Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:12:46, on 23. 5. 2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe
C:\Documents and Settings\michal\Dokumenty\Preberanie\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {339a0dff-d9af-439b-92bc-636220fb3dae} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Toolbar BHO - {55cde9e7-696c-47c4-8e21-7210b8aeb103} - C:\PROGRA~1\SMILEY~3\bar\1.bin\1wbar.dll
O2 - BHO: Search Assistant BHO - {5ed22e89-62fa-47ec-bd8d-374d849d436c} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.1\bh\facemoods.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.1\facemoodsTlbr.dll
O3 - Toolbar: SmileyCentral - {d3ca5551-fc2e-4d09-8ece-263607acf9fc} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbar.dll
O3 - Toolbar: Nuclear Games Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Show Xmlbar Toolbar - {6B896ADB-4A82-46e2-858C-13134782CE34} - C:\Program Files\Xmlbar\Video Joiner\IEBar\xbietb.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Documents and Settings\michal\Data aplikací\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-21-583907252-492894223-1177238915-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-583907252-492894223-1177238915-1008\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &Xmlbar Search - http://www.xmlbar.com/iebar/iemenu.php? ... ak&ver=1.0
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\michal\Data aplikací\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\michal\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Prevziať cez IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Prevziať cez IDM všetky prepojenia - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Prevziať obsah FLV cez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: Video Joiner - {C7883BD1-C06B-4f9e-BA96-0D8C5DE373D9} - C:\Program Files\Xmlbar\Video Joiner\FlvJoiner(xmlbar).exe
O9 - Extra 'Tools' menuitem: Video Joiner - {C7883BD1-C06B-4f9e-BA96-0D8C5DE373D9} - C:\Program Files\Xmlbar\Video Joiner\FlvJoiner(xmlbar).exe
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Billeo - {97ED3A9F-CD6F-473A-8FE1-7505C1B844C3} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 13181 bytes
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4698
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
23. 5. 2011 12:03:38
mbam-log-2011-05-23 (12-03-38).txt
Typ skenu: Rychlý sken
Skenované objekty: 145565
Uplynulý čas: 11 minuta(y), 42 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
prosim o kontrolu logu,zamrza pc Vyřešeno
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: prosim o kontrolu logu,zamrza pc
Odinstaluj:
facemoods Toolbar
SmileyCentral
Nuclear Games Toolbar
Show Xmlbar Toolbar
Freecorder Toolbar
Conduit Engine
ASK toolbar
Spyware Terminator
Fixni:
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
facemoods Toolbar
SmileyCentral
Nuclear Games Toolbar
Show Xmlbar Toolbar
Freecorder Toolbar
Conduit Engine
ASK toolbar
Spyware Terminator
Fixni:
Kód: Vybrat vše
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {339a0dff-d9af-439b-92bc-636220fb3dae} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll
O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Toolbar BHO - {55cde9e7-696c-47c4-8e21-7210b8aeb103} - C:\PROGRA~1\SMILEY~3\bar\1.bin\1wbar.dll
O2 - BHO: Search Assistant BHO - {5ed22e89-62fa-47ec-bd8d-374d849d436c} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.1\bh\facemoods.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.1\facemoodsTlbr.dll
O3 - Toolbar: SmileyCentral - {d3ca5551-fc2e-4d09-8ece-263607acf9fc} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbar.dll
O3 - Toolbar: Nuclear Games Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Show Xmlbar Toolbar - {6B896ADB-4A82-46e2-858C-13134782CE34} - C:\Program Files\Xmlbar\Video Joiner\IEBar\xbietb.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-21-583907252-492894223-1177238915-1008\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &Xmlbar Search - http://www.xmlbar.com/iebar/iemenu.php? ... ak&ver=1.0
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: prosim o kontrolu logu,zamrza pc
jedna otazka.ako mam fixnuť vybrane položky?
Re: prosim o kontrolu logu,zamrza pc
aha už viem.pardon
Re: prosim o kontrolu logu,zamrza pc
ComboFix 11-05-22.01 - michal . 05. 2011 14:04:47.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.2047.1625 [GMT 2:00]
Running from: c:\documents and settings\michal\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\michal\Data aplikací\facemoods.com
c:\happyclock\happyclock.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
.
.
((((((((((((((((((((((((( Files Created from 2011-04-23 to 2011-05-23 )))))))))))))))))))))))))))))))
.
.
2011-05-23 09:29 . 2011-05-23 09:31 -------- d-----w- c:\documents and settings\UpdatusUser
2011-05-23 09:27 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-05-23 09:27 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-05-22 17:15 . 2011-05-22 17:15 -------- d-----w- c:\program files\SaversPlanet.com
2011-05-22 17:15 . 2011-05-23 12:11 -------- d-----w- C:\happyclock
2011-05-22 13:56 . 2011-05-22 17:13 -------- d-----w- c:\documents and settings\michal\Data aplikací\7art
2011-05-22 10:45 . 2011-05-22 16:58 -------- d-----w- c:\documents and settings\michal\Data aplikací\bvcsky
2011-05-22 10:45 . 2011-03-11 11:36 83968 ----a-w- c:\windows\system32\bvcsky.dll
2011-05-21 08:45 . 2011-05-21 08:45 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\Help
2011-05-20 16:43 . 2000-05-10 23:00 90112 ------w- c:\windows\Updreg.EXE
2011-05-20 16:43 . 1998-10-20 14:05 54784 ------w- c:\windows\system32\INETWH32.DLL
2011-05-20 16:43 . 1998-06-05 00:00 84992 ------w- c:\windows\system32\SFCVRT32.DLL
2011-05-20 16:43 . 1996-05-23 00:24 24976 ------w- c:\windows\CTRES.DLL
2011-05-20 16:43 . 1995-08-30 00:02 82432 ------w- c:\windows\system32\CTWFLT32.DLL
2011-05-20 16:43 . 1995-07-13 00:01 26768 ------w- c:\windows\system32\CTL3D.DLL
2011-05-20 16:43 . 1995-01-13 12:10 149504 ------w- c:\windows\system32\MFCANS32.DLL
2011-05-20 16:43 . 1995-01-13 12:10 108032 ------w- c:\windows\system32\MFCUIA32.DLL
2011-05-20 16:43 . 1994-12-05 01:11 53552 ------w- c:\windows\CTCCW.DLL
2011-05-20 16:43 . 2011-05-20 16:43 -------- d-----w- c:\windows\system32\Defaults
2011-05-20 15:52 . 2011-05-20 15:52 -------- d-----w- C:\Drivers Backup
2011-05-20 12:40 . 2011-05-20 12:42 -------- d-----w- c:\program files\CyberLink
2011-05-20 12:39 . 2008-11-16 10:11 -------- d-----w- C:\PowerDVD Ultra 8.0.2217
2011-05-19 18:19 . 2011-05-19 18:19 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\PowerDVDCox
2011-05-19 18:19 . 2011-05-19 18:19 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\PowerDVDCinema
2011-05-19 18:17 . 2011-05-20 12:42 -------- d-----w- c:\program files\Common Files\CyberLink
2011-05-19 18:16 . 2011-05-20 12:44 29480 ----a-w- c:\windows\system32\msxml3a.dll
2011-05-19 17:18 . 2011-05-19 17:18 737280 ----a-w- c:\windows\iun6002.exe
2011-05-19 17:07 . 2011-05-20 11:06 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\CyberLink
2011-05-19 12:45 . 2011-05-20 12:43 -------- d-----w- c:\documents and settings\michal\Data aplikací\CyberLink
2011-05-19 12:45 . 2011-05-19 17:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PDVD
2011-05-19 12:44 . 2011-05-20 11:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CyberLink
2011-05-19 12:44 . 2011-05-19 12:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\MediaServer
2011-05-19 12:44 . 2011-05-19 12:44 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\MediaServer
2011-05-19 12:42 . 2011-05-20 12:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Temp
2011-05-19 12:42 . 2011-05-19 17:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\install_clap
2011-05-19 10:46 . 2011-05-19 10:46 14 ----a-w- c:\windows\system32\Systemdrv.sys
2011-05-19 10:46 . 2011-05-19 10:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DVDXStudio
2011-05-14 14:04 . 2008-04-13 21:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-05-14 14:04 . 2008-04-13 21:15 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-05-10 15:40 . 2011-05-20 15:48 -------- d-----w- c:\program files\8BallClub
2011-04-30 07:10 . 2011-04-30 07:10 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-27 17:32 . 2011-05-04 17:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Freecorder
2011-04-25 13:31 . 2011-05-23 12:01 -------- d-----w- c:\program files\Freecorder
2011-04-25 11:38 . 2011-04-25 11:40 -------- d-----w- c:\documents and settings\michal\Data aplikací\Replay Media Catcher 4
2011-04-25 11:38 . 2011-04-25 11:38 -------- d-----w- c:\program files\Applian Technologies
2011-04-25 08:10 . 2011-04-25 08:17 -------- d-----w- c:\program files\Common Files\Real
2011-04-25 08:10 . 2011-04-25 08:17 -------- d-----w- c:\program files\Real
2011-04-25 07:27 . 2011-04-25 07:27 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2011-04-25 07:26 . 2011-04-25 07:26 -------- d-----w- c:\windows\Replay Media Catcher
2011-04-25 07:01 . 2011-04-30 07:10 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\Conduit
2011-04-25 07:01 . 2011-05-23 08:41 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\Freecorder
2011-04-25 07:00 . 2011-05-23 10:19 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\FLVService
2011-04-25 07:00 . 2011-04-25 07:00 -------- d-----w- c:\windows\Freecorder
2011-04-24 09:34 . 2011-04-24 09:34 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\Jaksta_Pty_Ltd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-20 12:44 . 2010-09-14 18:25 505128 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-20 12:44 . 2010-09-14 18:25 353576 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-20 12:44 . 2001-10-25 12:00 49448 ----a-w- c:\windows\system32\msxml3r.dll
2011-04-08 05:14 . 2010-09-18 17:20 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14 . 2010-09-18 17:20 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
2011-04-08 05:14 . 2010-09-18 17:20 5210112 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14 . 2010-09-18 17:20 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14 . 2010-09-18 17:20 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14 . 2010-09-18 17:20 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14 . 2010-09-18 17:20 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-08 05:14 . 2006-06-23 14:49 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-08 05:14 . 2006-06-23 14:49 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-04-07 20:15 . 2011-04-07 20:15 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-04-07 20:15 . 2011-04-07 20:15 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 20:15 . 2011-04-07 20:15 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-07 20:15 . 2011-04-07 20:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 20:15 . 2011-04-07 20:15 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 20:15 . 2011-04-07 20:15 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-04-07 20:15 . 2011-04-07 20:15 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-03-27 10:22 . 2010-10-07 17:31 5056 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-03-07 05:31 . 2010-09-14 11:09 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2008-04-14 06:52 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:52 . 2009-02-14 19:17 1866880 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 15:04 . 2010-09-23 18:48 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-09-23 18:48 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2011-02-26 17:45 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:56 . 2010-09-23 18:48 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-09-23 18:48 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-09-23 18:48 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 14:55 . 2010-09-23 18:48 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 14:55 . 2010-09-23 18:48 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:54 . 2010-09-23 18:48 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 14:54 . 2010-09-23 18:48 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-22 23:08 . 2008-12-20 22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2009-02-14 18:45 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2008-12-20 22:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
.
.
------- Sigcheck -------
.
[-] 2009-02-14 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2010-09-14 26624]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-05-26 3220912]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-10-07 75048]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
"NvMediaCenter"="NvMCTray.dll" [2011-04-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX110 Series]
2008-09-27 00:00 199680 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIFBE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2010-05-26 09:16 3220912 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-17 19:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-04-07 20:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileyCentralIE_1w Browser Plugin Loader]
2010-11-20 23:02 20480 ----a-w- c:\progra~1\SMILEY~3\bar\1.bin\1wbrmon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\michal\\Data aplikací\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\2010 FIFA World Cup South Africa\\WCSA10.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Worms 3D\\bin\\Worms3D.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\8BallClub\\GameDirector.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8500:TCP"= 8500:TCP:HockeyDash
"13000:UDP"= 13000:UDP:HockeyDash
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14. 9. 2010 13:46 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [26. 2. 2011 19:45 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23. 9. 2010 20:48 301528]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [7. 10. 2008 20:31 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23. 9. 2010 20:48 19544]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [25. 9. 2010 21:34 10384]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [23. 5. 2011 11:29 2218600]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [24. 6. 2010 13:46 28256]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14. 9. 2010 13:34 136176]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [24. 6. 2010 13:46 28256]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14. 9. 2010 13:34 136176]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [7. 3. 2011 14:56 27064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 12:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2011-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-14 11:34]
.
2011-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-14 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.sk/
uInternet Settings,ProxyOverride = *.local
IE: &Xmlbar Search - http://www.xmlbar.com/iebar/iemenu.php? ... ak&ver=1.0
IE: Free YouTube Download - c:\documents and settings\michal\Data aplikací\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\michal\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Prevziať cez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Prevziať cez IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Prevziať obsah FLV cez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: {{C7883BD1-C06B-4f9e-BA96-0D8C5DE373D9} - c:\program files\Xmlbar\Video Joiner\FlvJoiner(xmlbar).exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\michal\Data aplikací\Mozilla\Firefox\Profiles\p9kzbdip.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search
FF - prefs.js: browser.startup.homepage - http:/google.sk
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 1060933&q=
user_pref(extensions.kwiclick.channel.campaign,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.content,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.id,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.cse,'009607407620987551725:3hfwsbgoj80');
user_pref(extensions.kwiclick.channel.medium,'cpa');
user_pref(extensions.kwiclick.channel.source,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.set,true);
user_pref(extensions.kwiclick.channel.campaign,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.content,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.id,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.cse,'009607407620987551725:3hfwsbgoj80');
user_pref(extensions.kwiclick.channel.medium,'cpa');
user_pref(extensions.kwiclick.channel.source,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.set,true);
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodssrv.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-23 14:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{59c4ac6b-1bb3-42cc-acc5-ba9c0b6ab1b3}]
@Denied: (Full) (Everyone)
"Model"=dword:00000048
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):1b,84,09,99,38,0a,d5,fb,e9,97,74,e5,60,6a,6b,be,46,8a,e9,c8,4b,
a3,84,b0,23,df,0a,0f,c1,ec,85,67,e8,3a,94,2c,b3,54,80,cb,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\d62ae326-5297-65e9-0032-a638e61e82d]
@Denied: (Full) (AuthenticatedUsers)
@Denied: (Full) (Administrators)
"1w3ihl1oevhiy"=hex:37,36,62,65,61,38,30,31,2d,66,30,31,33,2d,34,65,37,32,2d,
62,39,38,61,2d,33,35,38,35,35,38,66,37,30,65,32,65
"19mzum9p92zx3"=hex:64,62,08,00,10,32,65,00,d8,33,39,5a,f0,ff,ff,ff,e0,c2,c2,
00,08,c3,c2,00,41,37,41,42,f0,ff,ff,ff,52,00,45,00,47,00,5f,00,53,00,5a,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(2408)
c:\documents and settings\michal\Local Settings\Data aplikací\FLVService\lib\FLVSrvLib.dll
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-05-23 14:18:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-23 12:18
.
Pre-Run: Volných bajtů: 68 429 590 528
Post-Run: Volných bajtů: 68 416 790 528
.
- - End Of File - - 1243822EA9DABD05F688C2CCF617046C
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.2047.1625 [GMT 2:00]
Running from: c:\documents and settings\michal\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\michal\Data aplikací\facemoods.com
c:\happyclock\happyclock.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
.
.
((((((((((((((((((((((((( Files Created from 2011-04-23 to 2011-05-23 )))))))))))))))))))))))))))))))
.
.
2011-05-23 09:29 . 2011-05-23 09:31 -------- d-----w- c:\documents and settings\UpdatusUser
2011-05-23 09:27 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-05-23 09:27 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-05-22 17:15 . 2011-05-22 17:15 -------- d-----w- c:\program files\SaversPlanet.com
2011-05-22 17:15 . 2011-05-23 12:11 -------- d-----w- C:\happyclock
2011-05-22 13:56 . 2011-05-22 17:13 -------- d-----w- c:\documents and settings\michal\Data aplikací\7art
2011-05-22 10:45 . 2011-05-22 16:58 -------- d-----w- c:\documents and settings\michal\Data aplikací\bvcsky
2011-05-22 10:45 . 2011-03-11 11:36 83968 ----a-w- c:\windows\system32\bvcsky.dll
2011-05-21 08:45 . 2011-05-21 08:45 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\Help
2011-05-20 16:43 . 2000-05-10 23:00 90112 ------w- c:\windows\Updreg.EXE
2011-05-20 16:43 . 1998-10-20 14:05 54784 ------w- c:\windows\system32\INETWH32.DLL
2011-05-20 16:43 . 1998-06-05 00:00 84992 ------w- c:\windows\system32\SFCVRT32.DLL
2011-05-20 16:43 . 1996-05-23 00:24 24976 ------w- c:\windows\CTRES.DLL
2011-05-20 16:43 . 1995-08-30 00:02 82432 ------w- c:\windows\system32\CTWFLT32.DLL
2011-05-20 16:43 . 1995-07-13 00:01 26768 ------w- c:\windows\system32\CTL3D.DLL
2011-05-20 16:43 . 1995-01-13 12:10 149504 ------w- c:\windows\system32\MFCANS32.DLL
2011-05-20 16:43 . 1995-01-13 12:10 108032 ------w- c:\windows\system32\MFCUIA32.DLL
2011-05-20 16:43 . 1994-12-05 01:11 53552 ------w- c:\windows\CTCCW.DLL
2011-05-20 16:43 . 2011-05-20 16:43 -------- d-----w- c:\windows\system32\Defaults
2011-05-20 15:52 . 2011-05-20 15:52 -------- d-----w- C:\Drivers Backup
2011-05-20 12:40 . 2011-05-20 12:42 -------- d-----w- c:\program files\CyberLink
2011-05-20 12:39 . 2008-11-16 10:11 -------- d-----w- C:\PowerDVD Ultra 8.0.2217
2011-05-19 18:19 . 2011-05-19 18:19 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\PowerDVDCox
2011-05-19 18:19 . 2011-05-19 18:19 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\PowerDVDCinema
2011-05-19 18:17 . 2011-05-20 12:42 -------- d-----w- c:\program files\Common Files\CyberLink
2011-05-19 18:16 . 2011-05-20 12:44 29480 ----a-w- c:\windows\system32\msxml3a.dll
2011-05-19 17:18 . 2011-05-19 17:18 737280 ----a-w- c:\windows\iun6002.exe
2011-05-19 17:07 . 2011-05-20 11:06 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\CyberLink
2011-05-19 12:45 . 2011-05-20 12:43 -------- d-----w- c:\documents and settings\michal\Data aplikací\CyberLink
2011-05-19 12:45 . 2011-05-19 17:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PDVD
2011-05-19 12:44 . 2011-05-20 11:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CyberLink
2011-05-19 12:44 . 2011-05-19 12:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\MediaServer
2011-05-19 12:44 . 2011-05-19 12:44 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\MediaServer
2011-05-19 12:42 . 2011-05-20 12:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Temp
2011-05-19 12:42 . 2011-05-19 17:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\install_clap
2011-05-19 10:46 . 2011-05-19 10:46 14 ----a-w- c:\windows\system32\Systemdrv.sys
2011-05-19 10:46 . 2011-05-19 10:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DVDXStudio
2011-05-14 14:04 . 2008-04-13 21:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-05-14 14:04 . 2008-04-13 21:15 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-05-10 15:40 . 2011-05-20 15:48 -------- d-----w- c:\program files\8BallClub
2011-04-30 07:10 . 2011-04-30 07:10 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-27 17:32 . 2011-05-04 17:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Freecorder
2011-04-25 13:31 . 2011-05-23 12:01 -------- d-----w- c:\program files\Freecorder
2011-04-25 11:38 . 2011-04-25 11:40 -------- d-----w- c:\documents and settings\michal\Data aplikací\Replay Media Catcher 4
2011-04-25 11:38 . 2011-04-25 11:38 -------- d-----w- c:\program files\Applian Technologies
2011-04-25 08:10 . 2011-04-25 08:17 -------- d-----w- c:\program files\Common Files\Real
2011-04-25 08:10 . 2011-04-25 08:17 -------- d-----w- c:\program files\Real
2011-04-25 07:27 . 2011-04-25 07:27 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2011-04-25 07:26 . 2011-04-25 07:26 -------- d-----w- c:\windows\Replay Media Catcher
2011-04-25 07:01 . 2011-04-30 07:10 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\Conduit
2011-04-25 07:01 . 2011-05-23 08:41 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\Freecorder
2011-04-25 07:00 . 2011-05-23 10:19 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\FLVService
2011-04-25 07:00 . 2011-04-25 07:00 -------- d-----w- c:\windows\Freecorder
2011-04-24 09:34 . 2011-04-24 09:34 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\Jaksta_Pty_Ltd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-20 12:44 . 2010-09-14 18:25 505128 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-20 12:44 . 2010-09-14 18:25 353576 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-20 12:44 . 2001-10-25 12:00 49448 ----a-w- c:\windows\system32\msxml3r.dll
2011-04-08 05:14 . 2010-09-18 17:20 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14 . 2010-09-18 17:20 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
2011-04-08 05:14 . 2010-09-18 17:20 5210112 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14 . 2010-09-18 17:20 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14 . 2010-09-18 17:20 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14 . 2010-09-18 17:20 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14 . 2010-09-18 17:20 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-08 05:14 . 2006-06-23 14:49 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-08 05:14 . 2006-06-23 14:49 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-04-07 20:15 . 2011-04-07 20:15 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-04-07 20:15 . 2011-04-07 20:15 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 20:15 . 2011-04-07 20:15 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-07 20:15 . 2011-04-07 20:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 20:15 . 2011-04-07 20:15 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 20:15 . 2011-04-07 20:15 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-04-07 20:15 . 2011-04-07 20:15 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-03-27 10:22 . 2010-10-07 17:31 5056 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-03-07 05:31 . 2010-09-14 11:09 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2008-04-14 06:52 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:52 . 2009-02-14 19:17 1866880 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 15:04 . 2010-09-23 18:48 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-09-23 18:48 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2011-02-26 17:45 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:56 . 2010-09-23 18:48 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-09-23 18:48 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-09-23 18:48 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 14:55 . 2010-09-23 18:48 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 14:55 . 2010-09-23 18:48 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:54 . 2010-09-23 18:48 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 14:54 . 2010-09-23 18:48 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-22 23:08 . 2008-12-20 22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2009-02-14 18:45 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2008-12-20 22:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
.
.
------- Sigcheck -------
.
[-] 2009-02-14 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2010-09-14 26624]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-05-26 3220912]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-10-07 75048]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
"NvMediaCenter"="NvMCTray.dll" [2011-04-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX110 Series]
2008-09-27 00:00 199680 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIFBE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2010-05-26 09:16 3220912 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-17 19:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-04-07 20:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileyCentralIE_1w Browser Plugin Loader]
2010-11-20 23:02 20480 ----a-w- c:\progra~1\SMILEY~3\bar\1.bin\1wbrmon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\michal\\Data aplikací\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\2010 FIFA World Cup South Africa\\WCSA10.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Worms 3D\\bin\\Worms3D.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\8BallClub\\GameDirector.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8500:TCP"= 8500:TCP:HockeyDash
"13000:UDP"= 13000:UDP:HockeyDash
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14. 9. 2010 13:46 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [26. 2. 2011 19:45 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23. 9. 2010 20:48 301528]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [7. 10. 2008 20:31 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23. 9. 2010 20:48 19544]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [25. 9. 2010 21:34 10384]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [23. 5. 2011 11:29 2218600]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [24. 6. 2010 13:46 28256]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14. 9. 2010 13:34 136176]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [24. 6. 2010 13:46 28256]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14. 9. 2010 13:34 136176]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [7. 3. 2011 14:56 27064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 12:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2011-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-14 11:34]
.
2011-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-14 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.sk/
uInternet Settings,ProxyOverride = *.local
IE: &Xmlbar Search - http://www.xmlbar.com/iebar/iemenu.php? ... ak&ver=1.0
IE: Free YouTube Download - c:\documents and settings\michal\Data aplikací\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\michal\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Prevziať cez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Prevziať cez IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Prevziať obsah FLV cez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: {{C7883BD1-C06B-4f9e-BA96-0D8C5DE373D9} - c:\program files\Xmlbar\Video Joiner\FlvJoiner(xmlbar).exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\michal\Data aplikací\Mozilla\Firefox\Profiles\p9kzbdip.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search
FF - prefs.js: browser.startup.homepage - http:/google.sk
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 1060933&q=
user_pref(extensions.kwiclick.channel.campaign,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.content,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.id,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.cse,'009607407620987551725:3hfwsbgoj80');
user_pref(extensions.kwiclick.channel.medium,'cpa');
user_pref(extensions.kwiclick.channel.source,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.set,true);
user_pref(extensions.kwiclick.channel.campaign,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.content,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.id,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.cse,'009607407620987551725:3hfwsbgoj80');
user_pref(extensions.kwiclick.channel.medium,'cpa');
user_pref(extensions.kwiclick.channel.source,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.set,true);
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodssrv.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-23 14:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{59c4ac6b-1bb3-42cc-acc5-ba9c0b6ab1b3}]
@Denied: (Full) (Everyone)
"Model"=dword:00000048
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):1b,84,09,99,38,0a,d5,fb,e9,97,74,e5,60,6a,6b,be,46,8a,e9,c8,4b,
a3,84,b0,23,df,0a,0f,c1,ec,85,67,e8,3a,94,2c,b3,54,80,cb,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\d62ae326-5297-65e9-0032-a638e61e82d]
@Denied: (Full) (AuthenticatedUsers)
@Denied: (Full) (Administrators)
"1w3ihl1oevhiy"=hex:37,36,62,65,61,38,30,31,2d,66,30,31,33,2d,34,65,37,32,2d,
62,39,38,61,2d,33,35,38,35,35,38,66,37,30,65,32,65
"19mzum9p92zx3"=hex:64,62,08,00,10,32,65,00,d8,33,39,5a,f0,ff,ff,ff,e0,c2,c2,
00,08,c3,c2,00,41,37,41,42,f0,ff,ff,ff,52,00,45,00,47,00,5f,00,53,00,5a,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(2408)
c:\documents and settings\michal\Local Settings\Data aplikací\FLVService\lib\FLVSrvLib.dll
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-05-23 14:18:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-23 12:18
.
Pre-Run: Volných bajtů: 68 429 590 528
Post-Run: Volných bajtů: 68 416 790 528
.
- - End Of File - - 1243822EA9DABD05F688C2CCF617046C
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: prosim o kontrolu logu,zamrza pc
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
File::
c:\windows\iun6002.exe
c:\windows\system32\Systemdrv.sys
c:\windows\system32\ConduitEngine.tmp
c:\windows\system32\PerfStringBackup.TMP
c:\windows\system32\GameMon.des
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Folder::
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileyCentralIE_1w Browser Plugin Loader]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
Driver::
npggsvc
DDS::
uInternet Settings,ProxyOverride = *.local
IE: &Xmlbar Search - http://www.xmlbar.com/iebar/iemenu.php? ... ak&ver=1.0
Firefox::
FF - ProfilePath - c:\documents and settings\michal\Data aplikací\Mozilla\Firefox\Profiles\p9kzbdip.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 1060933&q=
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: prosim o kontrolu logu,zamrza pc
ComboFix 11-05-22.01 - michal . 05. 2011 15:03:24.6.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.2047.1487 [GMT 2:00]
Running from: c:\documents and settings\michal\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\michal\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\iun6002.exe"
"c:\windows\system32\ConduitEngine.tmp"
"c:\windows\system32\GameMon.des"
"c:\windows\system32\PerfStringBackup.TMP"
"c:\windows\system32\Systemdrv.sys"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\close.png
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\like.png
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next.png
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next_hover.png
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\powered-by.png
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev.png
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev_hover.png
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\settings.png
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Thumbs.db
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\initialNotification.html
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\main.html
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyle.css
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyleIE9.css
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\sampleNotification.html
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\DialogsAPI.js
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\PIE.htc
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\settings.js
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\version.txt
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_15651_15317_SK.xml
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_SK.xml
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\LanguagePacks\en.xml
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\CT1060933\FreecorderAutoUpdaterHelper.exe
c:\windows\iun6002.exe
c:\windows\system32\ConduitEngine.tmp
c:\windows\system32\GameMon.des
c:\windows\system32\PerfStringBackup.TMP
c:\windows\system32\Systemdrv.sys
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_npggsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-04-23 to 2011-05-23 )))))))))))))))))))))))))))))))
.
.
2011-05-23 09:29 . 2011-05-23 09:31 -------- d-----w- c:\documents and settings\UpdatusUser
2011-05-23 09:27 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-05-23 09:27 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-05-22 17:15 . 2011-05-22 17:15 -------- d-----w- c:\program files\SaversPlanet.com
2011-05-22 17:15 . 2011-05-23 12:11 -------- d-----w- C:\happyclock
2011-05-22 13:56 . 2011-05-22 17:13 -------- d-----w- c:\documents and settings\michal\Data aplikací\7art
2011-05-22 10:45 . 2011-05-22 16:58 -------- d-----w- c:\documents and settings\michal\Data aplikací\bvcsky
2011-05-22 10:45 . 2011-03-11 11:36 83968 ----a-w- c:\windows\system32\bvcsky.dll
2011-05-21 08:45 . 2011-05-21 08:45 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\Help
2011-05-20 16:43 . 2000-05-10 23:00 90112 ------w- c:\windows\Updreg.EXE
2011-05-20 16:43 . 1998-10-20 14:05 54784 ------w- c:\windows\system32\INETWH32.DLL
2011-05-20 16:43 . 1998-06-05 00:00 84992 ------w- c:\windows\system32\SFCVRT32.DLL
2011-05-20 16:43 . 1996-05-23 00:24 24976 ------w- c:\windows\CTRES.DLL
2011-05-20 16:43 . 1995-08-30 00:02 82432 ------w- c:\windows\system32\CTWFLT32.DLL
2011-05-20 16:43 . 1995-07-13 00:01 26768 ------w- c:\windows\system32\CTL3D.DLL
2011-05-20 16:43 . 1995-01-13 12:10 149504 ------w- c:\windows\system32\MFCANS32.DLL
2011-05-20 16:43 . 1995-01-13 12:10 108032 ------w- c:\windows\system32\MFCUIA32.DLL
2011-05-20 16:43 . 1994-12-05 01:11 53552 ------w- c:\windows\CTCCW.DLL
2011-05-20 16:43 . 2011-05-20 16:43 -------- d-----w- c:\windows\system32\Defaults
2011-05-20 15:52 . 2011-05-20 15:52 -------- d-----w- C:\Drivers Backup
2011-05-20 12:40 . 2011-05-20 12:42 -------- d-----w- c:\program files\CyberLink
2011-05-20 12:39 . 2008-11-16 10:11 -------- d-----w- C:\PowerDVD Ultra 8.0.2217
2011-05-19 18:19 . 2011-05-19 18:19 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\PowerDVDCox
2011-05-19 18:19 . 2011-05-19 18:19 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\PowerDVDCinema
2011-05-19 18:17 . 2011-05-20 12:42 -------- d-----w- c:\program files\Common Files\CyberLink
2011-05-19 18:16 . 2011-05-20 12:44 29480 ----a-w- c:\windows\system32\msxml3a.dll
2011-05-19 17:07 . 2011-05-20 11:06 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\CyberLink
2011-05-19 12:45 . 2011-05-20 12:43 -------- d-----w- c:\documents and settings\michal\Data aplikací\CyberLink
2011-05-19 12:45 . 2011-05-19 17:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PDVD
2011-05-19 12:44 . 2011-05-20 11:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CyberLink
2011-05-19 12:44 . 2011-05-19 12:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\MediaServer
2011-05-19 12:44 . 2011-05-19 12:44 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\MediaServer
2011-05-19 12:42 . 2011-05-20 12:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Temp
2011-05-19 12:42 . 2011-05-19 17:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\install_clap
2011-05-19 10:46 . 2011-05-19 10:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DVDXStudio
2011-05-14 14:04 . 2008-04-13 21:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-05-14 14:04 . 2008-04-13 21:15 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-05-10 15:40 . 2011-05-20 15:48 -------- d-----w- c:\program files\8BallClub
2011-04-27 17:32 . 2011-05-04 17:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Freecorder
2011-04-25 13:31 . 2011-05-23 12:01 -------- d-----w- c:\program files\Freecorder
2011-04-25 11:38 . 2011-04-25 11:40 -------- d-----w- c:\documents and settings\michal\Data aplikací\Replay Media Catcher 4
2011-04-25 11:38 . 2011-04-25 11:38 -------- d-----w- c:\program files\Applian Technologies
2011-04-25 08:10 . 2011-04-25 08:17 -------- d-----w- c:\program files\Common Files\Real
2011-04-25 08:10 . 2011-04-25 08:17 -------- d-----w- c:\program files\Real
2011-04-25 07:27 . 2011-04-25 07:27 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2011-04-25 07:26 . 2011-04-25 07:26 -------- d-----w- c:\windows\Replay Media Catcher
2011-04-25 07:01 . 2011-05-23 08:41 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\Freecorder
2011-04-25 07:00 . 2011-05-23 12:24 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\FLVService
2011-04-25 07:00 . 2011-04-25 07:00 -------- d-----w- c:\windows\Freecorder
2011-04-24 09:34 . 2011-04-24 09:34 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\Jaksta_Pty_Ltd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-20 12:44 . 2010-09-14 18:25 505128 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-20 12:44 . 2010-09-14 18:25 353576 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-20 12:44 . 2001-10-25 12:00 49448 ----a-w- c:\windows\system32\msxml3r.dll
2011-04-08 05:14 . 2010-09-18 17:20 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14 . 2010-09-18 17:20 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
2011-04-08 05:14 . 2010-09-18 17:20 5210112 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14 . 2010-09-18 17:20 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14 . 2010-09-18 17:20 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14 . 2010-09-18 17:20 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14 . 2010-09-18 17:20 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-08 05:14 . 2006-06-23 14:49 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-08 05:14 . 2006-06-23 14:49 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-04-07 20:15 . 2011-04-07 20:15 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-04-07 20:15 . 2011-04-07 20:15 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 20:15 . 2011-04-07 20:15 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-07 20:15 . 2011-04-07 20:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 20:15 . 2011-04-07 20:15 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 20:15 . 2011-04-07 20:15 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-04-07 20:15 . 2011-04-07 20:15 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-03-07 05:31 . 2010-09-14 11:09 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2008-04-14 06:52 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:52 . 2009-02-14 19:17 1866880 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 15:04 . 2010-09-23 18:48 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-09-23 18:48 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2011-02-26 17:45 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:56 . 2010-09-23 18:48 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-09-23 18:48 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-09-23 18:48 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 14:55 . 2010-09-23 18:48 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 14:55 . 2010-09-23 18:48 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:54 . 2010-09-23 18:48 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 14:54 . 2010-09-23 18:48 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-22 23:08 . 2008-12-20 22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2009-02-14 18:45 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2008-12-20 22:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
.
.
------- Sigcheck -------
.
[-] 2009-02-14 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-05-23_12.14.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-23 13:13 . 2011-05-23 13:13 16384 c:\windows\temp\Perflib_Perfdata_388.dat
+ 2011-03-24 20:00 . 2011-05-23 13:13 211865 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2010-09-14 26624]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-05-26 3220912]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-10-07 75048]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
"NvMediaCenter"="NvMCTray.dll" [2011-04-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX110 Series]
2008-09-27 00:00 199680 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIFBE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2010-05-26 09:16 3220912 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-17 19:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-04-07 20:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\michal\\Data aplikací\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\2010 FIFA World Cup South Africa\\WCSA10.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Worms 3D\\bin\\Worms3D.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\8BallClub\\GameDirector.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8500:TCP"= 8500:TCP:HockeyDash
"13000:UDP"= 13000:UDP:HockeyDash
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14. 9. 2010 13:46 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [26. 2. 2011 19:45 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23. 9. 2010 20:48 301528]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [7. 10. 2008 20:31 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23. 9. 2010 20:48 19544]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [25. 9. 2010 21:34 10384]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [23. 5. 2011 11:29 2218600]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [24. 6. 2010 13:46 28256]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14. 9. 2010 13:34 136176]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [24. 6. 2010 13:46 28256]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14. 9. 2010 13:34 136176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [7. 3. 2011 14:56 27064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 12:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.sk/
IE: Free YouTube Download - c:\documents and settings\michal\Data aplikací\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\michal\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Prevziať cez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Prevziať cez IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Prevziať obsah FLV cez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: {{C7883BD1-C06B-4f9e-BA96-0D8C5DE373D9} - c:\program files\Xmlbar\Video Joiner\FlvJoiner(xmlbar).exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\michal\Data aplikací\Mozilla\Firefox\Profiles\p9kzbdip.default\
FF - prefs.js: browser.startup.homepage - http:/google.sk
user_pref(extensions.kwiclick.channel.campaign,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.content,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.id,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.cse,'009607407620987551725:3hfwsbgoj80');
user_pref(extensions.kwiclick.channel.medium,'cpa');
user_pref(extensions.kwiclick.channel.source,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.set,true);
user_pref(extensions.kwiclick.channel.campaign,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.content,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.id,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.cse,'009607407620987551725:3hfwsbgoj80');
user_pref(extensions.kwiclick.channel.medium,'cpa');
user_pref(extensions.kwiclick.channel.source,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.set,true);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-23 15:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{59c4ac6b-1bb3-42cc-acc5-ba9c0b6ab1b3}]
@Denied: (Full) (Everyone)
"Model"=dword:00000048
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):1b,84,09,99,38,0a,d5,fb,e9,97,74,e5,60,6a,6b,be,46,8a,e9,c8,4b,
a3,84,b0,23,df,0a,0f,c1,ec,85,67,e8,3a,94,2c,b3,54,80,cb,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\d62ae326-5297-65e9-0032-a638e61e82d]
@Denied: (Full) (AuthenticatedUsers)
@Denied: (Full) (Administrators)
"1w3ihl1oevhiy"=hex:37,36,62,65,61,38,30,31,2d,66,30,31,33,2d,34,65,37,32,2d,
62,39,38,61,2d,33,35,38,35,35,38,66,37,30,65,32,65
"19mzum9p92zx3"=hex:64,62,08,00,10,32,65,00,d8,33,39,5a,f0,ff,ff,ff,e0,c2,c2,
00,08,c3,c2,00,41,37,41,42,f0,ff,ff,ff,52,00,45,00,47,00,5f,00,53,00,5a,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(1208)
c:\documents and settings\michal\Local Settings\Data aplikací\FLVService\lib\FLVSrvLib.dll
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-05-23 15:17:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-23 13:17
ComboFix2.txt 2011-05-23 12:18
.
Pre-Run: Volných bajtů: 71 307 862 016
Post-Run: Volných bajtů: 71 286 788 096
.
- - End Of File - - 6125FC5E07768B7EAAA02532ACF85A0B
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.2047.1487 [GMT 2:00]
Running from: c:\documents and settings\michal\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\michal\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\iun6002.exe"
"c:\windows\system32\ConduitEngine.tmp"
"c:\windows\system32\GameMon.des"
"c:\windows\system32\PerfStringBackup.TMP"
"c:\windows\system32\Systemdrv.sys"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\close.png
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\like.png
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next.png
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next_hover.png
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\powered-by.png
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev.png
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev_hover.png
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\settings.png
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Thumbs.db
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\initialNotification.html
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\main.html
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyle.css
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyleIE9.css
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\AppNotificationDialog\sampleNotification.html
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\DialogsAPI.js
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\PIE.htc
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\settings.js
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Dialogs\version.txt
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_15651_15317_SK.xml
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_SK.xml
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\Community Alerts\LanguagePacks\en.xml
c:\documents and settings\michal\Local Settings\Data aplikací\Conduit\CT1060933\FreecorderAutoUpdaterHelper.exe
c:\windows\iun6002.exe
c:\windows\system32\ConduitEngine.tmp
c:\windows\system32\GameMon.des
c:\windows\system32\PerfStringBackup.TMP
c:\windows\system32\Systemdrv.sys
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_npggsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-04-23 to 2011-05-23 )))))))))))))))))))))))))))))))
.
.
2011-05-23 09:29 . 2011-05-23 09:31 -------- d-----w- c:\documents and settings\UpdatusUser
2011-05-23 09:27 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-05-23 09:27 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-05-22 17:15 . 2011-05-22 17:15 -------- d-----w- c:\program files\SaversPlanet.com
2011-05-22 17:15 . 2011-05-23 12:11 -------- d-----w- C:\happyclock
2011-05-22 13:56 . 2011-05-22 17:13 -------- d-----w- c:\documents and settings\michal\Data aplikací\7art
2011-05-22 10:45 . 2011-05-22 16:58 -------- d-----w- c:\documents and settings\michal\Data aplikací\bvcsky
2011-05-22 10:45 . 2011-03-11 11:36 83968 ----a-w- c:\windows\system32\bvcsky.dll
2011-05-21 08:45 . 2011-05-21 08:45 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\Help
2011-05-20 16:43 . 2000-05-10 23:00 90112 ------w- c:\windows\Updreg.EXE
2011-05-20 16:43 . 1998-10-20 14:05 54784 ------w- c:\windows\system32\INETWH32.DLL
2011-05-20 16:43 . 1998-06-05 00:00 84992 ------w- c:\windows\system32\SFCVRT32.DLL
2011-05-20 16:43 . 1996-05-23 00:24 24976 ------w- c:\windows\CTRES.DLL
2011-05-20 16:43 . 1995-08-30 00:02 82432 ------w- c:\windows\system32\CTWFLT32.DLL
2011-05-20 16:43 . 1995-07-13 00:01 26768 ------w- c:\windows\system32\CTL3D.DLL
2011-05-20 16:43 . 1995-01-13 12:10 149504 ------w- c:\windows\system32\MFCANS32.DLL
2011-05-20 16:43 . 1995-01-13 12:10 108032 ------w- c:\windows\system32\MFCUIA32.DLL
2011-05-20 16:43 . 1994-12-05 01:11 53552 ------w- c:\windows\CTCCW.DLL
2011-05-20 16:43 . 2011-05-20 16:43 -------- d-----w- c:\windows\system32\Defaults
2011-05-20 15:52 . 2011-05-20 15:52 -------- d-----w- C:\Drivers Backup
2011-05-20 12:40 . 2011-05-20 12:42 -------- d-----w- c:\program files\CyberLink
2011-05-20 12:39 . 2008-11-16 10:11 -------- d-----w- C:\PowerDVD Ultra 8.0.2217
2011-05-19 18:19 . 2011-05-19 18:19 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\PowerDVDCox
2011-05-19 18:19 . 2011-05-19 18:19 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\PowerDVDCinema
2011-05-19 18:17 . 2011-05-20 12:42 -------- d-----w- c:\program files\Common Files\CyberLink
2011-05-19 18:16 . 2011-05-20 12:44 29480 ----a-w- c:\windows\system32\msxml3a.dll
2011-05-19 17:07 . 2011-05-20 11:06 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\CyberLink
2011-05-19 12:45 . 2011-05-20 12:43 -------- d-----w- c:\documents and settings\michal\Data aplikací\CyberLink
2011-05-19 12:45 . 2011-05-19 17:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PDVD
2011-05-19 12:44 . 2011-05-20 11:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\CyberLink
2011-05-19 12:44 . 2011-05-19 12:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\MediaServer
2011-05-19 12:44 . 2011-05-19 12:44 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\MediaServer
2011-05-19 12:42 . 2011-05-20 12:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Temp
2011-05-19 12:42 . 2011-05-19 17:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\install_clap
2011-05-19 10:46 . 2011-05-19 10:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DVDXStudio
2011-05-14 14:04 . 2008-04-13 21:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-05-14 14:04 . 2008-04-13 21:15 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-05-10 15:40 . 2011-05-20 15:48 -------- d-----w- c:\program files\8BallClub
2011-04-27 17:32 . 2011-05-04 17:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Freecorder
2011-04-25 13:31 . 2011-05-23 12:01 -------- d-----w- c:\program files\Freecorder
2011-04-25 11:38 . 2011-04-25 11:40 -------- d-----w- c:\documents and settings\michal\Data aplikací\Replay Media Catcher 4
2011-04-25 11:38 . 2011-04-25 11:38 -------- d-----w- c:\program files\Applian Technologies
2011-04-25 08:10 . 2011-04-25 08:17 -------- d-----w- c:\program files\Common Files\Real
2011-04-25 08:10 . 2011-04-25 08:17 -------- d-----w- c:\program files\Real
2011-04-25 07:27 . 2011-04-25 07:27 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2011-04-25 07:26 . 2011-04-25 07:26 -------- d-----w- c:\windows\Replay Media Catcher
2011-04-25 07:01 . 2011-05-23 08:41 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\Freecorder
2011-04-25 07:00 . 2011-05-23 12:24 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\FLVService
2011-04-25 07:00 . 2011-04-25 07:00 -------- d-----w- c:\windows\Freecorder
2011-04-24 09:34 . 2011-04-24 09:34 -------- d-----w- c:\documents and settings\michal\Local Settings\Data aplikací\Jaksta_Pty_Ltd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-20 12:44 . 2010-09-14 18:25 505128 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-20 12:44 . 2010-09-14 18:25 353576 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-20 12:44 . 2001-10-25 12:00 49448 ----a-w- c:\windows\system32\msxml3r.dll
2011-04-08 05:14 . 2010-09-18 17:20 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14 . 2010-09-18 17:20 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
2011-04-08 05:14 . 2010-09-18 17:20 5210112 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14 . 2010-09-18 17:20 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14 . 2010-09-18 17:20 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14 . 2010-09-18 17:20 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14 . 2010-09-18 17:20 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-08 05:14 . 2006-06-23 14:49 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-08 05:14 . 2006-06-23 14:49 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-04-07 20:15 . 2011-04-07 20:15 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-04-07 20:15 . 2011-04-07 20:15 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 20:15 . 2011-04-07 20:15 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-07 20:15 . 2011-04-07 20:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 20:15 . 2011-04-07 20:15 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 20:15 . 2011-04-07 20:15 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-04-07 20:15 . 2011-04-07 20:15 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-03-07 05:31 . 2010-09-14 11:09 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2008-04-14 06:52 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:52 . 2009-02-14 19:17 1866880 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 15:04 . 2010-09-23 18:48 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-09-23 18:48 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2011-02-26 17:45 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:56 . 2010-09-23 18:48 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-09-23 18:48 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-09-23 18:48 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 14:55 . 2010-09-23 18:48 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 14:55 . 2010-09-23 18:48 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:54 . 2010-09-23 18:48 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 14:54 . 2010-09-23 18:48 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-22 23:08 . 2008-12-20 22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2009-02-14 18:45 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2008-12-20 22:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
.
.
------- Sigcheck -------
.
[-] 2009-02-14 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-05-23_12.14.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-23 13:13 . 2011-05-23 13:13 16384 c:\windows\temp\Perflib_Perfdata_388.dat
+ 2011-03-24 20:00 . 2011-05-23 13:13 211865 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2010-09-14 26624]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-05-26 3220912]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-10-07 75048]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
"NvMediaCenter"="NvMCTray.dll" [2011-04-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX110 Series]
2008-09-27 00:00 199680 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIFBE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2010-05-26 09:16 3220912 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-17 19:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-04-07 20:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\michal\\Data aplikací\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\2010 FIFA World Cup South Africa\\WCSA10.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Worms 3D\\bin\\Worms3D.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\8BallClub\\GameDirector.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8500:TCP"= 8500:TCP:HockeyDash
"13000:UDP"= 13000:UDP:HockeyDash
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14. 9. 2010 13:46 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [26. 2. 2011 19:45 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23. 9. 2010 20:48 301528]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [7. 10. 2008 20:31 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23. 9. 2010 20:48 19544]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [25. 9. 2010 21:34 10384]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [23. 5. 2011 11:29 2218600]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [24. 6. 2010 13:46 28256]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14. 9. 2010 13:34 136176]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [24. 6. 2010 13:46 28256]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14. 9. 2010 13:34 136176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [7. 3. 2011 14:56 27064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 12:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.sk/
IE: Free YouTube Download - c:\documents and settings\michal\Data aplikací\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\michal\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Prevziať cez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Prevziať cez IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Prevziať obsah FLV cez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: {{C7883BD1-C06B-4f9e-BA96-0D8C5DE373D9} - c:\program files\Xmlbar\Video Joiner\FlvJoiner(xmlbar).exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\michal\Data aplikací\Mozilla\Firefox\Profiles\p9kzbdip.default\
FF - prefs.js: browser.startup.homepage - http:/google.sk
user_pref(extensions.kwiclick.channel.campaign,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.content,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.id,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.cse,'009607407620987551725:3hfwsbgoj80');
user_pref(extensions.kwiclick.channel.medium,'cpa');
user_pref(extensions.kwiclick.channel.source,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.set,true);
user_pref(extensions.kwiclick.channel.campaign,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.content,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.id,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.cse,'009607407620987551725:3hfwsbgoj80');
user_pref(extensions.kwiclick.channel.medium,'cpa');
user_pref(extensions.kwiclick.channel.source,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.set,true);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-23 15:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{59c4ac6b-1bb3-42cc-acc5-ba9c0b6ab1b3}]
@Denied: (Full) (Everyone)
"Model"=dword:00000048
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):1b,84,09,99,38,0a,d5,fb,e9,97,74,e5,60,6a,6b,be,46,8a,e9,c8,4b,
a3,84,b0,23,df,0a,0f,c1,ec,85,67,e8,3a,94,2c,b3,54,80,cb,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\d62ae326-5297-65e9-0032-a638e61e82d]
@Denied: (Full) (AuthenticatedUsers)
@Denied: (Full) (Administrators)
"1w3ihl1oevhiy"=hex:37,36,62,65,61,38,30,31,2d,66,30,31,33,2d,34,65,37,32,2d,
62,39,38,61,2d,33,35,38,35,35,38,66,37,30,65,32,65
"19mzum9p92zx3"=hex:64,62,08,00,10,32,65,00,d8,33,39,5a,f0,ff,ff,ff,e0,c2,c2,
00,08,c3,c2,00,41,37,41,42,f0,ff,ff,ff,52,00,45,00,47,00,5f,00,53,00,5a,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(1208)
c:\documents and settings\michal\Local Settings\Data aplikací\FLVService\lib\FLVSrvLib.dll
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-05-23 15:17:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-23 13:17
ComboFix2.txt 2011-05-23 12:18
.
Pre-Run: Volných bajtů: 71 307 862 016
Post-Run: Volných bajtů: 71 286 788 096
.
- - End Of File - - 6125FC5E07768B7EAAA02532ACF85A0B
Re: prosim o kontrolu logu,zamrza pc
viem,že toho máte vela,len či sa na mňa nezabudlo. 
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: prosim o kontrolu logu,zamrza pc
Vidíš, že poslední 3 hodiny v HJT nikdo z rádců nebyl, tak nechápu, o co se tím příspěvkem snažíš... tady topovat nemusíš... 
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials
+ Nový log z HJT
Jak se chová PC?
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials
+ Nový log z HJT
Jak se chová PC?
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: prosim o kontrolu logu,zamrza pc
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:50:07, on 23. 5. 2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe
C:\Documents and Settings\michal\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-583907252-492894223-1177238915-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-583907252-492894223-1177238915-1008\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'UpdatusUser')
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\michal\Data aplikací\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\michal\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Prevziať cez IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Prevziať cez IDM všetky prepojenia - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Prevziať obsah FLV cez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: Video Joiner - {C7883BD1-C06B-4f9e-BA96-0D8C5DE373D9} - C:\Program Files\Xmlbar\Video Joiner\FlvJoiner(xmlbar).exe
O9 - Extra 'Tools' menuitem: Video Joiner - {C7883BD1-C06B-4f9e-BA96-0D8C5DE373D9} - C:\Program Files\Xmlbar\Video Joiner\FlvJoiner(xmlbar).exe
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Billeo - {97ED3A9F-CD6F-473A-8FE1-7505C1B844C3} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
--
End of file - 9468 bytes
prepáč,nechcel som nikoho naháňať.viem že ste total vyťažení.pc zatial drží v pohode a aj internet je podstatne rýchlejší.chcem sa ešte opýtať,mám znovu nainštalovať spyware terminator,alebo stačí avast.?
Scan saved at 17:50:07, on 23. 5. 2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe
C:\Documents and Settings\michal\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-583907252-492894223-1177238915-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-583907252-492894223-1177238915-1008\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'UpdatusUser')
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\michal\Data aplikací\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\michal\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Prevziať cez IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Prevziať cez IDM všetky prepojenia - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Prevziať obsah FLV cez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: Video Joiner - {C7883BD1-C06B-4f9e-BA96-0D8C5DE373D9} - C:\Program Files\Xmlbar\Video Joiner\FlvJoiner(xmlbar).exe
O9 - Extra 'Tools' menuitem: Video Joiner - {C7883BD1-C06B-4f9e-BA96-0D8C5DE373D9} - C:\Program Files\Xmlbar\Video Joiner\FlvJoiner(xmlbar).exe
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Billeo - {97ED3A9F-CD6F-473A-8FE1-7505C1B844C3} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
--
End of file - 9468 bytes
prepáč,nechcel som nikoho naháňať.viem že ste total vyťažení.pc zatial drží v pohode a aj internet je podstatne rýchlejší.chcem sa ešte opýtať,mám znovu nainštalovať spyware terminator,alebo stačí avast.?
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: prosim o kontrolu logu,zamrza pc
Avast stačí. ST už není to co býval. To to radši občas projeď MbAMem.
Pokud se PC chová normálně, můžeš dát vyřešeno
Pokud se PC chová normálně, můžeš dát vyřešeno
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 102 hostů