Prosim o vycisteni; MbAM - trojan v C:\Temp

peacoq · Příspěvekod **peacoq** » 17 lis 2010 13:50

Ahoj.
Posledni dobou na vse zapominam a to vcetne postarat se o PC, ktery je casto pouzivany na prenos informaci (opakovane zasouvani cizich flash-disku a pretahovani souboru na ne, apod.),... a co neudelam hned, to zpomenu, nebo se k tomu nedostanu, protoze jsem nekde pryc. A navic, o tento PC nejak-moc nedbam, spise ho pujcuji a tak se na nem (asi i) hraje online, coz by i odpovidalo zaznamu o dialeru. PC k internetu ale neni pripojivam prostrednictvim ''telefonniho vytaceni'', ale pres wi-fi a modem/y s fixni platbou/za mesic (aspon co vim).

Prosim o kontrolu PC s naslednym posisem.
Krom nalezu PC NEMA ZADNE PROBLEMY, snad jen; - pri zapnuti a prvnim otvirani browseru MFF ''to trva'', ale ne zase tak dlouho, a pri jeho zavreni a naslednem znovukliknuti na ikonu se browser uz otvir znatelne rychleji, nez pri prvnim otvirani. Asi jen nejaky plugin, nez problem.

MWAW verze 11.0.60 Updated
- mimo polozku Scan All Files, uplny test - oba disk C+D
Total Critical Objects: ....7
Total Errors: ..............3

Object "TitanShield Antispyware Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "Target Dialer" found in File System! Action Taken: No Action Taken.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "XP AntiMalware Spyware/Adware" found in File System! Action Taken: No Action Taken.
>>><<<
/
POPIS NOVYCH NALEZU:
(TitanShield je stary zapis souvisejici s pluginem net-TV SopCast, a PRO Corrupted jsou chyby pri ukladani obrazku, take nic zavadneho co by infekce.)

Object "Target Dialer" found in File System! Action Taken: No Action Taken.
15 Nov 2010 19:10:36 - Object "Target Dialer" found in File System! Action Taken: No Action Taken.
- klasicky dealer - hajzl provedejici presmerovani modemu, najcasteji na porno-strankach, ale mozno chytit i nejakou aplikaci, casto prave pri hrani online
- popis: http://www.symantec.com/security_respon ... 11-1901-99,
- odstraneni: http://wiki.answers.com/Q/How_do_you_re ... ler.target
/
Object "XP AntiMalware Spyware/Adware" found in File System! Action Taken: No Action Taken. (- muze se jmenovat i Vista AntiMalware)
15 Nov 2010 19:10:50 - Offending Registry Entry found: HKCU\Software\Classes\.exe
15 Nov 2010 19:10:50 - System found infected with XP AntiMalware Spyware/Adware (HKCU\Software\Classes\.exe)! Action taken: No Action Taken.
- slozka: %AppData%\ave.exe ...(slozka v systemu neni, ani zapisy v registrech)
- registry: HKEY_CURRENT_USER\Software\Classes\.exe + ...\Classes\secfile
- odstraneni (fix.reg): http://www.myantispyware.com/2010/03/17 ... ware-2010/
>>><<<
/
MALWAREBYTES:

Slozka v ''AppData\Roaming\ave.exe'' vytvorena nebyla, ani nejsou souvisejici polozky v registrech, - takze tam (asi) nic neni, ale - MbAM nalezl tento s timto nesouvisejici srac:
Files Infected:
C:\Users\Dell\Desktop\T-Cleaner.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
(T-Cleaner jsem prave stahnul, a jeste nepouzil, pred pustenim MWAV k jeho naslednemu pouziti, - smazal jsem ho tedy a misto nej pouzil OTC.)
Nasledny MbAM full-scan nasel tento bordel:
Files Infected:
C:\Windows\Temp\TMP0000000182CF49119F0EE843 (Trojan.Dropper) -> Quarantined and deleted successfully.
>>><<<
/
HiJACK THIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:27:21, on 17/11/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Windows\V0250Mon.exe
C:\Windows\sttray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
O1 - Hosts: ÿþ127.0.0.1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0250Mon.exe] C:\Windows\V0250Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\BurnAware Free\nmsaccessu.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5806 bytes

Reklama

Příspěvekod **memphisto** » 17 lis 2010 14:49

T-Cleaner je v pohodě. Všechny antiviry jej detekují. Je to jen čistící nástroj. Mwaw bych nehrotil, protože má falešné detekce a ukazuje i neaktivní pozůstatky.

v logu fixni:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
O1 - Hosts: ÿþ127.0.0.1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

peacoq · Příspěvekod **peacoq** » 17 lis 2010 17:48

Ok, diky.

ATF: je standartne pouzivany, vesmes denne spolu s Ccleaner/em. Ale mas pravdu, asi to bylo zanedbanim/necistenim, kdyz to neco vyplivlo v C:\Temp-suborech,
(a ComboFix\ERDNT\cache - udelal 35 MB zalohy cache, esi to snad nejak souvisi, a myslim, ze by to mohlo byt i castym sledovanim online-TV, playery a nebo pres proxy).
Pri pouziti IE je nastaveno ''cistit pri zavreni'', a jinak (defaultni browser je MFF) je pouzivana kombinace ATF + Ccleaner.

COMBO FIX:
CF sel spustit i bezel bez problemu, vyplivnul log, ale ...nasledne, abych otevrel Mozillu, po kliknuti na ikonu to napsalo:
''Program Files\firefox.exe'' ...pokus o otevreni registry-key, ktery je urcen ke smazazani -a- a tedy, nebyla aktivni zadna ikona. Pres ikonku na plose, ale ani otvirani pres polozku Start/Spustit: MFF, IE, kreslici program k ulozeni screen-shot/u, zkusiljsem kliknout i na ikonku ICQ, Skype, Tottal Commander... > nic neslo, zadny program - aplikace (jedine co slo otevrit byl napr. soubor ulozeny na plose jako word-pad, nebo zkratka k otevreni obrazku).
PC jsem restartoval > a nasledne jsou ikony aktivni a programy zpousti bez problemu.

(- kdyby jsi chtel k nejakemu porovnani, v PC je ulozen CFix log z cervna lonskeho roku)

ComboFix 10-11-16.06 - Dell 17/11/2010 17:03:59.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.893.255 [GMT 1:00]
Running from: c:\users\Dell\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-10-17 to 2010-11-17 )))))))))))))))))))))))))))))))
.

2010-11-17 16:14 . 2010-11-17 16:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-17 11:24 . 2010-11-17 11:24 -------- d-----w- c:\users\Dell\AppData\Local\Adobe
2010-11-16 11:11 . 2010-11-16 11:19 -------- d-----w- C:\Hotspot Shield
2010-11-16 11:10 . 2010-11-16 11:10 5820016 ----a-w- c:\program files\HSS-1.54-install-anchorfree-76-conduit.exe
2010-11-16 10:57 . 2010-11-16 11:04 -------- d-----w- c:\users\Dell\Tiiveni Player
2010-11-16 10:51 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0763632B-E9DE-4096-98AB-EA8B00261BC1}\mpengine.dll
2010-11-15 18:05 . 2010-11-15 18:05 -------- d---a-w- c:\windows\rundll16.exe
2010-11-15 18:05 . 2010-11-15 18:05 -------- d---a-w- c:\windows\logo1_.exe
2010-11-13 22:49 . 2010-11-13 22:49 -------- d-----w- c:\users\Dell\AppData\Local\Apple
2010-11-13 11:00 . 2010-11-13 11:00 -------- d-----w- c:\users\Dell\AppData\Local\AOL
2010-11-10 17:42 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2010-10-27 09:42 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 09:42 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 09:42 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-22 00:17 . 2010-10-22 00:17 -------- d-----w- c:\users\Dell\AppData\Local\Windows Live
2010-10-22 00:15 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-03 18:11 . 2010-03-25 20:14 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-03 18:11 . 2009-08-02 09:32 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-19 09:41 . 2009-10-03 10:59 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 19:19 . 2010-09-22 19:19 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-09-13 13:56 . 2010-10-13 09:03 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01 . 2010-10-13 09:02 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-13 09:02 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-13 09:02 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-13 09:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:56 . 2010-10-13 09:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:04 . 2010-10-13 09:02 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-13 09:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-13 09:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20 . 2010-10-13 09:02 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-13 09:02 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-13 09:02 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-13 09:02 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-13 09:02 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:46 . 2010-10-13 09:03 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-13 09:03 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-13 08:53 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-13 09:02 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37 . 2010-10-13 09:04 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33 . 2010-10-27 09:42 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 09:42 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 09:42 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-27 09:42 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-20 16:05 . 2010-10-13 09:02 867328 ----a-w- c:\windows\system32\wmpmde.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 143360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-08 24576]
"V0250Mon.exe"="c:\windows\V0250Mon.exe" [2006-06-07 32768]
"SigmatelSysTrayApp"="sttray.exe" [2006-11-22 303104]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2009-8-2 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-11 18:08 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-18 22:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-22 12872]
R3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\DRIVERS\V0250Dev.sys [2007-08-30 169696]
R3 V0250Vfx;V0250Vfx;c:\windows\system32\DRIVERS\V0250Vfx.sys [2006-03-24 6272]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-22 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-06-21 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\mqdzjsps.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\users\Dell\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\mqdzjsps.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\mqdzjsps.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\mqdzjsps.default\extensions\justintvpublisher@justin.tv\platform\WINNT_x86-msvc\plugins\npjustintvpublish.dll
FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-17 17:15
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-17 17:20:10
ComboFix-quarantined-files.txt 2010-11-17 16:20

Pre-Run: 18,256,728,064 bytes free
Post-Run: 18,070,728,704 bytes free

- - End Of File - - C3F3490255229B949A515D89297A74EC

Příspěvekod **memphisto** » 17 lis 2010 19:44

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000000

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Stáhni si [url=http://www.geekstogo.com/forum/redirect.php?url=http%3A%2F%2Fjpshortstuff.247fixes.com%2FGooredFix.exe]GooredFix
[/url]
a ulož si ho na plochu.Poklepej na něj .
Objeví se hláška ,dej YES
Otevře se log , zkopíruj sem celý jeho obsah ( jinak ho najdeš na své ploše pod názvem Goored.txt).

peacoq · Příspěvekod **peacoq** » 17 lis 2010 19:54

Jeste sem CF nespustil - hledam odkaz ke stazeni (odkaz me dovede jen na forum, nikoli na Download) > GooredFix - nasel jsem toto, je to ono?,
Download Mirror #1 http://jpshortstuff.247fixes.com/GooredFix.exe
Download Mirror #2 http://downloads.securitycadets.com/GooredFix.exe
...myslim, z ejsem si odpovedel, je to jedno a to same, kdyz to vygugluji na MajorGeeks.

Příspěvekod **memphisto** » 17 lis 2010 19:57

Je to ono, budu muset aktualizovat link

peacoq · Příspěvekod **peacoq** » 17 lis 2010 20:46

- oba procesy probehly bez problemu.
- Goored Fix udelal jeste slozku primo n plse ''GooredFix Backups'', kde je prazdny-nic neobsahuji soubor ''reboot'txt'',
- jak vidim (Goored Fix) nejaky zapis ohledne plugin/u ''Windows Presentation Foundtion'', tak si pamatuji, ze uz jsem to nekdy resil - byl to nejaky Mozillou neschvaleny doplnek, ktery se instaloval primo s aktualizaci .NET Framework. Pozdeji byl schvalen a slo jen o neco jako 'valku' mezi Mozillou a Windows o implantaci primo s produktem Windows neceho co jejich (firefoxu) uzivatele nepotrebuji (viz obrazek).
- dalsi konkretni zminky jsou potom; - justintvpublisher@justin.tv (broadcasting za pomoci doplnku SeeToo), a - firefox@tvunetworks.com (to je TVU Player, neco jako SopCast, internetova TV).
(- esi to s necim souvisi a stalo se to nejak zavadne, tak vim co konkretne to je, kde se to v PC puvodne vzalo)

GooredFix by jpshortstuff (03.07.10.1)
Log created at 20:31 on 17/11/2010 (Dell)
Firefox version 3.6.12 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [20:38 04/08/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [15:53 05/11/2009]
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [18:49 01/04/2010]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [15:34 01/08/2010]

C:\Users\Dell\Application Data\Mozilla\Firefox\Profiles\mqdzjsps.default\extensions\
firefox@tvunetworks.com [11:21 02/05/2010]
justintvpublisher@justin.tv [21:02 25/08/2009]
{0545b830-f0aa-4d7e-8820-50a4629a56fe} [11:57 21/10/2010]
{37E4D8EA-8BDA-4831-8EA1-89053939A250} [16:32 06/11/2010]
{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [10:10 15/10/2010]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [20:35 03/11/2010]
{d37dc5d0-431d-44e5-8c91-49419370caa1} [16:23 18/05/2010]
{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [19:20 17/03/2010]
{EF522540-89F5-46b9-B6FE-1829E2B572C6} [22:09 12/11/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [23:05 17/10/2009]

-=E.O.F=-

>>><<<

ComboFix 10-11-17.01 - Dell 17/11/2010 20:07:29.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.893.410 [GMT 1:00]
Running from: c:\users\Dell\Desktop\ComboFix.exe
Command switches used :: c:\users\Dell\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-10-17 to 2010-11-17 )))))))))))))))))))))))))))))))
.

2010-11-17 19:18 . 2010-11-17 19:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-17 11:24 . 2010-11-17 11:24 -------- d-----w- c:\users\Dell\AppData\Local\Adobe
2010-11-16 11:11 . 2010-11-16 11:19 -------- d-----w- C:\Hotspot Shield
2010-11-16 11:10 . 2010-11-16 11:10 5820016 ----a-w- c:\program files\HSS-1.54-install-anchorfree-76-conduit.exe
2010-11-16 10:57 . 2010-11-16 11:04 -------- d-----w- c:\users\Dell\Tiiveni Player
2010-11-16 10:51 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0763632B-E9DE-4096-98AB-EA8B00261BC1}\mpengine.dll
2010-11-15 18:05 . 2010-11-15 18:05 -------- d---a-w- c:\windows\rundll16.exe
2010-11-15 18:05 . 2010-11-15 18:05 -------- d---a-w- c:\windows\logo1_.exe
2010-11-13 22:49 . 2010-11-13 22:49 -------- d-----w- c:\users\Dell\AppData\Local\Apple
2010-11-13 11:00 . 2010-11-13 11:00 -------- d-----w- c:\users\Dell\AppData\Local\AOL
2010-11-10 17:42 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2010-10-27 09:42 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 09:42 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 09:42 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-22 00:17 . 2010-10-22 00:17 -------- d-----w- c:\users\Dell\AppData\Local\Windows Live
2010-10-22 00:15 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-03 18:11 . 2010-03-25 20:14 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-03 18:11 . 2009-08-02 09:32 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-19 09:41 . 2009-10-03 10:59 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 19:19 . 2010-09-22 19:19 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-09-13 13:56 . 2010-10-13 09:03 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01 . 2010-10-13 09:02 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-13 09:02 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-13 09:02 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-13 09:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:56 . 2010-10-13 09:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:04 . 2010-10-13 09:02 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-13 09:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-13 09:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20 . 2010-10-13 09:02 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-13 09:02 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-13 09:02 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-13 09:02 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-13 09:02 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:46 . 2010-10-13 09:03 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-13 09:03 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-13 08:53 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-13 09:02 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37 . 2010-10-13 09:04 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33 . 2010-10-27 09:42 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 09:42 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 09:42 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-27 09:42 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-20 16:05 . 2010-10-13 09:02 867328 ----a-w- c:\windows\system32\wmpmde.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 143360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-08 24576]
"V0250Mon.exe"="c:\windows\V0250Mon.exe" [2006-06-07 32768]
"SigmatelSysTrayApp"="sttray.exe" [2006-11-22 303104]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2009-8-2 45056]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-11 18:08 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-18 22:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-22 12872]
R3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\DRIVERS\V0250Dev.sys [2007-08-30 169696]
R3 V0250Vfx;V0250Vfx;c:\windows\system32\DRIVERS\V0250Vfx.sys [2006-03-24 6272]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-22 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-06-21 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\mqdzjsps.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\users\Dell\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\mqdzjsps.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\mqdzjsps.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\mqdzjsps.default\extensions\justintvpublisher@justin.tv\platform\WINNT_x86-msvc\plugins\npjustintvpublish.dll
FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-17 20:18
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-11-17 20:23:15
ComboFix-quarantined-files.txt 2010-11-17 19:23
ComboFix2.txt 2010-11-17 16:20

Pre-Run: 17,992,941,568 bytes free
Post-Run: 17,945,444,352 bytes free

- - End Of File - - 48741A3FD2ADB26F4C7DE10659630AF6

Příspěvekod **memphisto** » 17 lis 2010 20:51

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

Stáhni si OTL
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

peacoq · Příspěvekod **peacoq** » 17 lis 2010 21:14

OTL logfile created on: 17/11/2010 21:02:42 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Dell\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

893.00 Mb Total Physical Memory | 212.00 Mb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53.71 Gb Total Space | 16.89 Gb Free Space | 31.46% Space Free | Partition Type: NTFS
Drive D: | 58.08 Gb Total Space | 8.68 Gb Free Space | 14.95% Space Free | Partition Type: NTFS

Computer Name: DELL-PC | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dell\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\BurnAware Free\nmsaccessu.exe ()
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Windows\sttray.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)
PRC - C:\Windows\V0250Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe (Creative Technology Ltd.)

========== Modules (SafeList) ==========

MOD - C:\Users\Dell\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (NMSAccessU) -- C:\Program Files\BurnAware Free\nmsaccessu.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe (SigmaTel, Inc.)

========== Driver Services (SafeList) ==========

DRV - (vsdatant7) -- C:\Windows\System32\drivers\vsdatant.win7.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Dell\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (cpuz132) -- C:\Windows\System32\drivers\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (V0250Dev) -- C:\Windows\System32\drivers\V0250Dev.sys (Creative Technology Ltd.)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s115mgmt.sys (MCCI Corporation)
DRV - (s115obex) -- C:\Windows\System32\drivers\s115obex.sys (MCCI Corporation)
DRV - (s115mdm) -- C:\Windows\System32\drivers\s115mdm.sys (MCCI Corporation)
DRV - (s115mdfl) -- C:\Windows\System32\drivers\s115mdfl.sys (MCCI Corporation)
DRV - (s115bus) Sony Ericsson Device 115 driver (WDM) -- C:\Windows\System32\drivers\s115bus.sys (MCCI Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) NVIDIA nForce(tm) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (V0250Vfx) -- C:\Windows\System32\drivers\V0250Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (w800obex) -- C:\Windows\System32\drivers\w800obex.sys (MCCI)
DRV - (w800mgmt) -- C:\Windows\System32\drivers\w800mgmt.sys (MCCI)
DRV - (w800bus) Sony Ericsson W800 driver (WDM) -- C:\Windows\System32\drivers\w800bus.sys (MCCI)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SYSTEM32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 69 7E 39 01 76 86 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.6.18
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: justintvpublisher@justin.tv:3.1.5.5
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.4
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12
FF - prefs.js..network.proxy.autoconfig_url: "http://127.0.0.1:8118/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/18 00:05:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 10:18:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/17 11:59:50 | 000,000,000 | ---D | M]

[2009/08/04 21:40:20 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\Mozilla\Extensions
[2009/08/04 21:40:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/11/17 20:32:53 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\mqdzjsps.default\extensions
[2010/10/21 12:57:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\mqdzjsps.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/11/06 17:32:45 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\mqdzjsps.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/10/15 11:11:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\mqdzjsps.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/11/03 21:35:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\mqdzjsps.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/18 17:23:58 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\mqdzjsps.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2010/03/17 20:20:20 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\mqdzjsps.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/11/12 23:09:17 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\mqdzjsps.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/05/02 12:22:56 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\mqdzjsps.default\extensions\firefox@tvunetworks.com
[2009/08/25 22:02:42 | 000,000,000 | ---D | M] -- C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\mqdzjsps.default\extensions\justintvpublisher@justin.tv
[2009/12/01 19:50:20 | 000,002,160 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\mqdzjsps.default\searchplugins\MySpace.xml
[2009/12/09 21:53:41 | 000,001,402 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\mqdzjsps.default\searchplugins\wikipedie-cs.xml
[2010/11/16 12:19:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/29 10:18:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/05 16:53:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/04/01 19:49:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010/08/01 16:34:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/29 10:18:50 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/10/29 10:18:50 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2010/08/01 16:34:25 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/09/25 17:41:34 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009/02/06 11:44:28 | 001,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/10/29 10:18:52 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/11/06 11:37:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/02/15 19:00:00 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2010/09/25 22:00:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/09/25 22:00:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/09/25 22:00:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/09/25 22:00:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/09/25 22:00:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/02/15 19:00:00 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2010/02/19 19:31:44 | 000,031,936 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
[2010/10/07 11:43:41 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/10/07 11:43:41 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/10/07 11:43:41 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/10/07 11:43:41 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/10/07 11:43:41 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/10/07 11:43:42 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/10/07 11:43:42 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/11/17 16:53:44 | 000,000,000 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [V0250Mon.exe] C:\Windows\V0250Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Creative Live! Cam Manager] C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dell\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dell\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/17 21:00:39 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe
[2010/11/17 20:31:36 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\GooredFix Backups
[2010/11/17 20:25:12 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Dell\Desktop\GooredFix.exe
[2010/11/17 20:21:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/11/17 16:58:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/17 12:24:10 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Adobe
[2010/11/16 12:11:41 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2010/11/16 11:57:15 | 000,000,000 | ---D | C] -- C:\Users\Dell\Tiiveni Player
[2010/11/15 19:05:01 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2010/11/15 19:05:01 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2010/11/13 23:49:01 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Apple
[2010/11/13 12:00:49 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\AOL
[2010/10/27 10:42:52 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/27 10:42:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/27 10:42:47 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/10/22 01:17:42 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Windows Live
[2010/10/22 01:15:20 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll

========== Files - Modified Within 30 Days ==========

[2010/11/17 20:56:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe
[2010/11/17 20:28:27 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/17 20:28:26 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/17 20:28:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/17 20:28:13 | 937,476,096 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/17 19:57:55 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Dell\Desktop\GooredFix.exe
[2010/11/17 17:23:15 | 000,000,507 | ---- | M] () -- C:\Users\Dell\Desktop\BBC Proxy & Simultcast.lnk
[2010/11/17 17:20:09 | 000,000,104 | ---- | M] () -- C:\Users\Dell\Desktop\Internet Explorer.lnk
[2010/11/17 16:53:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/11/16 12:10:45 | 005,820,016 | ---- | M] () -- C:\Program Files\HSS-1.54-install-anchorfree-76-conduit.exe
[2010/11/16 12:04:33 | 000,000,860 | ---- | M] () -- C:\Users\Dell\Desktop\Tiiveni_TV.lnk
[2010/11/16 11:43:42 | 000,002,401 | ---- | M] () -- C:\Users\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/11/15 20:56:22 | 000,247,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/11/15 19:05:21 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/15 19:05:21 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/15 19:05:01 | 000,000,054 | ---- | M] () -- C:\Windows\Lic.xxx
[2010/11/13 02:08:54 | 000,057,810 | ---- | M] () -- C:\Users\Dell\Documents\Text 6.rtf
[2010/11/12 23:13:11 | 000,001,032 | ---- | M] () -- C:\Users\Dell\Documents\Pray for the Peace of Jerusalem.rtf
[2010/11/12 20:22:44 | 000,026,071 | ---- | M] () -- C:\Users\Dell\Documents\Obrazky ze znaku.rtf
[2010/11/11 14:13:35 | 000,228,352 | ---- | M] () -- C:\Users\Dell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/07 14:32:53 | 000,001,248 | ---- | M] () -- C:\Users\Dell\Desktop\FCB - Shortcut.lnk
[2010/11/03 21:37:45 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/03 19:11:33 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/11/03 19:11:33 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/10/31 11:17:50 | 000,001,276 | ---- | M] () -- C:\Users\Dell\Desktop\TC.rtf
[2010/10/30 22:48:47 | 000,189,416 | ---- | M] () -- C:\Users\Dell\Documents\SI Josef.pdf
[2010/10/30 22:48:31 | 000,221,429 | ---- | M] () -- C:\Users\Dell\Documents\SI Josef.odt
[2010/10/27 18:58:43 | 000,002,719 | ---- | M] () -- C:\Users\Dell\Desktop\Document.rtf
[2010/10/26 13:06:27 | 000,000,134 | ---- | M] () -- C:\Users\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Programs and Features.lnk
[2010/10/22 22:09:14 | 000,004,014 | ---- | M] () -- C:\Users\Dell\Documents\kraus_uvolnete se prosim.rtf
[2010/10/21 18:00:58 | 000,002,446 | ---- | M] () -- C:\Users\Dell\Documents\Pavel_Jana.rtf
[2010/10/20 23:35:44 | 000,005,503 | ---- | M] () -- C:\Users\Dell\Documents\zmrdi-muslim.rtf
[2010/10/19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2010/11/17 17:20:09 | 000,000,104 | ---- | C] () -- C:\Users\Dell\Desktop\Internet Explorer.lnk
[2010/11/16 12:10:26 | 005,820,016 | ---- | C] () -- C:\Program Files\HSS-1.54-install-anchorfree-76-conduit.exe
[2010/11/16 12:04:33 | 000,000,860 | ---- | C] () -- C:\Users\Dell\Desktop\Tiiveni_TV.lnk
[2010/11/12 23:13:10 | 000,001,032 | ---- | C] () -- C:\Users\Dell\Documents\Pray for the Peace of Jerusalem.rtf
[2010/11/05 19:57:20 | 000,001,248 | ---- | C] () -- C:\Users\Dell\Desktop\FCB - Shortcut.lnk
[2010/11/03 21:37:45 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/10/30 22:48:45 | 000,189,416 | ---- | C] () -- C:\Users\Dell\Documents\SI Josef.pdf
[2010/10/29 12:45:12 | 000,221,429 | ---- | C] () -- C:\Users\Dell\Documents\SI Josef.odt
[2010/10/22 21:48:00 | 000,004,014 | ---- | C] () -- C:\Users\Dell\Documents\kraus_uvolnete se prosim.rtf
[2010/10/21 18:00:58 | 000,002,446 | ---- | C] () -- C:\Users\Dell\Documents\Pavel_Jana.rtf
[2010/10/20 23:35:44 | 000,005,503 | ---- | C] () -- C:\Users\Dell\Documents\zmrdi-muslim.rtf
[2010/06/20 20:21:01 | 000,000,766 | ---- | C] () -- C:\Windows\COD.INI
[2010/03/03 01:00:00 | 004,555,278 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2010/03/03 01:00:00 | 001,449,935 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2010/03/03 01:00:00 | 000,882,688 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/03/03 01:00:00 | 000,877,385 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2010/03/03 01:00:00 | 000,556,491 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2010/03/03 01:00:00 | 000,336,384 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2010/03/03 01:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2010/03/03 01:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2010/03/03 01:00:00 | 000,216,576 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2010/03/03 01:00:00 | 000,169,984 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2010/03/03 01:00:00 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2010/03/03 01:00:00 | 000,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010/03/03 01:00:00 | 000,121,856 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2010/03/03 01:00:00 | 000,116,736 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2010/03/03 01:00:00 | 000,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2010/03/03 01:00:00 | 000,097,792 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2010/03/03 01:00:00 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/14 19:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009/11/14 19:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009/11/14 19:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009/11/14 19:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009/11/14 19:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009/11/14 19:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009/11/14 19:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009/11/14 19:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/11/14 19:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009/11/14 19:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2009/10/25 21:19:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/24 19:02:40 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/08/02 13:18:17 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/08/02 12:48:31 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/08/02 09:45:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/01 21:33:44 | 000,228,352 | ---- | C] () -- C:\Users\Dell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/07 17:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/11/17 20:26:51 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

peacoq · Příspěvekod **peacoq** » 17 lis 2010 21:15

OTL Extras logfile created on: 17/11/2010 21:02:42 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Dell\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

893.00 Mb Total Physical Memory | 212.00 Mb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53.71 Gb Total Space | 16.89 Gb Free Space | 31.46% Space Free | Partition Type: NTFS
Drive D: | 58.08 Gb Total Space | 8.68 Gb Free Space | 14.95% Space Free | Partition Type: NTFS

Computer Name: DELL-PC | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{401E84E0-5069-4B3B-9EE2-5B2BF4405F8A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{798FCFDC-34E2-4ABC-9F83-FA7CE9A7ED21}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A7DAB2BD-5E66-4C57-9DDC-0352DA5C3CA2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E163F35D-EE01-457D-A683-60A60461757F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{091A8C0D-37E2-4814-BCB4-7B761FE5A2EE}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{0B8DDA71-E41C-47D3-B55B-CD1D12B19D15}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{1A597CC7-7DE9-40D5-BB3D-FCC4A369CABF}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{303E34EB-5F62-4D95-8F44-E9F77FF96978}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{399551B3-3F17-4204-8C5E-B1C28B808BE9}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{46859ECF-C653-417D-B62B-827A8C873077}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{4713A9F6-846F-4AFE-BBE5-1582EEC7AD75}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{484E1E1E-D336-47CC-919E-FD6BE2FDC452}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{4FE6C1F6-94E4-4345-8D3B-443A81585BF4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{50325FA6-7DF9-497D-BEE9-A6E5CE638D87}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{55434C96-1580-47D8-98A4-27DFE581E415}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{73EFAA42-49CB-4527-B888-77ED12FCEA24}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{76F2D422-2691-4AFE-A01F-4019CD2B5AF9}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{8A82E6D8-9305-436B-A489-2128F52BB9B9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{A5600BB2-8EBD-4C1A-9295-0BB0A4A4F196}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BA5E38F6-5C4B-4D20-84F4-D70DE4799B31}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{CB133D6D-F5A9-4BCB-90B6-278D3098771C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{CB69C6F5-1B26-4F42-936D-41E72FA8A5A7}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{E4E8331F-1E73-469E-BF45-B52443B8E37C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{E81F99FA-3C80-42A1-8907-D56499372254}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{2A20A2ED-E3C9-45A4-AC0A-1DA94AAD3952}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{7F6F13EB-DF46-41F8-8F32-33EF1726A9C8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{863EB460-9126-479B-B07D-6D8AC0B8A6D7}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{A329BF90-F96C-4878-95A6-A06017A9015D}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{A69F3A33-E108-40A0-8387-E3D2EDA8E42D}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{2DC5079F-A6D8-4FB0-B41B-EC82D28F2258}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{8C44A179-D6A7-432F-9926-B64DBFE31455}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{96253E67-1EDD-47BA-BC10-35DC21AED41B}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{9A03A702-EEEB-4773-90FC-E8FF95676F04}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{BC4E4331-FB4B-46E9-88AC-729D97C9A30C}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0AFC55D4-9CDF-B140-2E4F-0B818B9B8C0E}" = CCC Help Italian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DE39AB6-D1BF-535C-F342-2F9986801936}" = CCC Help Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{226EA3C9-0EAF-9546-46C4-F2FF55F7A6F1}" = CCC Help Dutch
"{22980C46-EBB6-C22C-016A-E0CFAC15118B}" = CCC Help Czech
"{23E797E9-F852-4AEA-93F0-772ED2B9D9F9}" = OpenOffice.org 3.1
"{250755EE-312C-3B38-1BAF-501A71A3851D}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD
"{30D71FC9-E909-330C-57F9-C649C8837AA5}" = CCC Help Greek
"{3154CFC9-2E4F-B839-2944-2A27200B4D64}" = CCC Help Swedish
"{361D8754-326D-B7CC-8DC7-95966DD01ED4}" = Catalyst Control Center Graphics Previews Common
"{36E89A40-DD04-239B-A69E-532A27547089}" = CCC Help English
"{37EC24B2-2E75-0AEB-F8A1-12A0C7EB5EED}" = Catalyst Control Center InstallProxy
"{37FD8D84-7B88-6B5A-376A-34E2B7C28816}" = ccc-core-static
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E73E80C-2C31-3CCB-735F-D611C3230893}" = ccc-utility
"{4807FDA4-7AF3-66CA-C167-779A333D6FFC}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5A154586-7AEB-4305-3B12-D73F0886B839}" = Catalyst Control Center HydraVision Full
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5DF79887-598B-DE65-9755-4B7D8C3D87BE}" = CCC Help Chinese Standard
"{61A0F92B-89A0-F7AD-4CA2-97991862EB10}" = CCC Help Hungarian
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687E8557-CBF3-A7FF-33EC-00BE6266BFAA}" = CCC Help Russian
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A44A28A-5D79-8100-7BDF-FB637E62715B}" = CCC Help Polish
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{72FA4B28-3A99-1533-0E7C-94E6D20CD1A8}" = CCC Help Chinese Traditional
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CA26B08-BEFD-D4D2-52E1-24E730284594}" = Catalyst Control Center Graphics Light
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{880424A6-A592-11D7-8466-00D0B726B56E}" = Creative Live! Cam Notebook Pro
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E5CDC9B-CB0A-6E78-5BBE-C3D3F67B50E3}" = CCC Help Norwegian
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96A8FABC-AADB-F299-0826-AF2246CE012F}" = CCC Help Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0A8A6F-FC9E-796F-CC5D-290161F8E92A}" = ATI Catalyst Install Manager
"{9D98630B-BD50-3C44-58D2-1571AEA889D3}" = CCC Help Portuguese
"{9E4EFA2A-4344-4C56-F927-7F7C53845BE2}" = CCC Help German
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A37CA3F0-B0C6-8256-02BA-B06CEE1E5BEB}" = CCC Help Korean
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A724AEC6-494E-6BD5-C12A-9F51AF6C1123}" = Skins
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AC814121-74BA-A025-358E-B706354ED7F5}" = Catalyst Control Center Graphics Full New
"{C01408FC-117C-44B7-8B0C-17794E526A01}" = Disc2Phone
"{CC2B3907-3DEA-6E0E-E5A5-C6FCF876ECD5}" = CCC Help French
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1F9CD55-A15A-846F-B2B1-D73F37C65B3E}" = CCC Help Spanish
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DEAC1EEB-48FD-36A6-B87B-58E365C92EFB}" = Catalyst Control Center Graphics Previews Vista
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9E871B9-4E1D-38D7-7ECF-4DFD3708CC67}" = Catalyst Control Center Core Implementation
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF7F8782-0E8D-A566-195F-8FF2360CA6C8}" = CCC Help Thai
"{F15DDD54-CA1A-6764-2CF4-1C601725E96C}" = Catalyst Control Center Graphics Full Existing
"{F9A4662C-775D-32CF-4B6B-DEC701FDD516}" = CCC Help Finnish
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"µTorrent CZ_is1" = µTorrent CZ 1.8.3 (build 15772)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Video FX Engine" = Advanced Video FX Engine
"Avidemux 2.4" = Avidemux 2.4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AxCrypt" = AxCrypt (Remove Only)
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"BurnAware Free_is1" = BurnAware Free 2.3.8
"Call of Duty" = Call of Duty
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.9.1
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.15
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative Live! Cam Manager" = Creative Live! Cam Manager
"Creative Live! Cam Notebook Pro User's Guide English" = Creative Live! Cam Notebook Pro User's Guide (English)
"Creative Photo Calendar" = Creative Photo Calendar
"Creative Photo Manager" = Creative Photo Manager
"Creative VF0250" = Creative Live! Cam Notebook Pro Driver (1.04.02.0000)
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HijackThis" = HijackThis 2.0.2
"JLC's Internet TV" = JLC's Internet TV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"MySpaceIM" = MySpaceIM
"RealAlt_is1" = Real Alternative 2.0.2
"Sony Ericsson W800" = Sony Ericsson W800 Software
"SopCast" = SopCast 3.2.4
"SpeedFan" = SpeedFan (remove only)
"StreamTorrent 1.0" = StreamTorrent 1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative System Information
"Totalcmd" = Total Commander (Remove or Repair)
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.5.3.1
"Unlocker" = Unlocker 1.8.8
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/10/2010 16:55:58 | Computer Name = Dell-PC | Source = Application Error | ID = 1000
Description = Faulting application StartFX.exe, version 1.11.2.0, time stamp 0x44892a07,
faulting module MSVCP71.dll, version 7.10.3077.0, time stamp 0x3e77eebb, exception
code 0xc0000005, fault offset 0x0000557b, process id 0x968, application start time
0x01cb75500007c230.

Error - 27/10/2010 06:36:00 | Computer Name = Dell-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3937, time
stamp 0x4cb4b307, faulting module NPSWF32.dll, version 10.1.85.3, time stamp 0x4c900e20,
exception code 0xc0000005, fault offset 0x00182cf0, process id 0xcdc, application
start time 0x01cb75ba1235b303.

Error - 28/10/2010 09:54:18 | Computer Name = Dell-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module fontext.dll, version 6.0.6002.18005, time stamp 0x49e03727,
exception code 0xc0000005, fault offset 0x000088cb, process id 0xb20, application
start time 0x01cb76a61c7fb0dd.

Error - 30/10/2010 11:43:39 | Computer Name = Dell-PC | Source = EventSystem | ID = 4621
Description =

Error - 30/10/2010 13:00:26 | Computer Name = Dell-PC | Source = EventSystem | ID = 4621
Description =

Error - 01/11/2010 12:17:53 | Computer Name = Dell-PC | Source = EventSystem | ID = 4621
Description =

Error - 02/11/2010 08:00:36 | Computer Name = Dell-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18975 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: bf8 Start Time: 01cb7a83f00ad046 Termination Time: 8

Error - 02/11/2010 10:55:20 | Computer Name = Dell-PC | Source = Windows Search Service | ID = 3024
Description =

Error - 04/11/2010 06:08:38 | Computer Name = Dell-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: aa0 Start Time: 01cb7c0659111af4 Termination Time: 1588

Error - 06/11/2010 12:07:50 | Computer Name = Dell-PC | Source = Application Error | ID = 1000
Description = Faulting application CoDMP.exe, version 0.0.0.0, time stamp 0x419abda6,
faulting module CoDMP.exe, version 0.0.0.0, time stamp 0x419abda6, exception code
0xc0000005, fault offset 0x0008dc79, process id 0x5c8, application start time 0x01cb7dc8bf86addf.

[ Broadcom Wireless LAN Events ]
Error - 01/11/2010 13:40:25 | Computer Name = Dell-PC | Source = WLAN-Tray | ID = 0
Description = 18:40:25, Mon, Nov 01, 10 Error - Unable to gain access to user store

Error - 02/11/2010 05:46:35 | Computer Name = Dell-PC | Source = WLAN-Tray | ID = 0
Description = 10:46:35, Tue, Nov 02, 10 Error - Unable to gain access to user store

Error - 02/11/2010 13:27:55 | Computer Name = Dell-PC | Source = WLAN-Tray | ID = 0
Description = 18:27:55, Tue, Nov 02, 10 Error - Unable to gain access to user store

Error - 03/11/2010 05:20:12 | Computer Name = Dell-PC | Source = WLAN-Tray | ID = 0
Description = 10:20:12, Wed, Nov 03, 10 Error - Unable to gain access to user store

Error - 06/11/2010 07:42:52 | Computer Name = Dell-PC | Source = WLAN-Tray | ID = 0
Description = 12:42:52, Sat, Nov 06, 10 Error - Unable to gain access to user store

Error - 07/11/2010 09:31:01 | Computer Name = Dell-PC | Source = WLAN-Tray | ID = 0
Description = 14:31:01, Sun, Nov 07, 10 Error - Unable to gain access to user store

Error - 09/11/2010 11:55:04 | Computer Name = Dell-PC | Source = WLAN-Tray | ID = 0
Description = 16:55:03, Tue, Nov 09, 10 Error - Unable to gain access to user store

Error - 12/11/2010 10:25:43 | Computer Name = Dell-PC | Source = WLAN-Tray | ID = 0
Description = 15:25:42, Fri, Nov 12, 10 Error - Unable to gain access to user store

Error - 12/11/2010 17:52:15 | Computer Name = Dell-PC | Source = WLAN-Tray | ID = 0
Description = 22:52:15, Fri, Nov 12, 10 Error - Unable to gain access to user store

Error - 17/11/2010 12:27:45 | Computer Name = Dell-PC | Source = WLAN-Tray | ID = 0
Description = 17:27:45, Wed, Nov 17, 10 Error - Unable to gain access to user store

[ System Events ]
Error - 17/11/2010 07:00:08 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17/11/2010 12:01:58 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 17/11/2010 12:03:00 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 17/11/2010 12:03:02 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 17/11/2010 12:15:05 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 17/11/2010 15:01:04 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 17/11/2010 15:06:00 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 17/11/2010 15:06:02 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 17/11/2010 15:18:25 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 17/11/2010 15:53:40 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7034
Description =

< End of report >

Příspěvekod **jaro3** » 17 lis 2010 22:28

Zdravím!!
Zase FF?

MWAV --nic nebezpečného..

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
DRV - (vsdatant7) -- C:\Windows\System32\drivers\vsdatant.win7.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Dell\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SYSTEM32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
[2010/11/15 19:05:21 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/15 19:05:21 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat

:Files
C:\WINDOWS\System32\*.tmp 
C:\WINDOWS\*.tmp 
C:\WINDOWS\system32\*.tmp.dll 
C:\WINDOWS\system32\SET*.tmp 
c:\windows\Tasks\*.job 
C:\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\ProgramData\ezsidmv.dat

:Reg
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

Aktualizuj javu:
Java SE Runtime Environment 6u22
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u22-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.

peacoq · Příspěvekod **peacoq** » 17 lis 2010 23:09

Zdarec generalisime :bigups:

Javu sem akorat nahodil, stara se prepsala.

OTL - zemrel.
Vlozil jsem prikaz, dal Run Fix - zmizely ikony a jelo to asi ani ne 10 minut a potom to zamrzlo na polozce;
Processing DRV - (catchme) -- C:\Users\(...)\Temp\Catchme.sys File not found...
Prvne to jen stalo, kontrolka harddisku neblikala, potom okno ''zbělalo'', a po pul-hodine jsem vyměk a pres TaskManager OTL ukoncil, a PC vypnul knoflikem (jinak nebylo jak).
PC nabehl v poradku, ...mam to tam tlacit znovu ?

Prosim o vycisteni; MbAM - trojan v C:\Temp Vyřešeno

Prosim o vycisteni; MbAM - trojan v C:\Temp

Re: Prosim o vycisteni; MbAM - trojan v C:\Temp

Re: Prosim o vycisteni; MbAM - trojan v C:\Temp

Re: Prosim o vycisteni; MbAM - trojan v C:\Temp

Re: Prosim o vycisteni; MbAM - trojan v C:\Temp

Re: Prosim o vycisteni; MbAM - trojan v C:\Temp

Re: Prosim o vycisteni; MbAM - trojan v C:\Temp

Re: Prosim o vycisteni; MbAM - trojan v C:\Temp

Re: Prosim o vycisteni; MbAM - trojan v C:\Temp +

Re: Prosim o vycisteni; MbAM - trojan v C:\Temp +

Re: Prosim o vycisteni; MbAM - trojan v C:\Temp +

Re: Prosim o vycisteni; MbAM - trojan v C:\Temp +

Kdo je online