 . 2009-08-30 22:42 -------- d-----w- c:\program files\OLYMPUS
2009-08-30 22:42 . 2004-06-09 00:41 319488 ------w- c:\windows\system32\Pvmjpg21.dll
2009-08-30 22:42 . 2004-03-08 19:55 13567 ----a-w- c:\windows\system32\drivers\CDRBSDRV.SYS
2009-08-30 22:42 . 2009-08-30 22:42 -------- d-----w- c:\program files\PIXELA
2009-08-30 22:38 . 1999-11-10 19:05 86016 ----a-w- c:\windows\unvise32qt.exe
2009-08-30 22:37 . 2009-08-30 22:42 -------- d-----w- c:\windows\system32\QuickTime
2009-08-30 22:37 . 2009-08-30 22:39 -------- d-----w- c:\program files\QuickTime
2009-08-30 22:37 . 2009-08-30 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-08-30 19:11 . 2009-08-30 19:11 -------- d-----w- c:\windows\system32\LogFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 01:27 . 2009-08-29 15:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Any Video Converter
2009-09-02 17:51 . 2009-08-29 20:45 42168 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-30 22:43 . 2009-08-29 20:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-30 22:37 . 2009-08-29 20:48 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-29 20:51 . 2009-08-29 20:51 -------- d-----w- c:\program files\Realtek Sound Manager
2009-08-29 20:51 . 2009-08-29 20:51 -------- d-----w- c:\program files\AvRack
2009-08-29 20:51 . 2009-08-29 20:51 -------- d-----w- c:\program files\Realtek AC97
2009-08-29 20:50 . 2009-08-29 20:50 -------- d-----w- c:\program files\AMD
2009-08-29 20:44 . 2009-08-29 20:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2009-08-29 20:41 . 2009-08-29 20:41 -------- d-----w- c:\program files\microsoft frontpage
2009-08-29 20:40 . 2009-08-29 20:40 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-08-29 20:40 . 2009-08-29 20:40 -------- d-----w- c:\program files\Java
2009-08-29 20:37 . 2009-08-29 20:37 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-29 20:33 . 2009-08-29 20:33 -------- d-----w- c:\program files\Windows Desktop Search
2009-08-29 20:33 . 2009-08-29 20:33 -------- d-----w- c:\program files\MSXML 4.0
2009-08-29 20:32 . 2009-08-29 20:32 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-29 15:37 . 2009-08-29 15:37 -------- d-----w- c:\program files\Any Video Converter
2009-08-29 12:41 . 2009-08-29 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2009-08-29 12:39 . 2009-08-29 12:39 -------- d-----w- c:\program files\Alwil Software
2009-08-29 12:29 . 2009-08-29 12:29 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-08-29 12:29 . 2009-08-29 12:29 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-08-29 12:29 . 2009-08-29 12:29 179792 ----a-w- c:\windows\system32\guard32.dll
2009-08-29 12:29 . 2009-08-29 12:29 132168 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-08-29 12:29 . 2009-08-29 12:29 -------- d-----w- c:\program files\COMODO
2009-08-29 12:26 . 2009-08-29 12:26 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-29 12:26 . 2009-08-29 12:26 -------- d-----w- c:\program files\Lavasoft
2009-08-29 12:26 . 2009-08-29 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-29 12:22 . 2009-08-29 12:22 -------- d-----w- c:\program files\Winamp
2009-08-29 12:22 . 2009-08-29 12:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2009-08-29 12:17 . 2009-08-29 12:16 -------- d-----w- c:\program files\FreeCommander
2009-08-29 12:14 . 2009-08-29 12:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-08-29 12:09 . 2009-08-29 12:09 0 ----a-w- c:\windows\nsreg.dat
2009-08-29 12:09 . 2009-08-29 12:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Lavasoft
2009-08-17 16:10 . 2009-08-29 12:39 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-08-29 12:40 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-08-29 12:40 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-08-29 12:40 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-08-29 12:40 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-08-29 12:40 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-08-29 12:40 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-08-29 12:40 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-08-29 12:40 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 09:01 . 2008-04-14 15:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2008-04-14 15:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2008-04-14 15:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 19:01 . 2008-04-14 15:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2006-10-18 23:47 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2009-03-08 06:34 915456 ------w- c:\windows\system32\wininet.dll
2009-07-03 14:49 . 2009-08-29 12:29 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-26 22:11 . 2009-02-09 13:56 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:41 . 2009-02-04 12:12 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:41 . 2008-12-05 09:58 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:41 . 2008-04-14 15:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:41 . 2009-03-24 15:27 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:41 . 2009-01-23 19:05 136704 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 10:28 . 2008-04-14 15:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-12 12:31 . 2008-04-14 15:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2008-04-14 15:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2008-04-14 15:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:17 . 2008-04-28 17:05 134144 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-09 15:21 . 2009-08-29 20:30 2067968 ----a-w- c:\windows\system32\mstscax.dll
.

------- Sigcheck -------

[-] 2009-04-18 23:52 361600 25A740D70E8007814A48D3FA1B34FA34 c:\windows\system32\drivers\tcpip.sys

[-] 2009-04-18 23:52 1614848 C951DB3D9B6EF3CF4B82454D30A8BF59 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [29. 8. 2009 5:29 64160]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [29. 8. 2009 13:49 16640]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29. 8. 2009 5:40 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [29. 8. 2009 5:29 132168]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [29. 8. 2009 5:29 25160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29. 8. 2009 5:40 20560]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3. 7. 2009 7:49 1029456]
.
Contents of the 'Scheduled Tasks' folder

2009-08-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jr7gi0bb.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-05 20:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1123561945-1035525444-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,ab,f3,82,4b,c2,84,4c,84,0d,57,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,ab,f3,82,4b,c2,84,4c,84,0d,57,\
.
Completion time: 2009-09-06 20:58
ComboFix-quarantined-files.txt 2009-09-06 03:58
ComboFix2.txt 2009-09-06 03:07

Pre-Run: 29 827 428 352 bytes free
Post-Run: 29 820 473 344 bytes free

209

[JankaJBLK]

a ked som dala HJT
tak mi hned potom ako som dala Do a system scan..... tak mi vyhodilo toto v notepade hned a aj v tom HTJ a tam to mam znova zaskrtat....lebo toto co ti tu teraz davam tak to vyskocilo este pred zaskrtnutim..tak neviem ci este treba aj to zaskrtnut vsetko a aj to ti poslat lebo v tom zaskrtovani je toho akosi ovela menej...tak neviem...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:02:37, on 5. 9. 2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Filmy\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 2339 bytes