modrá smrt - kontrola logu Vyřešeno

[milaaccept]

Zdravím.
Padají mi Xp při brouzdání na netu / modrá smrt/. Ramky by měly být v pořádku a tak prosím o kontrolu logu :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14:15, on 19.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\System Explorer\SystemExplorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\totalcmd\TOTALCMD.EXE
E:\Kontroly\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.autocompletepro.com/?si=10197&bi=400
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.flashget.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{EF3F8253-D99F-4FBF-8654-7388ACAE8DE3}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.autocompletepro.com/?si=10197&bi=400
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA2.dll
O2 - BHO: AC-Pro - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum 5 Pro\FpLaunch.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA2.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Já\Data aplikací\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA2.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SystemExplorerAutoStart] "C:\Program Files\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: SystemExplorerDisabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: Zástupce - RemoteControlAppl.lnk = C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: SystemExplorerDisabled (User 'Default user')
O4 - .DEFAULT Startup: Zástupce - RemoteControlAppl.lnk = C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe (User 'Default user')
O4 - Startup: SystemExplorerDisabled
O4 - Startup: Zástupce - RemoteControlAppl.lnk = C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - Global Startup: SystemExplorerDisabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Já\Data aplikací\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Já\Data aplikací\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Stahnou vse FlashGet3 - C:\Documents and Settings\Já\Data aplikací\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Stahnout FlashGet3 - C:\Documents and Settings\Já\Data aplikací\FlashGetBHO\GetUrl.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {49049542-DE38-45c2-B09E-2CF3BC4237E0} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AidMaker - {49049542-DE38-45c2-B09E-2CF3BC4237E0} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5103576562
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: ABBYY FineReader 9.0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe (file missing)
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Blue Coat Systems, Inc. - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c986ece66dbc88) (gupdate1c986ece66dbc88) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe

--
End of file - 18082 bytes

Za pomoc všem díky

milaaccept

[Reklama]

[jaro3]

Odinstaluj:
McAfee SiteAdvisor Toolbar
MyAshampoo Toolbar
Conduit Engine
DAEMON Tools Toolbar
facemoods Toolbar

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.autocompletepro.com/?si=10197&bi=400
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.flashget.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{EF3F8253-D99F-4FBF-8654-7388ACAE8DE3}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.autocompletepro.com/?si=10197&bi=400
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA2.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA2.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA2.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - S-1-5-18 Startup: SystemExplorerDisabled (User 'SYSTEM')
O4 - .DEFAULT Startup: SystemExplorerDisabled (User 'Default user')
O4 - Startup: SystemExplorerDisabled
O4 - Global Startup: SystemExplorerDisabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

[milaaccept]

Díkes a vkládám
----------------------------------------------------------------------------
CrystalDiskInfo 4.0.2 (C) 2008-2011 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows XP Home Edition SP3 [5.1 Build 2600] (x86)
Date : 2011/07/19 22:42:36

-- Controller Map ----------------------------------------------------------
+ PCI Standardní dvoukanálový řadič IDE [ATA]
+ Primární kanál IDE (0)
- HL-DT-ST DVD-RAM GH22LP20
- Sekundární kanál IDE (1)
+ NVIDIA nForce Serial ATA Controller [ATA]
- WDC WD50 00AAKS-00A7B SCSI Disk Device
- WDC WD32 00KS-00PFB0 SCSI Disk Device
- NVIDIA nForce Serial ATA Controller [ATA]
- A75ERC4X IDE Controller [SCSI]

-- Disk List ---------------------------------------------------------------
(1) WDC WD5000AAKS-00A7B0 : 500.1 GB [0-2-0, pd1]
(2) WDC WD3200KS-00PFB0 : 320.0 GB [1-2-1, pd1]

----------------------------------------------------------------------------
(1) WDC WD5000AAKS-00A7B0
----------------------------------------------------------------------------
Model : WDC WD5000AAKS-00A7B0
Firmware : 01.03B01
Serial Number : WD-WMASY0113436
Disk Size : 500.1 GB (8.4/137.4/500.1)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ----
Transfer Mode : SATA/300
Power On Hours : 14511 hod.
Power On Count : 1279 krát
Temparature : 44 C (111 F)
Health Status : Dobrý
Features : S.M.A.R.T., AAM, 48bit LBA, NCQ
APM Level : ----
AAM Level : 80FEh [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Počet chyb čtení
03 157 157 _21 0000000013F4 Čas na roztočení ploten
04 100 100 __0 00000000005D Počet spuštění/zastavení
05 200 200 140 000000000000 Počet přemapovaných sektorů
07 200 200 _51 000000000000 Počet chybných hledání
09 _81 _81 __0 0000000038AF Hodin v činnosti
0A 100 253 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 _51 000000000000 Počet pokusů o překalibrování
0C _99 _99 __0 0000000004FF Počet cyklů zapnutí zařízení
C0 200 200 __0 0000000002C1 Počet vypnutí disku
C1 200 200 __0 0000000004FF Počet cyklů načítání/vymazání
C2 103 _89 __0 00000000002C Teplota
C4 200 200 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 200 200 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 200 200 _51 000000000000 Počet chyb při zápisu sektorů

-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 42 7A 3F FF C8 37 00 10 00 00 00 00 00 3F 00 00
010: 00 00 00 00 20 20 20 20 20 57 44 2D 57 4D 41 53
020: 59 30 31 31 33 34 33 36 00 00 80 00 00 32 30 31
030: 2E 30 33 42 30 31 57 44 43 20 57 44 35 30 30 30
040: 41 41 4B 53 2D 30 30 41 37 42 30 20 20 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 80 10
060: 00 00 2F 00 40 01 00 00 00 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 10 FF FF 0F FF 00 00 00 07
080: 00 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 1F 07 06 00 00 00 44 00 40
0A0: 01 FE 00 00 74 6B 7F 61 41 23 74 69 BC 41 41 23
0B0: 40 7F 00 3D 00 3D 00 00 FF FE 00 00 80 FE 00 00
0C0: 00 00 00 00 00 00 00 00 60 30 3A 38 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 50 01 4E E0 AB 2D CD 8C
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 10
0F0: 40 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 29 00 00 00 00 00 00 00 00 16 9D 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 30 3F 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 10 0E 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 01 10 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E6 A5

----------------------------------------------------------------------------
(2) WDC WD3200KS-00PFB0
----------------------------------------------------------------------------
Model : WDC WD3200KS-00PFB0
Firmware : 21.00M21
Serial Number : WD-WCAPD2918848
Disk Size : 320.0 GB (8.4/137.4/320.0)
Buffer Size : 16384 KB
Queue Depth : 1
# of Sectors : 625142448
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA/ATAPI-7
Minor Version : ----
Transfer Mode : SATA/300
Power On Hours : 17323 hod.
Power On Count : 1903 krát
Temparature : 50 C (122 F)
Health Status : Dobrý
Features : S.M.A.R.T., AAM, 48bit LBA, NCQ
APM Level : ----
AAM Level : 80FEh [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Počet chyb čtení
03 186 182 _21 00000000161A Čas na roztočení ploten
04 _98 _98 __0 0000000007F5 Počet spuštění/zastavení
05 200 200 140 000000000000 Počet přemapovaných sektorů
07 200 200 _51 000000000000 Počet chybných hledání
09 _77 _77 __0 0000000043AB Hodin v činnosti
0A 100 100 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 _51 000000000000 Počet pokusů o překalibrování
0C _99 _99 __0 00000000076F Počet cyklů zapnutí zařízení
BE _50 _38 __0 000000000032 Teplota toku vzduchu
C2 100 _88 __0 000000000032 Teplota
C4 200 200 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 200 200 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 200 200 _51 000000000000 Počet chyb při zápisu sektorů

-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 42 7A 3F FF C8 37 00 10 00 00 00 00 00 3F 00 00
010: 00 00 00 00 20 20 20 20 20 57 44 2D 57 43 41 50
020: 44 32 39 31 38 38 34 38 00 00 80 00 00 32 32 31
030: 2E 30 30 4D 32 31 57 44 43 20 57 44 33 32 30 30
040: 4B 53 2D 30 30 50 46 42 30 20 20 20 20 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 80 10
060: 00 00 2F 00 40 01 00 00 00 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 10 FF FF 0F FF 00 00 00 07
080: 00 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 00 07 06 00 00 00 44 00 40
0A0: 00 FE 00 00 74 6B 7F 61 40 23 74 69 3C 41 40 23
0B0: 40 7F 00 00 00 00 00 00 FF FE 00 00 80 FE 00 00
0C0: 00 00 00 00 00 00 00 00 EA B0 25 42 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 09 00 00 00 00 00 00 00 00 16 6F 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 10 3F 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14 A5

a sken

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3914

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19.7.2011 22:39:36
mbam-log-2011-07-19 (22-39-36).txt

Typ skenu: Rychlý sken
Skenované objekty: 140648
Uplynulý čas: 4 minuta(y), 29 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 8
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 8
Infikované soubory: 15

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CLASSES_ROOT\TypeLib\{01bcb858-2f62-4f06-a8f4-48f927c15333} (Adware.PredictAd) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c9ae652b-8c99-4ac2-b556-8b501182874e} (Adware.PredictAd) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0fb6a909-6086-458f-bd92-1f8ee10042a0} (Adware.PredictAd) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0fb6a909-6086-458f-bd92-1f8ee10042a0} (Adware.PredictAd) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0fb6a909-6086-458f-bd92-1f8ee10042a0} (Adware.PredictAd) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0fb6a909-6086-458f-bd92-1f8ee10042a0} (Adware.PredictAd) -> No action taken.
HKEY_CLASSES_ROOT\AppID\AutocompletePro.DLL (Adware.PredictAd) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\System32 (Backdoor.Bifrose) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
C:\Program Files\AutocompletePro (Adware.PredictAd) -> No action taken.
C:\Program Files\AutocompletePro\64 (Adware.PredictAd) -> No action taken.
C:\Program Files\AutocompletePro\chrome (Adware.PredictAd) -> No action taken.
C:\Program Files\AutocompletePro\support@predictad.com (Adware.PredictAd) -> No action taken.
C:\Program Files\AutocompletePro\support@predictad.com\chrome (Adware.PredictAd) -> No action taken.
C:\Program Files\AutocompletePro\support@predictad.com\chrome\content (Adware.PredictAd) -> No action taken.
C:\Program Files\AutocompletePro\support@predictad.com\defaults (Adware.PredictAd) -> No action taken.
C:\Program Files\AutocompletePro\support@predictad.com\defaults\preferences (Adware.PredictAd) -> No action taken.

Infikované soubory:
C:\Program Files\AutocompletePro\AutocompletePro.dll (Adware.PredictAd) -> No action taken.
C:\Program Files\AutocompletePro\ChromeSetSearchInBrowser.exe (Adware.PredictAd) -> No action taken.
C:\Program Files\AutocompletePro\FireFoxExtension.exe (Adware.PredictAd) -> No action taken.
C:\Program Files\AutocompletePro\InstTracker.exe (Adware.PredictAd) -> No action taken.
C:\Program Files\AutocompletePro\unins000.dat (Adware.PredictAd) -> No action taken.
C:\Program Files\AutocompletePro\unins000.exe (Adware.PredictAd) -> No action taken.
C:\Program Files\AutocompletePro\64\AutocompletePro64.dll (Adware.PredictAd) -> No action taken.
C:\Program Files\AutocompletePro\chrome\autocompleteprochrome.crx (Adware.PredictAd) -> No action taken.
C:\Program Files\AutocompletePro\support@predictad.com\chrome.manifest (Adware.PredictAd) -> No action taken.
C:\Program Files\AutocompletePro\support@predictad.com\install.rdf (Adware.PredictAd) -> No action taken.
C:\Program Files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul (Adware.PredictAd) -> No action taken.
C:\Program Files\AutocompletePro\support@predictad.com\chrome\content\options.js (Adware.PredictAd) -> No action taken.
C:\Program Files\AutocompletePro\support@predictad.com\chrome\content\options.xul (Adware.PredictAd) -> No action taken.
C:\Program Files\AutocompletePro\support@predictad.com\chrome\content\utils.js (Adware.PredictAd) -> No action taken.
C:\Program Files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js (Adware.PredictAd) -> No action taken.

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit nový log z MbAM.


Odinstaluj si AVG.

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[milaaccept]

Opravdu odinstalovat antivir avg ?

[bledulka]

Ano, odinstaluj ho, nesnese se s combofixem. A pokud ho nemáš placený, ale free, doporučuji pak nainstalovat jiný antivir, třeba Avast nebo Aviru.

[milaaccept]

dávám zatím log z MbAM

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3914

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20.7.2011 21:59:16
mbam-log-2011-07-20 (21-59-16).txt

Typ skenu: Rychlý sken
Skenované objekty: 140767
Uplynulý čas: 2 minuta(y), 8 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[bledulka]

Ještě ten combofix.

[milaaccept]

už je tu...ComboFix 11-07-20.05 - Já 20.07.2011 23:02:21.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2486 [GMT 2:00]
Spuštěný z: c:\documents and settings\Já\Plocha\ComboFix.exe
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe
c:\program files\facemoods.com\sqlite3.dll
c:\windows\AutoRun.ini
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
-------\Legacy_SSHNAS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-20 do 2011-07-20 )))))))))))))))))))))))))))))))
.
.
2011-07-20 20:34 . 2011-07-20 20:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG Security Toolbar
2011-07-20 17:41 . 2011-07-20 17:41 -------- d-----w- c:\documents and settings\Já\Data aplikací\Atari
2011-07-20 17:41 . 2002-02-27 16:50 197120 ----a-w- c:\windows\patchw32.dll
2011-07-20 15:30 . 2011-07-20 17:15 -------- d-----w- c:\program files\JDownloader
2011-07-18 19:27 . 2011-07-18 19:27 -------- d-----w- c:\documents and settings\Já\Data aplikací\Media Player Classic
2011-07-18 19:25 . 2011-07-18 19:25 -------- d-----w- c:\program files\Media Player Classic - Home Cinema
2011-07-17 10:37 . 2011-07-17 10:37 -------- d-----w- c:\program files\EA Sports
2011-07-14 20:20 . 2011-07-14 20:20 -------- d-----w- c:\program files\CPUID
2011-07-14 20:20 . 2010-11-09 13:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-07-14 17:29 . 2011-07-14 17:29 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2011-07-14 17:27 . 2011-07-14 17:27 -------- d-----w- c:\program files\AMD APP
2011-07-14 15:18 . 2011-07-14 15:18 -------- d-----w- c:\documents and settings\Já\Local Settings\Data aplikací\Time and Date 1.32
2011-07-14 14:36 . 2011-07-14 14:36 -------- d-----w- c:\documents and settings\Já\Local Settings\Data aplikací\eBook Reader
2011-07-14 14:34 . 2011-07-14 15:19 -------- d-----w- c:\documents and settings\Já\Local Settings\Data aplikací\Opera
2011-07-14 14:34 . 2011-07-14 14:34 -------- d-----w- c:\program files\Opera
2011-07-06 09:29 . 2011-07-14 20:05 -------- d-----w- c:\program files\Blue Coat K9 Web Protection
2011-07-04 16:14 . 2011-07-04 16:14 -------- d-----w- c:\documents and settings\Já\Data aplikací\FlashGet
2011-07-04 16:14 . 2011-07-04 16:44 -------- d-----w- c:\documents and settings\Já\Data aplikací\BITS
2011-07-04 16:14 . 2011-07-20 20:42 -------- d-----w- c:\program files\FlashGet Network
2011-07-04 16:11 . 2011-07-04 16:11 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-04 16:11 . 2011-07-04 16:11 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-04 08:06 . 2011-07-04 08:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-29 10:51 . 2011-06-29 10:51 1409 ----a-w- c:\windows\QTFont.for
2011-06-24 21:22 . 2011-06-24 21:22 -------- d-----w- c:\program files\Hand-Crafted Software
2011-06-24 21:22 . 2005-03-31 00:52 3502136 ----a-w- c:\windows\system32\php5ts.dll
2011-06-24 21:22 . 2005-03-31 00:52 28731 ----a-w- c:\windows\system32\php5isapi.dll
2011-06-24 19:38 . 2011-06-24 20:23 -------- d-----w- c:\documents and settings\Já\Data aplikací\HideIPEasy
2011-06-24 19:38 . 2011-06-24 20:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\HideIPEasy
2011-06-24 19:10 . 2011-06-24 19:11 -------- d-----w- c:\program files\PlatinumHideIP
2011-06-24 17:52 . 2011-06-24 17:52 -------- d-----w- c:\documents and settings\Já\Data aplikací\Day 1 Studios
2011-06-24 17:47 . 2011-07-17 10:27 -------- d-----w- c:\program files\WB Games
2011-06-22 20:11 . 2011-06-22 20:17 -------- d-----w- C:\Downloads
2011-06-22 19:00 . 2011-06-22 19:00 -------- d-----w- c:\documents and settings\Já\Data aplikací\Unity
2011-06-22 18:48 . 2011-06-22 18:48 -------- d-----w- c:\documents and settings\Já\Local Settings\Data aplikací\Unity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-10 21:41 . 2011-06-10 21:41 86544 ----a-w- c:\windows\system32\drivers\bckd.sys
2011-06-06 11:35 . 2006-03-02 12:00 1858944 ------w- c:\windows\system32\win32k.sys
2011-05-25 04:21 . 2008-10-06 19:44 6554624 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-05-25 04:15 . 2009-06-01 09:59 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-05-25 03:53 . 2009-02-04 02:43 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-05-25 03:53 . 2009-02-04 02:42 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-05-25 03:47 . 2009-02-04 05:57 17989632 ----a-w- c:\windows\system32\atioglxx.dll
2011-05-25 03:42 . 2009-02-04 02:40 5922816 ----a-w- c:\windows\system32\aticaldd.dll
2011-05-25 03:14 . 2008-04-14 03:21 4059328 ----a-w- c:\windows\system32\ati3duag.dll
2011-05-25 03:07 . 2011-02-10 20:17 956160 ----a-w- c:\windows\system32\ativvamv.dll
2011-05-25 03:05 . 2009-02-04 05:03 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-05-25 02:58 . 2009-02-04 03:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-05-25 02:56 . 2009-06-01 09:59 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-05-25 02:55 . 2008-04-14 03:21 302592 ----a-w- c:\windows\system32\ati2dvag.dll
2011-05-25 02:54 . 2008-04-14 03:21 3152384 ----a-w- c:\windows\system32\ativvaxx.dll
2011-05-25 02:39 . 2009-02-04 04:44 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-05-25 02:39 . 2009-02-04 04:44 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-05-25 02:39 . 2009-02-04 04:43 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-05-25 02:39 . 2009-02-04 04:43 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-05-25 02:38 . 2009-03-16 19:40 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-05-25 02:38 . 2009-02-04 03:58 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-05-25 02:38 . 2009-02-04 04:43 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-05-25 02:37 . 2009-02-04 04:41 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-05-25 02:36 . 2009-02-04 04:40 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-05-25 02:34 . 2010-05-10 18:08 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-05-25 02:31 . 2009-02-04 03:54 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-05-25 02:27 . 2009-02-04 03:53 200704 ----a-w- c:\windows\system32\atiadlxx.dll
2011-05-25 02:27 . 2009-02-04 03:52 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-05-25 02:22 . 2008-04-14 03:21 856064 ----a-w- c:\windows\system32\ati2cqag.dll
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-02 15:32 . 2008-07-04 13:51 692736 ------w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2006-03-02 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-03-02 12:00 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2006-03-02 12:00 33280 ------w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2006-03-02 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 16:06 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2002-07-04 16:11 . 2008-09-18 17:10 61440 ----a-w- c:\program files\piano.exe
2011-07-04 16:11 . 2011-05-14 14:50 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2009-05-20 04:26 429800 ----a-w- c:\program files\kikin\ie_kikin.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SystemExplorerAutoStart"="c:\program files\System Explorer\SystemExplorer.exe" [2011-05-15 2637632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
c:\documents and settings\J \Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - RemoteControlAppl.lnk - c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe [2006-2-14 69632]
.
c:\documents and settings\J \Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - RemoteControlAppl.lnk - c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe [2006-2-14 69632]
.
c:\documents and settings\J \Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - RemoteControlAppl.lnk - c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe [2006-2-14 69632]
.
c:\documents and settings\J \Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - RemoteControlAppl.lnk - c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe [2006-2-14 69632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-16 07:27 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2005-10-27 10:00 299008 ----a-w- c:\program files\Creative\Shared Files\CamTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2006-12-26 00:23 643072 ----a-w- c:\program files\Eraser\eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-05-26 19:50 15147400 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"NMIndexingService"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"Google Update"="c:\documents and settings\Já\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe"
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"RemoteControl"=c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\TV Enhance\\TVEnhance.exe"=
"c:\\Program Files\\CyberLink\\TV Enhance\\TVEService.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\WiselinkPro.exe"=
"c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\http_ss_win_pro.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\ASUS\\WL-520GC Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\NovaflatClient\\NovaflatClient.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\umi.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.9.2008 19:02 691696]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [10.6.2011 23:41 86544]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [8.2.2011 21:06 218688]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/06/03 22:33];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2.4.2010 9:11 87536]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [24.9.2007 17:11 566560]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [10.6.2011 23:41 1575184]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [14.7.2011 22:20 21992]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [25.3.2010 21:55 302928]
R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [15.7.2007 3:37 27992]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [3.3.2010 15:12 66944]
R2 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [20.10.2009 15:49 4708864]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [20.9.2008 22:20 2825088]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [24.6.2010 14:46 28256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25.3.2010 21:55 20824]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
S1 ArcSec;archlp;c:\windows\system32\drivers\ArcSec.sys --> c:\windows\system32\drivers\ArcSec.sys [?]
S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?]
S2 gupdate1c986ece66dbc88;Google Update Service (gupdate1c986ece66dbc88);c:\program files\Google\Update\GoogleUpdate.exe [4.2.2009 19:20 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [19.3.2010 9:46 1684736]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [24.6.2010 14:46 28256]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 CamSpaceBus;CamSpace Virtual Joystick Bus device driver;c:\windows\system32\drivers\CamSpaceBus.sys --> c:\windows\system32\drivers\CamSpaceBus.sys [?]
S3 CamSpaceJoy;CamSpace Virtual Joystick device driver;c:\windows\system32\drivers\CamSpaceJoy.sys [24.8.2008 13:55 30464]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [11.1.2009 22:57 1527900]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4.2.2009 19:20 133104]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [15.12.2009 17:08 32377]
S3 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [11.12.2008 21:36 364635]
S3 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [11.12.2008 21:36 172121]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [20.9.2008 23:23 178913]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [7.1.2010 17:51 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [7.1.2010 17:52 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [7.1.2010 17:52 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [7.1.2010 17:52 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [7.1.2010 17:52 25704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 17:20]
.
2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
uSearchAssistant = hxxp://www.google.com/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Stahnou vse FlashGet3 - c:\documents and settings\Já\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: Stahnout FlashGet3 - c:\documents and settings\Já\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?? - c:\documents and settings\Já\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\Já\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Já\Data aplikací\Mozilla\Firefox\Profiles\4fq88gn6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4de26cd0 ... &lng=cs&q=
FF - prefs.js: network.proxy.ftp - 178.74.194.107
FF - prefs.js: network.proxy.ftp_port - 8000
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.http - 178.74.194.107
FF - prefs.js: network.proxy.http_port - 8000
FF - prefs.js: network.proxy.socks - 178.74.194.107
FF - prefs.js: network.proxy.socks_port - 8000
FF - prefs.js: network.proxy.ssl - 178.74.194.107
FF - prefs.js: network.proxy.ssl_port - 8000
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
Notify-avgrsstarter - avgrsstx.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe
AddRemove-LifeGlobe Sharks, Terrors of the Deep 2_is1 - c:\program files\Prolific Publishing
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-20 23:07
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Windows Media Player\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2025429265-413027322-725345543-1004\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@="c:\\Documents and Settings\\Já\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-2025429265-413027322-725345543-1004\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@="c:\\Documents and Settings\\Já\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-2025429265-413027322-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2025429265-413027322-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7385F6B9-52C7-3B2B-3FB4-C6ECB70CCA17}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2025429265-413027322-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:0b,97,1a,df,07,50,9e,ac,ac,e6,ab,d1,89,6b,68,9d,41,7d,e8,63,6a,
27,9e,99,4c,80,c8,1e,10,c6,1c,f8,24,8d,ac,73,2f,82,5e,0d,4f,a6,f5,49,94,30,\
"rkeysecu"=hex:19,75,f8,98,70,2b,e6,e4,8d,19,8e,d3,4b,7b,cf,15
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|˙˙˙˙"•€|ţ»Ów*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1724)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2932)
c:\program files\RocketDock\RocketDock.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\locator.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2011-07-20 23:13:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-20 21:13
ComboFix2.txt 2008-05-30 21:58
ComboFix3.txt 2008-05-30 21:36
.
Před spuštěním: Volných bajtů: 23 655 178 240
Po spuštění: Volných bajtů: 24 129 732 608
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /usepmtimer /NoExecute=OptIn /TUTag=9LNHM9 /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Záloha)" /fastdetect /usepmtimer /NoExecute=OptIn /TUTag=9LNHM9-BAK
.
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 11A758D34C366600174F1E0F0079536A

[bledulka]

Jak je na tom počítač?

[milaaccept]

počítač přežil bez újmy....večer šlapal...dnes opoledne uvidím...dal jsem na radu a vyhodil vše od avg / nelíbil se mu ani avg tunning / a nahodil jsem comodo..zatím díkes

[bledulka]

Odinstaluj combofix přes
Start >> Spustit zkopíruj do okénka:
ComboFix /Uninstall

stiskni Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.



Stahni OTC
http://oldtimer.geekstogo.com/OTC.exe
-spusť
-počítač se restartuje
-tímto programem se vyčistí tempy a zbytky po programech
-po použití ho můžeš vymazat



Vlož nový log z HJT