Firefox - vyskakují nová, nevyžádaná okna

Zpráva

zajic01 · #1 Příspěvek od **zajic01** » 30 bře 2010 19:23

Ahoj,

prosím o pomoc s vyskakujícími okny. Již při otevření prohlížeče (Firefoxu) vyskočí jako primární záložka "Hotebar" a dále při práci průběžně přiskakují další Firefoxy (facebook, IQ testy, seznamky apod.).

Stáhnul jsem CCleaner a pročistil celé PC.
Nainstaloval jsem UPM a vytvořil log (níže).

Předem díky moc za pomoc!!!!
Ahoj Pavel
----------------------------------

Windows XP SP 3 (build 2600)
Boot Mode: Normal
Microsoft files verification: Yes
Whitelist: Yes
Internet Explorer v7.00.6000.16981 (vista_gdr.091215-2244)
Log generated:30.3.2010 20:13:17
================================================================

SmallARK
================================================================
[?]NtCreateKey -> spir.sys
[?]NtCreateProcess -> fshs.sys
[?]NtCreateProcessEx -> fshs.sys
[?]NtCreateThread -> fshs.sys
[?]NtEnumerateKey -> spir.sys
[?]NtEnumerateValueKey -> spir.sys
[?]NtLoadDriver -> fshs.sys
[?]NtMapViewOfSection -> fshs.sys
[?]NtOpenKey -> spir.sys
[?]NtOpenSection -> fshs.sys
[?]NtQueryKey -> spir.sys
[?]NtQueryValueKey -> spir.sys
[?]NtRenameKey -> fshs.sys
[?]NtSetSystemInformation -> fshs.sys
[?]NtSetValueKey -> spir.sys
[?]NtSuspendProcess -> fshs.sys
[?]NtSuspendThread -> fshs.sys
[?]NtSystemDebugControl -> fshs.sys
[?]NtTerminateProcess -> fshs.sys
[?]NtTerminateThread -> fshs.sys
[?]NtWriteVirtualMemory -> fshs.sys

(thread in??!) (2624)

Running processes
================================================================

C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRAM FILES\TO2SSM\MCCITRAYAPP.EXE
C:\PROGRAM FILES\WINFAST\WFDTV\DTVSCHDL.EXE
C:\PROGRAM FILES\COMMON FILES\NOKIA\MPLATFORM\NOKIAMSERVER.EXE
C:\PROGRAM FILES\WINFAST\WFDTV\WFWIZ.EXE
C:\PROGRAM FILES\CLOCX\CLOCX.EXE
C:\PROGRAM FILES\COMMON FILES\NOKIA\NOA\NOKIAASERVER.EXE
C:\PROGRAM FILES\SKYPE\PLUGIN MANAGER\SKYPEPM.EXE
C:\PROGRAM FILES\COMMON FILES\MOTIVE\MCCICMSERVICE.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\PROGRAM FILES\COMMON FILES\ULEAD SYSTEMS\DVD\ULCDRSVR.EXE
C:\PROGRAM FILES\PC CONNECTIVITY SOLUTION\SERVICELAYER.EXE
C:\PROGRAM FILES\PC CONNECTIVITY SOLUTION\TRANSPORTS\NCLUSBSRV.EXE
C:\PROGRAM FILES\PC CONNECTIVITY SOLUTION\TRANSPORTS\NCLRSSRV.EXE

Scanner
================================================================
[S] explorer.exe
Startup entry HKLM Winlogon [Shell]

[?] RTHDCPL.exe
Startup entry HKLM Run [RTHDCPL]

[?] SoundMan.exe
Startup entry HKLM Run [SoundMan]

[S] rundll32.exe
Startup entry HKLM Run [NvCplDaemon]

[?] McciTrayApp.exe
Startup entry HKLM Run [TO2SSM_McciTrayApp]
File 7%

[R] FSM32.EXE
Similar names: FSM32.EXE X FSMA32.EXE
Startup entry HKLM Run [F-Secure Manager]

[?] DTVSchdl.exe
Startup entry HKLM Run [WinFastDTV]
File 7%

[R] iTunesHelper.exe
Startup entry HKLM Run [iTunesHelper]

[R] Quickcam.exe
Startup entry HKLM Run [LogitechQuickCamRibbon]

[?] NokiaMServer.exe
File 7%

[S] ctfmon.exe
Startup entry HKCU Run [CTFMON.EXE]

[R] Skype.exe
Startup entry HKCU Run [Skype]
EntryPoint in section: CODE
|_ Section count: 8

[?] WFWIZ.exe
Startup entry HKCU Run [WinFast Schedule]
File 14%

[R] daemon.exe
Startup entry HKCU Run [DAEMON Tools Lite]

[R] NokiaOviSuite.exe
Startup entry HKCU Run [NokiaOviSuite2]

[?] ClocX.exe
Startup entry Startup [ClocX (2).lnk]
File 14%

[?] nokiaaserver.exe
Without manufacturer
File 12%

[?] skypePM.exe
EntryPoint in section: CODE
|_ Section count: 8
File 63%

[R] FSMA32.EXE
Similar names: FSMA32.EXE X FSM32.EXE
EntryPoint in section: .TEXT
|_ Section count: 9

[R] FSMB32.EXE
Similar names: FSMB32.EXE X FSM32.EXE
EntryPoint in section: .TEXT
|_ Section count: 6

[R] FAMEH32.EXE
EntryPoint in section: .TEXT
|_ Section count: 7

[?] McciCMService.exe
No window
File 7%

[?] nvsvc32.exe
Non Microsoft in System32:

[?] ULCDRSvr.exe
No window
File 7%

[?] ServiceLayer.exe
File 7%

[?] NclUSBSrv.exe
File 7%

[?] NclRSSrv.exe
File 7%

Startup
================================================================

HKCU Run
|_ [X][TO2SAM.Activation] D:\ServiceActivationManager\McciInitializer.exe (File not found)
|_ [R][Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized
|_ [?][WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
|_ [R][DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun
|_ (File not found)
|_ [R][NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray

HKLM Run
|_ [?][RTHDCPL] C:\WINDOWS\RTHDCPL.EXE
|_ [?][SoundMan] C:\WINDOWS\SOUNDMAN.EXE
|_ [?][AlcWzrd] C:\WINDOWS\ALCWZRD.EXE
|_ [?][Alcmtr] C:\WINDOWS\ALCMTR.EXE
|_ [X][GEST] = (File not found)
|_ [?][NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll ,NvStartup
|_ [?][nwiz] nwiz.exe /install
|_ [?][NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll ,NvTaskbarInit
|_ [?][TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
|_ [R][F-Secure Manager] C:\Program Files\O2 PC Strazce\Common\FSM32.EXE /splash
|_ [R][F-Secure TNB] C:\Program Files\O2 PC Strazce\FSGUI\TNBUtil.exe /CHECKALL /WAITFORSW
|_ [?][WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
|_ [?][QuickTime Task] C:\Program Files\QuickTime\QTTask.exe -atboottime
|_ [R][LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe /hide
|_ [X][NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup (File not found)

HKLM IC
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (File not found)
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (File not found)
|_ [?][{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] C:\WINDOWS\INF\msnetmtg.inf ,NetMtg.Install.PerUser.NT
|_ [?][{5945c046-1e7d-11d1-bc44-00c04fd912be}] C:\WINDOWS\INF\msmsgs.inf ,BLC.QuietInstall.PerUser
|_ [?][{6BF52A52-394A-11d3-B153-00C04F79FAA6}] C:\WINDOWS\INF\wmp.inf ,PerUserStub
|_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll

Startup
|_ [?][ClocX (2).lnk] C:\Program Files\ClocX\ClocX.exe

HKLM BHO
|_ [X][{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] (File not found)
|_ [?][{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}] C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll

Services (Display running: True, Display stopped: False, Display safe: False)
================================================================
[X] Google Update Service (gupdate1c98a0f558d83d0)
|_ Path: C:\Program Files\Google\Update\GoogleUpdate.exe /svc
| |_ Manufacturer:
| |_ Description:
| |_ MD5:
|
|_ Name: gupdate1c98a0f558d83d0
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Stopped
|_ Type: Win32 Own Process
|_ Dependency: RPCSS

[?] McciCMService
|_ Path: C:\Program Files\Common Files\Motive\McciCMService.exe
| |_ Manufacturer: Motive Communications, Inc.
| |_ Description: mcci+McciCMService
| |_ MD5: 4F74184920B2D6E33024409B4C5C57C1
|
|_ Name: McciCMService
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Running
|_ Type: Win32 Own Process
|_ Dependency: RPCSS

[?] NVIDIA Display Driver Service
|_ Path: C:\WINDOWS\system32\nvsvc32.exe
| |_ Manufacturer: NVIDIA Corporation
| |_ Description: NVIDIA Driver Helper Service, Version 175.16
| |_ MD5: 934833B3CD462A6F8A96F64D024C8B20
|
|_ Name: NVSvc
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Running
|_ Type: Win32 Own Process
|_ Dependency:

[?] ServiceLayer
|_ Path: C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
| |_ Manufacturer: Nokia
| |_ Description: ServiceLayer Module
| |_ MD5: 5BF59C6BC737BAAF541168E5CB2EC1D9
|
|_ Name: ServiceLayer
|_ StartName: LocalSystem
|_ Startup type: Manual startup
|_ Status: Running
|_ Type:
|_ Dependency: RPCSS

[?] Ulead Burning Helper
|_ Path: C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
| |_ Manufacturer: Ulead Systems, Inc.
| |_ Description: ULCDRSvr
| |_ MD5: 332D341D92B933600D41953B08360DFB
|
|_ Name: UleadBurningHelper
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Running
|_ Type: Win32 Own Process
|_ Dependency:

[X] Java Quick Starter
|_ Path: C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
| |_ Manufacturer:
| |_ Description:
| |_ MD5:
|
|_ Name: JavaQuickStarterService
|_ StartName: LocalSystem
|_ Startup type: Auto Start
|_ Status: Running
|_ Type: Win32 Own Process
|_ Dependency:

Drivers (Display running: True, Display stopped: False, Display safe: False)
================================================================
[?] WinFast DTV1000 S
|_ Path: C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
| |_ Manufacturer: Philips Semiconductors GmbH
| |_ Description: 3xHybrid
| |_ MD5: 28647411F3EBC00B7E4029B98CA79FCF
|
|_ Name: 3xHybrid
|_ StartName:
|_ Startup type: Manual startup
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:

[?] Service for Realtek HD Audio (WDM)
|_ Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
| |_ Manufacturer: Realtek Semiconductor Corp.
| |_ Description: Realtek(r) High Definition Audio Function Driver
| |_ MD5: 41BB402C2ADE27B32439BB765864AB3B
|
|_ Name: IntcAzAudAddService
|_ StartName:
|_ Startup type: Manual startup
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:

[?] nv
|_ Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
| |_ Manufacturer: NVIDIA Corporation
| |_ Description: NVIDIA Compatible Windows 2000 Miniport Driver, Version 175.16
| |_ MD5: 8E72E452B9CC1E455D19E3C9FA964D37
|
|_ Name: nv
|_ StartName:
|_ Startup type: Manual startup
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:

[?] Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver
|_ Path: C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
| |_ Manufacturer: Realtek Semiconductor Corporation
| |_ Description: Realtek 10/100/1000 NDIS 5.1 Driver
| |_ MD5: 89619EF503F949FAE09252A8B883EE11
|
|_ Name: RTLE8023xp
|_ StartName:
|_ Startup type: Manual startup
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:

[?] StarForce Protection Environment Driver (version 1.x)
|_ Path: C:\WINDOWS\System32\drivers\sfdrv01.sys
| |_ Manufacturer: Protection Technology (StarForce)
| |_ Description: FrontLine Environment Driver
| |_ MD5: 9E7DEE11FD5A4355941A45F13C0ED59A
|
|_ Name: sfdrv01
|_ StartName:
|_ Startup type: Boot Start
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:

[?] StarForce Protection Helper Driver (version 2.x)
|_ Path: C:\WINDOWS\System32\drivers\sfhlp02.sys
| |_ Manufacturer: Protection Technology (StarForce)
| |_ Description: FrontLine Helper Driver
| |_ MD5: ECEFB59D2206D281E6D317AF0EA0D8BD
|
|_ Name: sfhlp02
|_ StartName:
|_ Startup type: Boot Start
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:

[?] StarForce Protection Synchronization Driver (version 4.x)
|_ Path: C:\WINDOWS\System32\drivers\sfsync04.sys
| |_ Manufacturer: Protection Technology (StarForce)
| |_ Description: FrontLine Synchronization Driver
| |_ MD5: 05E3038180CD846B0BCA0E915163606A
|
|_ Name: sfsync04
|_ StartName:
|_ Startup type: Boot Start
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:

[?] sptd
|_ Path: C:\WINDOWS\System32\Drivers\sptd.sys
| |_ Manufacturer:
| |_ Description:
| |_ MD5:
|
|_ Name: sptd
|_ StartName:
|_ Startup type: Boot Start
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:

[?] Logitech Gaming HID Filter Driver
|_ Path: C:\WINDOWS\system32\drivers\WmFilter.sys
| |_ Manufacturer: Logitech Inc.
| |_ Description: Logitech WingMan Hid Filter Driver
| |_ MD5: B3CFCBCC91FF61EF82FC693B8B57E7F0
|
|_ Name: WmFilter
|_ StartName:
|_ Startup type: Manual startup
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:

[?] Logitech Gaming USB Filter Driver
|_ Path: C:\WINDOWS\system32\drivers\WmHidLo.sys
| |_ Manufacturer: Logitech Inc.
| |_ Description: Logitech WingMan Hid Lower Filter Driver
| |_ MD5: 84E2258C942C940198E60BE605C85601
|
|_ Name: WmHidLo
|_ StartName:
|_ Startup type: Manual startup
|_ Status: Running
|_ Type: Kernel Driver
|_ Dependency:

lNetStat
================================================================
Type: PID Process Local <-> Remote Status
------------------------------------------------------------------------------------------
TCP (288) Skype.exe 0.0.0.0:80 LISTENING
TCP (1048) svchost.exe 0.0.0.0:135 LISTENING
TCP (288) Skype.exe 0.0.0.0:443 LISTENING
TCP (4) System 0.0.0.0:445 LISTENING
TCP (288) Skype.exe 0.0.0.0:4099 LISTENING
TCP (4052) fsaua.exe 0.0.0.0:12110 LISTENING
TCP (4) System 10.0.0.2:139 LISTENING
TCP (288) Skype.exe 10.0.0.2:1039 <-> 85.14.8.230:16174 ESTABLISHED
TCP (1412) fsorsp.exe 10.0.0.2:1923 CLOSE_WAIT
TCP (4236) UPM.exe 10.0.0.2:2008 <-> 64.79.79.115:80 ESTABLISHED
TCP (4236) UPM.exe 10.0.0.2:2010 <-> 64.79.79.115:80 ESTABLISHED
TCP (3048) alg.exe 127.0.0.1:1058 LISTENING
TCP (4540) firefox.exe 127.0.0.1:1929 <-> 127.0.0.1:1930 ESTABLISHED
TCP (4540) firefox.exe 127.0.0.1:1930 <-> 127.0.0.1:1929 ESTABLISHED
TCP (4540) firefox.exe 127.0.0.1:1933 <-> 127.0.0.1:1934 ESTABLISHED
TCP (4540) firefox.exe 127.0.0.1:1934 <-> 127.0.0.1:1933 ESTABLISHED
TCP (2284) jqs.exe 127.0.0.1:5152 LISTENING
TCP (2284) jqs.exe 127.0.0.1:5152 CLOSE_WAIT
TCP (3008) mDNSResponder.exe 127.0.0.1:5354 LISTENING
UDP (288) Skype.exe 0.0.0.0:443 LISTENING
UDP (4) System 0.0.0.0:445
UDP (812) lsass.exe 0.0.0.0:500
UDP (3008) mDNSResponder.exe 0.0.0.0:1045
UDP (288) Skype.exe 0.0.0.0:4099
UDP (812) lsass.exe 0.0.0.0:4500
UDP (4052) fsaua.exe 0.0.0.0:12110
UDP (3008) mDNSResponder.exe 0.0.0.0:64470
UDP (1144) svchost.exe 10.0.0.2:123
UDP (4) System 10.0.0.2:137
UDP (4) System 10.0.0.2:138
UDP (1312) svchost.exe 10.0.0.2:1900
UDP (3008) mDNSResponder.exe 10.0.0.2:5353
UDP (1144) svchost.exe 127.0.0.1:123
UDP (288) Skype.exe 127.0.0.1:1030
UDP (1412) fsorsp.exe 127.0.0.1:1056
UDP (1312) svchost.exe 127.0.0.1:1900

Modules (Display safe: False, Only without manufacturer: True, Display registered: False)
================================================================
[?] mdnsnsp.dll
|_ Path: C:\Program Files\Bonjour\mdnsNSP.dll
|_ MD5: 0E3E56064E162EE9CC48698355098301
|_ Manufacturer: Apple Inc.
|_ Processes
|_ svchost.exe (1048)
|_ svchost.exe (1144)
|_ spoolsv.exe (1508)
|_ explorer.exe (1792)
|_ Skype.exe (288)
|_ NokiaOviSuite.exe (448)
|_ skypePM.exe (2556)
|_ fsdfwd.exe (3988)
|_ fsaua.exe (4052)
|_ fsorsp.exe (1412)
|_ firefox.exe (4540)
|_ UPM.exe (528)
|_ UPM.exe (4236)

[?] fpshx.eng
|_ Path: C:\Program Files\O2 PC Strazce\Common\fpshx.eng
|_ MD5: D16BD28A6D5360C1DA3C3897A4A7DA24
|_ Manufacturer: ?
|_ Processes
|_ explorer.exe (1792)

[?] ngscm.dll
|_ Path: C:\Program Files\Nokia\Nokia PC Suite 7\NGSCM.dll
|_ MD5: 83AB0FCCF90A395AE71B7EA931C90529
|_ Manufacturer: Nokia
|_ Processes
|_ explorer.exe (1792)

[?] cmdlineext.dll
|_ Path: C:\WINDOWS\system32\CmdLineExt.dll
|_ MD5: 6E401994CD0785E6205BD883A3382F9F
|_ Manufacturer: Sony DADC Austria AG.
|_ Processes
|_ explorer.exe (1792)

[X] pspads~1.dll
|_ Path: C:\PROGRA~1\PSPADE~1\PSPADS~1.DLL
|_ MD5: D1C0E231FEE7A7F026404055B241F56C
|_ Manufacturer:
|_ Processes
|_ explorer.exe (1792)

[?] phonebrowser.dll
|_ Path: C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
|_ MD5: F0CBAF724FF71D400FF45FBCEC4F3898
|_ Manufacturer: Nokia
|_ Processes
|_ explorer.exe (1792)

[?] mccicontexthook_6-1-0_dsr.dll
|_ Path: C:\Program Files\Common Files\Motive\McciContextHook_6-1-0_DSR.dll
|_ MD5: D8B25453BD74930000E5A7AF1AE139A4
|_ Manufacturer: Motive Communications, Inc.
|_ Processes
|_ explorer.exe (1792)
|_ RTHDCPL.exe (1912)
|_ McciTrayApp.exe (1988)
|_ FSM32.EXE (1996)
|_ iTunesHelper.exe (120)
|_ Quickcam.exe (152)
|_ NokiaMServer.exe (200)
|_ ctfmon.exe (216)
|_ Skype.exe (288)
|_ WFWIZ.exe (320)
|_ daemon.exe (340)
|_ NokiaOviSuite.exe (448)
|_ ClocX.exe (496)
|_ nokiaaserver.exe (712)
|_ COCIManager.exe (996)
|_ skypePM.exe (2556)
|_ fsguidll.exe (3724)
|_ firefox.exe (4540)
|_ UPM.exe (528)
|_ UPM.exe (4236)

[?] mccicontextdetectoremail_6-1-0_dsr.dll
|_ Path: C:\Program Files\Common Files\Motive\McciContextDetectorEmail_6-1-0_DSR.dll
|_ MD5: 408F0FEE14F7A93A9A5741D8BA5C83C1
|_ Manufacturer: Motive Communications, Inc.
|_ Processes
|_ McciTrayApp.exe (1988)

[?] mccicontextx.dll
|_ Path: C:\Program Files\Common Files\Motive\McciContextX.dll
|_ MD5: 7F600419A94A1F175FABE0F15275583B
|_ Manufacturer: Motive Communications, Inc.
|_ Processes
|_ McciTrayApp.exe (1988)

[?] mccicontextdetectorwin32_6-1-0_dsr.dll
|_ Path: C:\Program Files\Common Files\Motive\McciContextDetectorWin32_6-1-0_DSR.dll
|_ MD5: 6113EE7CB182422F21849B170CFBEB5B
|_ Manufacturer: Motive Communications, Inc.
|_ Processes
|_ McciTrayApp.exe (1988)

[?] ituneshelper.dll
|_ Path: C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll
|_ MD5: 980D1E904E059139F075711ECE5BDCB8
|_ Manufacturer: Apple Inc.
|_ Processes
|_ iTunesHelper.exe (120)

[?] itunesmobiledevice.dll
|_ Path: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll
|_ MD5: E59CC8213ABFE1B6C30CCC051A7CF058
|_ Manufacturer: Apple Inc.
|_ Processes
|_ iTunesHelper.exe (120)

[?] ituneshelperlocalized.dll
|_ Path: C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
|_ MD5: 2DE7BC987EC12C2E7DAF76466CDC296D
|_ Manufacturer: Apple Inc.
|_ Processes
|_ iTunesHelper.exe (120)

[?] quicktime.qts
|_ Path: C:\Program Files\QuickTime\QTSystem\QuickTime.qts
|_ MD5: 1F95F072D1384B6C0F9245318D35B6A5
|_ Manufacturer: Apple Inc.
|_ Processes
|_ iTunesHelper.exe (120)

[?] mdatastoreph.dll
|_ Path: C:\Program Files\Common Files\Nokia\MPlatform\MDatastorePH.dll
|_ MD5: AC1A3553C594C7083F67C9E2CCC807A7
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaMServer.exe (200)

[?] mitems.dll
|_ Path: C:\Program Files\Common Files\Nokia\MPlatform\MItems.dll
|_ MD5: 459866A0A34656FBD9706DEA43A183AB
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaMServer.exe (200)
|_ NokiaOviSuite.exe (448)

[?] mevent.dll
|_ Path: C:\Program Files\Common Files\Nokia\MPlatform\MEvent.dll
|_ MD5: 8E36F77939B0384B8EBF541A73F30BE2
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaMServer.exe (200)
|_ NokiaOviSuite.exe (448)

[?] mdatastore.dll
|_ Path: C:\Program Files\Common Files\Nokia\MPlatform\MDataStore.dll
|_ MD5: 3E484238F421F728B9C06FE13FE0C621
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaMServer.exe (200)
|_ NokiaOviSuite.exe (448)

[?] mitemplugins.dll
|_ Path: C:\Program Files\Common Files\Nokia\MPlatform\MItemPlugins.dll
|_ MD5: 398781980CF8CF84D4A37FF699E268A1
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaMServer.exe (200)
|_ NokiaOviSuite.exe (448)

[?] mthumbnailservice.dll
|_ Path: C:\Program Files\Common Files\Nokia\MPlatform\MThumbnailService.dll
|_ MD5: 85536EF43E23BDB4AEBA0ED3D55C443F
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaMServer.exe (200)
|_ NokiaOviSuite.exe (448)

[?] commonutilities.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\CommonUtilities.dll
|_ MD5: 9BA3A1C7171EB18743B04FDC5628E3EA
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] commonwidgets.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\CommonWidgets.dll
|_ MD5: 7EAB390C1918EE9C9D3A2005803BA49C
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] widgetlibrary.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\WidgetLibrary.dll
|_ MD5: 981B214360230E7CB4DDAAC5B1D7FD9B
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] ovicommonstyle.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Styles\OviCommonStyle.dll
|_ MD5: B4553F50011AE8CE0E67210E9BDA65FF
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] qgif4.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Imageformats\qgif4.dll
|_ MD5: FFDA6D87CC8731B0A532D481FC39C1A4
|_ Manufacturer:
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] trayicon.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\TrayIcon.dll
|_ MD5: 56C93811528176D0B941A9ADEFD8E740
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] commonwidgets_nokia.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Resource\CommonWidgets_Nokia.dll
|_ MD5: 510EF38933DCBAB7B50A1B92978158F9
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] applicationinstaller.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Plugins\ApplicationInstaller.dll
|_ MD5: 505DB1929E3581DA3C54CFD40E0DA3D6
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] backup.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Plugins\BackUp.dll
|_ MD5: CF5D7B402575AEA9CE0DFBA5D92249A9
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] carousel.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Plugins\Carousel.dll
|_ MD5: 7B80FF7DD0AC84C53293B3EE00DBB13D
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] connecttointernet.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Plugins\ConnectToInternet.dll
|_ MD5: EFE008F13366D5E0EDC61DD00A15A859
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] contacts.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Plugins\Contacts.dll
|_ MD5: F91D41992F801BDE9DE8C0992523E5C5
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] dashboard.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Plugins\Dashboard.dll
|_ MD5: 9E136CB9417A3BB86F77B5A69D82FC57
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] firsttimeuse.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Plugins\FirstTimeUse.dll
|_ MD5: CFE54670A30A88E3D51C83BCA9DD1C8C
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] maps.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Plugins\Maps.dll
|_ MD5: 3AF5AFC3B081D621CD59E3C107F124D0
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] messages.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Plugins\Messages.dll
|_ MD5: 94B57B08F301B02893DB1AD83F9B24B2
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] music.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Plugins\Music.dll
|_ MD5: 03507AE8C6561318ED09C62AA90EF41D
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] oviaccount.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Plugins\OviAccount.dll
|_ MD5: 6CE51237026AE0EFF6B3F81523903823
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] photos.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Plugins\Photos.dll
|_ MD5: 719C8610C46542C82B779115AD872381
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] pim.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Plugins\PIM.dll
|_ MD5: CB6901639773A84E8C835EB91489E26E
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] settings.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Plugins\Settings.dll
|_ MD5: 73B1483F853C5A4DF89E94E374C61AF1
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] softwareupdater.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Plugins\SoftwareUpdater.dll
|_ MD5: 57C87DB980C7ED7F780BB50D34900CE1
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] nslhandler.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\NslHandler.dll
|_ MD5: 85DB61C5B841E46669EFFB32D8777202
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] whatsnew.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Plugins\WhatsNew.dll
|_ MD5: 72AA0C607D4DF272C6E6AC74452F735D
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] iadservice.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\DAL\IADService.dll
|_ MD5: 2706FCDAB18382A0127F807802B9E80F
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] mapsservice.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\DAL\MapsService.dll
|_ MD5: 9C1AED5FCFDD8BA72A0D6DB6BF4654BC
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] maps service api.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Maps Service API.dll
|_ MD5: 2FE27AAF27AA153973D2DAB8E677AAF3
|_ Manufacturer: ?
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] curllibrd.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\curllibRD.dll
|_ MD5: E2D929FDB48CD530EFCB2B103E26A923
|_ Manufacturer:
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] ziparchive.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\ZipArchive.dll
|_ MD5: BD1C512C0817260FC09FC06191DEE263
|_ Manufacturer:
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] oviservice.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\DAL\OviService.dll
|_ MD5: 5085B6607D8DFEC71B1BB711CB8F0F9B
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] wrtserviceipcclient.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\wrtserviceipcclient.dll
|_ MD5: 91162449F8E5CBC0532B5C57FE0E75F8
|_ Manufacturer:
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] confserver.dll
|_ Path: C:\Program Files\PC Connectivity Solution\ConfServer.dll
|_ MD5: CF7D4E7093E3EBDA24BEB8369F8823DB
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] pccs.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\DAL\Pccs.dll
|_ MD5: 6454227A873003425949458E216804DA
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] connapi.dll
|_ Path: C:\Program Files\PC Connectivity Solution\ConnAPI.dll
|_ MD5: 1456118E5E7D0C22E8353684B65A3C57
|_ Manufacturer: Nokia.
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] pccs_abapi.dll
|_ Path: C:\Program Files\PC Connectivity Solution\PCCS_ABAPI.dll
|_ MD5: E7E98B1F8C0107E4B5BC0A83F39D64D5
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] service.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\DAL\Service.dll
|_ MD5: 8720954D3C937B42FEF98FB49ADE02A4
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] sync.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\DAL\Sync.dll
|_ MD5: 93A404392151FA935857C736632D112E
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] syncruntimeapi.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\syncRuntimeAPI.dll
|_ MD5: 353FDCED79C892D2EAA1E5FD47869243
|_ Manufacturer: Nokia Corporation.
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] ilsyncex.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\ilsyncEx.dll
|_ MD5: E78C11A394D6E99111437EEC6E752021
|_ Manufacturer: Nokia Corporation.
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] attendees.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Attendees.dll
|_ MD5: 586547299ADFC436C740B9E1678D0551
|_ Manufacturer: Nokia Corporation.
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] recipients.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\recipients.dll
|_ MD5: 4E7BB9AE78C786C4C1F34FA223686A37
|_ Manufacturer: Nokia Corporation.
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] ptattach.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\PtAttach.dll
|_ MD5: 76902548342D27829CA639861A13CBEF
|_ Manufacturer: Nokia Corporation.
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] iltif32.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\IlTif32.dll
|_ MD5: 871C1BEEB6B699FAB664F3F71904297E
|_ Manufacturer: Nokia Corporation.
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] carousel_nokia.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Resource\Carousel_Nokia.dll
|_ MD5: C02A8B9029ED86805EB5E246DA4E0F75
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] messages_nokia.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Resource\Messages_Nokia.dll
|_ MD5: 7F7E0C06BC88E2436D5A9ABA830F4F08
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] connecttointernet_nokia.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Resource\ConnectToInternet_Nokia.dll
|_ MD5: 8C7414E1B1C44CFD48979BC3AD01F1B7
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] music_nokia.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Resource\Music_Nokia.dll
|_ MD5: B60DCE87FE576897156C3E94E48BA7FF
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] softwareupdater_nokia.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Resource\SoftwareUpdater_Nokia.dll
|_ MD5: 46EC67FC9B3AA7DC589D41835E8226F2
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] contacts_nokia.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Resource\Contacts_Nokia.dll
|_ MD5: 46CAFD0CA011E849C55C5A2F4E5275EB
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] settings_nokia.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Resource\Settings_Nokia.dll
|_ MD5: 034DA68EF6E3446F75E3245080B4E88E
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] dashboard_nokia.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Resource\Dashboard_Nokia.dll
|_ MD5: 011ECAB198AC5AA2CEB541E82014264A
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] pim_nokia.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Resource\PIM_Nokia.dll
|_ MD5: 870BA6341EF034CFCF3C360779AE4FFD
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] oviaccount_nokia.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Resource\OviAccount_Nokia.dll
|_ MD5: F8111833F1758DBC61F62098171439E2
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] backup_nokia.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Resource\BackUp_Nokia.dll
|_ MD5: 5484B973DDEA2817E5A766EC2DDCDA31
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] photos_nokia.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Resource\Photos_Nokia.dll
|_ MD5: EC4D9F5FBD7F0F80063D62F8892F6175
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] maps_nokia.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Resource\Maps_Nokia.dll
|_ MD5: DDF7B7591439C533918C0C97BEBAF435
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] ssleay32.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\ssleay32.dll
|_ MD5: 9B153A865DE025E6901EA61D731EFF2B
|_ Manufacturer: The OpenSSL Project, http://www.openssl.org/
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] libeay32.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\libeay32.dll
|_ MD5: AF276D1E7F2FC84E5EF0198C537D70B8
|_ Manufacturer: The OpenSSL Project, http://www.openssl.org/
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] dal.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\DAL.dll
|_ MD5: 8311957EC35FA29692D54A2204DFE7F0
|_ Manufacturer: Nokia
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] qtxml4.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\QtXml4.dll
|_ MD5: BBBE0D752023FEE3837C5C0029CDE843
|_ Manufacturer:
|_ Processes
|_ NokiaOviSuite.exe (448)
|_ nokiaaserver.exe (712)

[?] qtnetwork4.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\QtNetwork4.dll
|_ MD5: 2668300A72912D6AD583D9E3CF59AF22
|_ Manufacturer:
|_ Processes
|_ NokiaOviSuite.exe (448)
|_ nokiaaserver.exe (712)

[?] qtgui4.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\QtGui4.dll
|_ MD5: FD0DF4D52299F025E1CCCB027058E3C4
|_ Manufacturer:
|_ Processes
|_ NokiaOviSuite.exe (448)
|_ nokiaaserver.exe (712)

[?] qtsvg4.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\QtSvg4.dll
|_ MD5: EF538AAB87E1F19CD1ABC67E7A2DD163
|_ Manufacturer:
|_ Processes
|_ NokiaOviSuite.exe (448)

[?] qtcore4.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\QtCore4.dll
|_ MD5: 4FF9E69CEAC617C6053AC9F8678E8576
|_ Manufacturer:
|_ Processes
|_ NokiaOviSuite.exe (448)
|_ nokiaaserver.exe (712)

[?] cryptodll.dll
|_ Path: C:\Program Files\Common Files\Nokia\NoA\cryptodll.dll
|_ MD5: E1F785FE49C33F8F4B08ED12FEB05229
|_ Manufacturer:
|_ Processes
|_ nokiaaserver.exe (712)

[?] wrtserviceipcserver.dll
|_ Path: C:\Program Files\Common Files\Nokia\NoA\wrtserviceipcserver.dll
|_ MD5: 7088FEF3B6A4BBCC83A6600460045190
|_ Manufacturer:
|_ Processes
|_ nokiaaserver.exe (712)

[?] qtsecurestorage.dll
|_ Path: C:\Program Files\Common Files\Nokia\NoA\qtsecurestorage.dll
|_ MD5: 3D8703C6AFD051AAF58611767E8D0F58
|_ Manufacturer:
|_ Processes
|_ nokiaaserver.exe (712)

[!] ezpmutils.dll
|_ Path: C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll
|_ MD5: 35876F2E9AB7981F1C6E45AF67BFC371
|_ Manufacturer: EasyBits Media AS
|_ Processes
|_ skypePM.exe (2556)

[?] ipodservice.dll
|_ Path: C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll
|_ MD5: E1CFEB57BB7135DC24D24CFE660E66DA
|_ Manufacturer: Apple Inc.
|_ Processes
|_ iPodService.exe (1748)

[?] ipodservicelocalized.dll
|_ Path: C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll
|_ MD5: C1D0038CE7906313E21A2AFCDC85B346
|_ Manufacturer: Apple Inc.
|_ Processes
|_ iPodService.exe (1748)

[?] nclft.dll
|_ Path: C:\Program Files\PC Connectivity Solution\NclFT.dll
|_ MD5: 229ACD420C48447286F201DF0E2029BE
|_ Manufacturer: Nokia
|_ Processes
|_ ServiceLayer.exe (2512)

[?] pccsupdater.dll
|_ Path: C:\Program Files\PC Connectivity Solution\PCCSUpdater.dll
|_ MD5: 96C99647301D987EF727ACD44E0FFBD4
|_ Manufacturer: ?
|_ Processes
|_ ServiceLayer.exe (2512)

[?] pccs_dbengine.dll
|_ Path: C:\Program Files\PC Connectivity Solution\PCCS_DBEngine.dll
|_ MD5: 27DD9CEA7B4C8EFAD06B55AED94AAAD7
|_ Manufacturer: Nokia
|_ Processes
|_ ServiceLayer.exe (2512)

[?] fsdfwres.eng
|_ Path: C:\Program Files\O2 PC Strazce\Common\fsdfwres.eng
|_ MD5: 307E59057A519DBB486565A8899836DD
|_ Manufacturer: F-Secure Corporation
|_ Processes
|_ fsdfwd.exe (3988)

[?] fsavhres.eng
|_ Path: C:\Program Files\O2 PC Strazce\Anti-Virus\fsavhres.eng
|_ MD5: B44C2B69DB6604F0BBB6C556B3F46306
|_ Manufacturer:
|_ Processes
|_ fsav32.exe (4688)

[?] nse_w32.dll
|_ Path: C:\Program Files\O2 PC Strazce\Pegasus\Nse_w32.dll
|_ MD5: 7D47F351F6CF2F71E7E1B42B515ECE8D
|_ Manufacturer: Norman ASA
|_ Processes
|_ fssm32.exe (5968)

[?] firefoxextension.dll
|_ Path: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
|_ MD5: 59E01823B24918C9DB70248420161B15
|_ Manufacturer: Nokia Corporation.
|_ Processes
|_ firefox.exe (4540)

[?] hpffaddon.dll
|_ Path: C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll
|_ MD5: 1CBF9F7FC0B9980D9C4D9E8C7742EAE5
|_ Manufacturer: ?
|_ Processes
|_ firefox.exe (4540)

[?] hpcommon.dll
|_ Path: C:\Program Files\Media Access Startup\1.5.0.850\HPCommon.dll
|_ MD5: 45798684C9DB047C2EEBA87886C7E284
|_ Manufacturer: ?
|_ Processes
|_ firefox.exe (4540)

[?] npffaddon.dll
|_ Path: C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll
|_ MD5: BD0BE9AECD6A325AE6F6F5439F96EFFF
|_ Manufacturer: ?
|_ Processes
|_ firefox.exe (4540)

[?] npcommon.dll
|_ Path: C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll
|_ MD5: 3B6DC6A839A9CB2DD76F1456DA325C0E
|_ Manufacturer: ?
|_ Processes
|_ firefox.exe (4540)

[?] softokn3.dll
|_ Path: C:\Program Files\mozilla firefox\softokn3.dll
|_ MD5: 89E6D66EC90B4E8E41B55248EB7C84CB
|_ Manufacturer: Mozilla Foundation
|_ Processes
|_ firefox.exe (4540)

[?] nssdbm3.dll
|_ Path: C:\Program Files\mozilla firefox\nssdbm3.dll
|_ MD5: 39DFD2C92728FCA093D5BDEFE5F6E801
|_ Manufacturer: Mozilla Foundation
|_ Processes
|_ firefox.exe (4540)

[?] freebl3.dll
|_ Path: C:\Program Files\mozilla firefox\freebl3.dll
|_ MD5: 1AAB00AE4FFB5C72A0A06A254F80510E
|_ Manufacturer: Mozilla Foundation
|_ Processes
|_ firefox.exe (4540)

================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ] - Not Registered =(

#2 Příspěvek od **Rudy** » 30 bře 2010 19:52

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

zajic01 · #3 Příspěvek od **zajic01** » 03 dub 2010 09:26

Dobrý den,
přikládám požadovaný log z ComboFix a budu netrpělivě očekávat další instrukce (za které předem děkuji).
Pavel Z.
--------------------
ComboFix 10-04-01.02 - user 03.04.2010 10:11:58.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1674 [GMT 2:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
AV: F-Secure Profi Antivirus 8.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Profi Antivirus 8.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.4.0.4340\adwpx.exe
c:\program files\Internet Saving Optimizer\3.4.0.4340\Data\config.md
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPIEaddon.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.dat
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.5.0.850\Data\config.md
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.5.0.850\FF\chrome.manifest
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.5.0.850\FF\install.rdf
c:\program files\Media Access Startup\1.5.0.850\HPCommon.dll
c:\program files\Media Access Startup\1.5.0.850\hppx.exe
c:\program files\Media Access Startup\1.5.0.850\MAHelper.exe
c:\program files\Media Access Startup\1.5.0.850\unins000.dat
c:\program files\Media Access Startup\1.5.0.850\unins000.exe
c:\windows\AppPatch\AcAdProc.dll
c:\windows\system32\Dvbpws.dll
c:\windows\system32\dxsetup.exe
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-03 do 2010-04-03 )))))))))))))))))))))))))))))))
.

2010-03-30 17:05 . 2010-03-30 17:05 -------- d-----w- c:\program files\Common Files\Java
2010-03-10 22:23 . 2010-03-10 22:23 -------- d-----w- c:\program files\MSXML 4.0
2010-03-07 18:56 . 2010-03-30 18:13 -------- d-----w- c:\program files\Ultimate Process Manager
2010-03-07 18:38 . 2010-03-30 18:01 -------- d-----w- c:\program files\CCleaner
2010-03-07 07:06 . 2010-03-07 07:06 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-07 07:05 . 2010-03-07 07:05 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-03-07 07:05 . 2010-03-07 07:05 -------- d-----w- c:\windows\system32\LogFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-03 08:18 . 2009-01-27 17:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-02 21:13 . 2009-01-31 09:54 -------- d-----w- c:\program files\O2 PC Strazce
2010-04-01 10:03 . 2008-04-14 12:00 50370 ----a-w- c:\windows\system32\perfc005.dat
2010-04-01 10:03 . 2008-04-14 12:00 319934 ----a-w- c:\windows\system32\perfh005.dat
2010-03-30 17:04 . 2009-04-19 20:06 -------- d-----w- c:\program files\Java
2010-03-11 12:36 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 02:28 . 2009-04-19 20:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-07 07:07 . 2009-11-23 12:34 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-07 07:06 . 2009-04-14 17:15 -------- d-----w- c:\program files\Nokia
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-13 17:39 . 2010-02-13 17:39 -------- d-----w- c:\program files\Codemasters
2010-02-12 20:20 . 2010-02-12 20:20 -------- d-----w- c:\program files\Cenega Czech
2010-02-12 20:19 . 2009-01-31 20:08 -------- d-----w- c:\program files\games
2010-02-12 15:56 . 2009-02-08 16:58 -------- d-----w- c:\program files\Google
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2008-06-20 2887680]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-05 385856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 16876032]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"F-Secure Manager"="c:\program files\O2 PC Strazce\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\O2 PC Strazce\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2008-06-20 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\user\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Thumbs.db [2009-2-8 6144]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [31.1.2009 12:28 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [31.1.2009 11:55 79872]
R0 pe3an4ab;Reprobates Environment Driver (pe3an4ab);c:\windows\system32\drivers\pe3an4ab.sys [22.11.2007 14:33 64632]
R0 ps7an4ab;Reprobates Synchronization Driver (ps7an4ab);c:\windows\system32\drivers\ps7an4ab.sys [22.11.2007 14:31 68736]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.2.2009 22:30 717296]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\O2 PC Strazce\HIPS\drivers\fshs.sys [31.1.2009 12:23 67808]
R3 3xHybrid;WinFast DTV1000 S;c:\windows\system32\drivers\3xHybrid.sys [12.2.2009 21:47 702336]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\O2 PC Strazce\Anti-Virus\minifilter\fsgk.sys [31.1.2009 11:54 111296]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\O2 PC Strazce\ORSP Client\fsorsp.exe [31.1.2009 12:23 55904]
S2 gupdate1c98a0f558d83d0;Google Update Service (gupdate1c98a0f558d83d0);c:\program files\Google\Update\GoogleUpdate.exe [8.2.2009 19:04 133104]
S2 pr2an4ab;Reprobates Drivers Auto Removal (pr2an4ab);c:\windows\system32\pr2an4ab.exe svc --> c:\windows\system32\pr2an4ab.exe svc [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\O2 PC Strazce\Anti-Virus\win2k\fsfilter.sys [31.1.2009 11:54 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\O2 PC Strazce\Anti-Virus\win2k\fsrec.sys [31.1.2009 11:54 25184]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-08 13:54]

2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 17:04]

2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 17:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\O2 PC Strazce\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\yp96ybyw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://ww ... z/ig?hl=cs
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-TO2SAM.Activation - d:\serviceactivationmanager\McciInitializer.exe
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\1.5.0.850\unins000.exe
AddRemove-{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1 - c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-03 10:16
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync04.sys atapi.sys spsv.sys >>UNKNOWN [0x89E02938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cf28
\Driver\ACPI -> ACPI.sys @ 0xba667cb8
\Driver\atapi -> sfsync04.sys @ 0xba629a7c
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.SYS @ 0xba4f1bb0
PacketIndicateHandler -> NDIS.SYS @ 0xba4fea21
SendHandler -> NDIS.SYS @ 0xba4dc87b
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(816)
c:\program files\O2 PC Strazce\FSPS\program\FSLSP.DLL

- - - - - - - > 'explorer.exe'(8248)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\O2 PC Strazce\Anti-Virus\fsgk32st.exe
c:\program files\O2 PC Strazce\Common\FSMA32.EXE
c:\program files\O2 PC Strazce\Anti-Virus\FSGK32.EXE
c:\program files\O2 PC Strazce\Common\FSMB32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\RTHDCPL.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\system32\nvsvc32.exe
c:\program files\O2 PC Strazce\Common\FCH32.EXE
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Nokia\NoA\nokiaaserver.exe
c:\program files\O2 PC Strazce\Common\FAMEH32.EXE
c:\program files\O2 PC Strazce\Anti-Virus\fsqh.exe
c:\program files\O2 PC Strazce\FSGUI\fsguidll.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\O2 PC Strazce\Anti-Virus\fssm32.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\O2 PC Strazce\FSAUA\program\fsaua.exe
c:\program files\O2 PC Strazce\FWES\Program\fsdfwd.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\O2 PC Strazce\FSAUA\program\fsus.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\O2 PC Strazce\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Celkový čas: 2010-04-03 10:21:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-03 08:20

Před spuštěním: Volných bajtů: 132 249 436 160
Po spuštění: Volných bajtů: 132 195 270 656

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 016191FA05DCF0ED448319611BEA8228

#4 Příspěvek od **Rudy** » 03 dub 2010 10:57

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\documents and settings\user\Nabídka Start\Programy\Po spuštění\Thumbs.db

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Po akci CF ještě pomocí http://www2.gmer.net/mbr/mbr.exe proveďte kontrolu MBR a dejte log.

zajic01 · #5 Příspěvek od **zajic01** » 03 dub 2010 22:03

Dobrý den,
doufám, že jsem pochopil správně všechny pokyny. Provedl jsem požadované a přikládám logy z MBR a potom nový log z ComboFixu. Generování logů bylo v opačném pořadí.
Děkuji!
Pavel Z.
............
log MBR:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
...........
nový log z ComboFix:
ComboFix 10-04-03.01 - user 03.04.2010 22:42:11.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1257 [GMT 2:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\user\Plocha\CFScript.txt
AV: F-Secure Profi Antivirus 8.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Profi Antivirus 8.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-03 do 2010-04-03 )))))))))))))))))))))))))))))))
.

2010-03-30 17:05 . 2010-03-30 17:05 -------- d-----w- c:\program files\Common Files\Java
2010-03-10 22:23 . 2010-03-10 22:23 -------- d-----w- c:\program files\MSXML 4.0
2010-03-07 18:56 . 2010-03-30 18:13 -------- d-----w- c:\program files\Ultimate Process Manager
2010-03-07 18:38 . 2010-03-30 18:01 -------- d-----w- c:\program files\CCleaner
2010-03-07 07:06 . 2010-03-07 07:06 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-07 07:05 . 2010-03-07 07:05 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-03-07 07:05 . 2010-03-07 07:05 -------- d-----w- c:\windows\system32\LogFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-03 16:35 . 2009-01-31 09:54 -------- d-----w- c:\program files\O2 PC Strazce
2010-04-03 08:18 . 2009-01-27 17:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-01 10:03 . 2008-04-14 12:00 50370 ----a-w- c:\windows\system32\perfc005.dat
2010-04-01 10:03 . 2008-04-14 12:00 319934 ----a-w- c:\windows\system32\perfh005.dat
2010-03-30 17:04 . 2009-04-19 20:06 -------- d-----w- c:\program files\Java
2010-03-11 12:36 . 2008-04-14 12:00 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:36 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:36 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 02:28 . 2009-04-19 20:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-07 07:07 . 2009-11-23 12:34 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-07 07:06 . 2009-04-14 17:15 -------- d-----w- c:\program files\Nokia
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-13 17:39 . 2010-02-13 17:39 -------- d-----w- c:\program files\Codemasters
2010-02-12 20:20 . 2010-02-12 20:20 -------- d-----w- c:\program files\Cenega Czech
2010-02-12 20:19 . 2009-01-31 20:08 -------- d-----w- c:\program files\games
2010-02-12 15:56 . 2009-02-08 16:58 -------- d-----w- c:\program files\Google
.

((((((((((((((((((((((((((((( SnapShot@2010-04-03_08.16.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-03 20:47 . 2010-04-03 20:47 16384 c:\windows\Temp\Perflib_Perfdata_764.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2008-06-20 2887680]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-05 385856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-03 16876032]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"F-Secure Manager"="c:\program files\O2 PC Strazce\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\O2 PC Strazce\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2008-06-20 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\user\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Thumbs.db [2009-2-8 6144]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [31.1.2009 12:28 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [31.1.2009 11:55 79872]
R0 pe3an4ab;Reprobates Environment Driver (pe3an4ab);c:\windows\system32\drivers\pe3an4ab.sys [22.11.2007 14:33 64632]
R0 ps7an4ab;Reprobates Synchronization Driver (ps7an4ab);c:\windows\system32\drivers\ps7an4ab.sys [22.11.2007 14:31 68736]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.2.2009 22:30 717296]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\O2 PC Strazce\HIPS\drivers\fshs.sys [31.1.2009 12:23 67808]
R3 3xHybrid;WinFast DTV1000 S;c:\windows\system32\drivers\3xHybrid.sys [12.2.2009 21:47 702336]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\O2 PC Strazce\Anti-Virus\minifilter\fsgk.sys [31.1.2009 11:54 111296]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\O2 PC Strazce\ORSP Client\fsorsp.exe [31.1.2009 12:23 55904]
S2 gupdate1c98a0f558d83d0;Google Update Service (gupdate1c98a0f558d83d0);c:\program files\Google\Update\GoogleUpdate.exe [8.2.2009 19:04 133104]
S2 pr2an4ab;Reprobates Drivers Auto Removal (pr2an4ab);c:\windows\system32\pr2an4ab.exe svc --> c:\windows\system32\pr2an4ab.exe svc [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\O2 PC Strazce\Anti-Virus\win2k\fsfilter.sys [31.1.2009 11:54 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\O2 PC Strazce\Anti-Virus\win2k\fsrec.sys [31.1.2009 11:54 25184]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-08 13:54]

2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 17:04]

2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 17:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\O2 PC Strazce\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\yp96ybyw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://ww ... z/ig?hl=cs
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-03 22:49
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync04.sys atapi.sys spcl.sys >>UNKNOWN [0x89E03938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cf28
\Driver\ACPI -> ACPI.sys @ 0xba667cb8
\Driver\atapi -> sfsync04.sys @ 0xba629a7c
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.SYS @ 0xba4f1bb0
PacketIndicateHandler -> NDIS.SYS @ 0xba4fea21
SendHandler -> NDIS.SYS @ 0xba4dc87b
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(816)
c:\program files\O2 PC Strazce\FSPS\program\FSLSP.DLL

- - - - - - - > 'explorer.exe'(4620)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\O2 PC Strazce\Anti-Virus\fsgk32st.exe
c:\program files\O2 PC Strazce\Common\FSMA32.EXE
c:\program files\O2 PC Strazce\Anti-Virus\FSGK32.EXE
c:\program files\O2 PC Strazce\Common\FSMB32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\O2 PC Strazce\Common\FCH32.EXE
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\O2 PC Strazce\Common\FAMEH32.EXE
c:\program files\O2 PC Strazce\Anti-Virus\fsqh.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\Nokia\NoA\nokiaaserver.exe
c:\program files\O2 PC Strazce\FSGUI\fsguidll.exe
c:\windows\system32\wscntfy.exe
c:\program files\O2 PC Strazce\Anti-Virus\fssm32.exe
c:\program files\O2 PC Strazce\FSAUA\program\fsaua.exe
c:\program files\O2 PC Strazce\FWES\Program\fsdfwd.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\O2 PC Strazce\FSAUA\program\fsus.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\O2 PC Strazce\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Celkový čas: 2010-04-03 22:53:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-03 20:53
ComboFix2.txt 2010-04-03 08:21

Před spuštěním: Volných bajtů: 132 216 147 968
Po spuštění: Volných bajtů: 132 184 006 656

- - End Of File - - E7655F3556248352CE9DF28BEA467CD1

#6 Příspěvek od **Rudy** » 03 dub 2010 22:24

Myslím, že log již vypadá čistý a MBR je také v pořádku. Nastala nějaká změna?

zajic01 · #7 Příspěvek od **zajic01** » 04 dub 2010 20:20

Paráda!!! Díky moc!!! Vypadá to, že je vše OK.
Podívám se na stránky "virů", abych zjistil jak se revanšovat (doufám, že lze Vám konkrétně)!
Ještě jednou díky, pěkný den.
Pavel Z.

#8 Příspěvek od **Rudy** » 04 dub 2010 20:50

Rádo se stalo!

VIRY.CZ

Firefox - vyskakují nová, nevyžádaná okna

Firefox - vyskakují nová, nevyžádaná okna

Re: Firefox - vyskakují nová, nevyžádaná okna

Re: Firefox - vyskakují nová, nevyžádaná okna

Re: Firefox - vyskakují nová, nevyžádaná okna

Re: Firefox - vyskakují nová, nevyžádaná okna

Re: Firefox - vyskakují nová, nevyžádaná okna

Re: Firefox - vyskakují nová, nevyžádaná okna

Re: Firefox - vyskakují nová, nevyžádaná okna