Dobry den.
Poprosil by som vas o kontrolu logu, Pocitac nie je spomaleny , ale vzdy ked spustim moozilu nabehne mi domovska stranka "www.groogle.info" a neda sa ziadnym sposobom zmenit. Pocitac som prebehol avastom a malwarebytes ale nic nenasli
Logfile of random's system information tool 1.07 (written by random/random)
Run by Streng at 2010-06-24 18:44:12
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 32 GB (14%) free of 238 GB
Total RAM: 2046 MB (74% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:44:27, on 24.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\iZ3D Driver\Win32\S3DCService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Streng\Desktop\RSIT.exe
C:\Program Files\trend micro\Streng.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.groogle.info
O1 - Hosts: 188.40.106.218 L2authd.Lineage2.com
O1 - Hosts: 188.40.139.3 testauthd.lineage2.com
O1 - Hosts: 216.107.250.194 update.nProtect.com
O1 - Hosts: 216.107.250.194 update.nProtect.net
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST" WISE_SETUP_EXE_PATH="c:\nvidia\displaydriver\191.07\winxp\english\PhysX_9.09.0814_SystemSoftware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: S3D Service (Win32) - iZ3D Inc. - C:\Program Files\iZ3D Driver\Win32\S3DCService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 6992 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-448539723-329068152-839522115-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-329068152-839522115-1003.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-06 329312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-06-13 16377344]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"UVS12 Preload"=C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe [2008-06-09 397456]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"nwiz"=nwiz.exe /installquiet []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-01-11 13666408]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-01-11 110696]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-03-06 202256]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"PlayNC Launcher"= []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"=MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI TRANSFORMS=C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST WISE_SETUP_EXE_PATH=c:\nvidia\displaydriver\191.07\winxp\english\PhysX_9.09.0814_SystemSoftware.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Documents and Settings\Streng\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Documents and Settings\Streng\Desktop\[psy] left 4 dead\hl2.exe"="C:\Documents and Settings\Streng\Desktop\[psy] left 4 dead\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Hry\Modern Warfare 2\iw4mp.exe"="C:\Hry\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp"
"C:\Hry\Left 4 Dead 1.0.1.5 garena\left4dead.exe"="C:\Hry\Left 4 Dead 1.0.1.5 garena\left4dead.exe:*:Enabled:left4dead"
"C:\Hry\NoPayPOKER\nopaypoker.exe"="C:\Hry\NoPayPOKER\nopaypoker.exe:*:Enabled:nopaypoker"
"C:\Hry\SecondLife\SLVoice.exe"="C:\Hry\SecondLife\SLVoice.exe:*:Enabled:SLVoice"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Hry\stronghold crusader\Stronghold Crusader.exe"="C:\Hry\stronghold crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"C:\Hry\RTW\RomeTW.exe"="C:\Hry\RTW\RomeTW.exe:*:Enabled:Rome: Total War"
"C:\Hry\Dirt 2\dirt2_game.exe"="C:\Hry\Dirt 2\dirt2_game.exe:*:Disabled:DiRT2 Executable"
"C:\Hry\Tropico 3\tropico3.exe"="C:\Hry\Tropico 3\tropico3.exe:*:Disabled:Tropico 3"
"C:\Hry\Red alert 2\game.exe"="C:\Hry\Red alert 2\game.exe:*:Enabled:Main executable for Red Alert 2"
"C:\Hry\Red alert 2\gamemd.exe"="C:\Hry\Red alert 2\gamemd.exe:*:Enabled:Main executable for Yuri's Revenge"
"C:\Hry\NHL09\nhl2009.exe"="C:\Hry\NHL09\nhl2009.exe:*:Enabled:nhl2009"
"C:\Hry\GTAIV\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Hry\GTAIV\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Hry\GTAIV\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Hry\GTAIV\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Hry\GTAIV\Grand Theft Auto IV\GTAIV.exe"="C:\Hry\GTAIV\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Hry\Warcraft III 1.24c\Warcraft III.exe"="C:\Hry\Warcraft III 1.24c\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Hry\Heroes of newerth\hon.exe"="C:\Hry\Heroes of newerth\hon.exe:*:Enabled:Heroes of Newerth"
"C:\Documents and Settings\Streng\Desktop\Left 4 Dead 2\left4dead2.exe"="C:\Documents and Settings\Streng\Desktop\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2"
"C:\Hry\Left 4 Dead 2\left4dead2.exe"="C:\Hry\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2"
"C:\Hry\Fuel\Binaries\FFOW.exe"="C:\Hry\Fuel\Binaries\FFOW.exe:*:Enabled:Frontlines Game"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Hry\LAGUE OF LEGEND\air\LolClient.exe"="C:\Hry\LAGUE OF LEGEND\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"C:\Hry\LAGUE OF LEGEND\game\League of Legends.exe"="C:\Hry\LAGUE OF LEGEND\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"C:\Hry\RA2\game.exe"="C:\Hry\RA2\game.exe:*:Enabled:Main executable for Red Alert 2"
"C:\Hry\RA2\gamemd.exe"="C:\Hry\RA2\gamemd.exe:*:Enabled:Main executable for Yuri's Revenge"
"C:\Hry\Savage 2\savage2.exe"="C:\Hry\Savage 2\savage2.exe:*:Enabled:savage2"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Hry\Lotr\Conquest.exe"="C:\Hry\Lotr\Conquest.exe:*:Enabled:Game"
"C:\Hry\Hon\hon.exe"="C:\Hry\Hon\hon.exe:*:Enabled:Heroes of Newerth"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Hry\LOL\air\LolClient.exe"="C:\Hry\LOL\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"C:\Hry\LOL\game\League of Legends.exe"="C:\Hry\LOL\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Documents and Settings\Streng\Desktop\Nový priečinok (2)\miranda32.exe"="C:\Documents and Settings\Streng\Desktop\Nový priečinok (2)\miranda32.exe:*:Enabled:Miranda IM"
"C:\Documents and Settings\Streng\Desktop\Nový priečinok (3)\miranda32.exe"="C:\Documents and Settings\Streng\Desktop\Nový priečinok (3)\miranda32.exe:*:Enabled:Miranda IM"
"C:\Documents and Settings\Streng\Desktop\Rune - Co-op\RUNE\SYSTEM\RUNE.EXE"="C:\Documents and Settings\Streng\Desktop\Rune - Co-op\RUNE\SYSTEM\RUNE.EXE:*:Enabled:RUNE"
"C:\Hry\Warcraft III\Warcraft III.exe"="C:\Hry\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Hry\Postal multi\System\Postal2MP.exe"="C:\Hry\Postal multi\System\Postal2MP.exe:*:Enabled:Postal2MP"
"C:\Program Files\Cyanide\GameCenter\GameCenter.exe"="C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter"
"C:\Hry\Loki\Loki.exe"="C:\Hry\Loki\Loki.exe:*:Enabled:Loki"
"C:\Hry\Loki\Autorun\AutoRun.exe"="C:\Hry\Loki\Autorun\AutoRun.exe:*:Enabled:Loki - AutoRun"
"C:\Hry\Rune - Co-op\RUNE\SYSTEM\RUNE.EXE"="C:\Hry\Rune - Co-op\RUNE\SYSTEM\RUNE.EXE:*:Enabled:RUNE"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Hry\Assasin creed II\AssassinsCreedIIGame.exe"="C:\Hry\Assasin creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II"
"C:\Hry\Assasin creed II\AssassinsCreedII.exe"="C:\Hry\Assasin creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update"
"C:\Hry\Assasin creed II\UPlayBrowser.exe"="C:\Hry\Assasin creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay"
"C:\Hry\civilization4\Civilization4.exe"="C:\Hry\civilization4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\Hry\civilization4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Hry\civilization4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"C:\Hry\civilization4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Hry\civilization4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04708065-7ab0-11df-9860-001a9f91cb75}]
shell\AutoRun\command - E:\Install_Nokia_Ovi_Suite.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04708068-7ab0-11df-9860-001a9f91cb75}]
shell\AutoRun\command - H:\test//////Facebook_profile_hacker.exe
shell\EXplore\command - H:\test////\\Facebook_profile_hacker.exe
shell\OPEN\command - H:\test////\\Facebook_profile_hacker.exe
======List of files/folders created in the last 1 months======
2010-06-24 09:55:37 ----D---- C:\Documents and Settings\Streng\Application Data\My Games
2010-06-23 10:37:52 ----D---- C:\Documents and Settings\Streng\Application Data\Ubisoft
2010-06-23 10:37:52 ----D---- C:\Documents and Settings\All Users\Application Data\Ubisoft
2010-06-23 10:34:33 ----D---- C:\Program Files\Ubisoft
2010-06-22 18:09:44 ----D---- C:\Program Files\Cyanide
2010-06-22 09:05:42 ----A---- C:\WINDOWS\unvise32.exe
2010-06-22 08:31:56 ----A---- C:\WINDOWS\IsUninst.exe
2010-06-21 16:37:45 ----D---- C:\Documents and Settings\Streng\Application Data\Facebook
2010-06-20 18:28:13 ----RSH---- C:\Documents and Settings\Streng\Application Data\ydze.exe
2010-06-19 17:38:10 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-06-19 14:17:55 ----D---- C:\Program Files\QIP Infium
2010-06-19 09:31:41 ----D---- C:\Program Files\ICQ7.2
2010-06-18 12:07:52 ----D---- C:\Documents and Settings\All Users\Application Data\Nokia
2010-06-18 11:56:07 ----D---- C:\Program Files\MSXML 6.0
2010-06-18 10:52:24 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2010-06-18 10:52:16 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2010-06-18 10:51:29 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite
2010-06-18 10:51:27 ----D---- C:\Documents and Settings\Streng\Application Data\PC Suite
2010-06-18 10:51:09 ----D---- C:\Documents and Settings\Streng\Application Data\Nokia
2010-06-18 10:47:05 ----D---- C:\Program Files\DIFX
2010-06-18 10:46:45 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2010-06-18 10:46:11 ----D---- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
2010-06-12 09:55:40 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-12 09:55:35 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-12 09:54:44 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-12 09:52:50 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-12 09:52:47 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-12 09:52:42 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-12 09:47:09 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2010-06-05 09:59:22 ----A---- C:\WINDOWS\system32\devil.dll
2010-06-05 09:59:22 ----A---- C:\WINDOWS\system32\avisynth.dll
2010-06-05 09:59:20 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2010-06-05 09:59:20 ----A---- C:\WINDOWS\system32\i420vfw.dll
2010-06-05 09:59:20 ----A---- C:\WINDOWS\system32\AVSredirect.dll
2010-06-05 09:59:19 ----D---- C:\Program Files\AviSynth 2.5
2010-06-05 09:55:40 ----RSH---- C:\WINDOWS\system32\nbDX.dll
2010-06-05 09:55:40 ----RSH---- C:\WINDOWS\system32\msfDX.dll
2010-06-05 09:55:39 ----RSH---- C:\WINDOWS\system32\flvDX.dll
2010-06-05 09:55:32 ----D---- C:\Program Files\eRightSoft
2010-05-26 23:18:22 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
======List of files/folders modified in the last 1 months======
2010-06-24 18:44:20 ----D---- C:\WINDOWS\Prefetch
2010-06-24 18:44:15 ----D---- C:\Program Files\trend micro
2010-06-24 18:40:31 ----D---- C:\WINDOWS\Temp
2010-06-24 18:40:27 ----SD---- C:\WINDOWS\Tasks
2010-06-24 18:39:08 ----D---- C:\WINDOWS
2010-06-24 18:38:16 ----D---- C:\WINDOWS\system32\drivers
2010-06-24 18:37:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-24 15:37:03 ----D---- C:\Program Files\CCleaner
2010-06-24 14:56:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-24 12:50:08 ----D---- C:\Documents and Settings\Streng\Application Data\Skype
2010-06-24 12:20:18 ----D---- C:\Program Files\Garena
2010-06-24 11:46:44 ----D---- C:\Documents and Settings\Streng\Application Data\skypePM
2010-06-24 10:48:35 ----D---- C:\WINDOWS\system32\DirectX
2010-06-24 10:48:34 ----HD---- C:\WINDOWS\inf
2010-06-24 10:48:29 ----RSD---- C:\WINDOWS\assembly
2010-06-24 10:34:30 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-24 10:17:17 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-24 10:17:00 ----SHD---- C:\WINDOWS\Installer
2010-06-24 09:55:17 ----D---- C:\Hry
2010-06-24 09:09:23 ----D---- C:\WINDOWS\system32
2010-06-24 09:08:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-24 09:08:23 ----D---- C:\WINDOWS\WinSxS
2010-06-23 14:18:24 ----D---- C:\Program Files\Mozilla Firefox
2010-06-23 10:34:33 ----RD---- C:\Program Files
2010-06-22 20:18:16 ----D---- C:\Documents and Settings\Streng\Application Data\uTorrent
2010-06-22 18:51:47 ----D---- C:\Documents and Settings\Streng\Application Data\Hamachi
2010-06-20 09:27:57 ----D---- C:\Documents and Settings\Streng\Application Data\ICQ
2010-06-19 17:41:57 ----D---- C:\Program Files\Alwil Software
2010-06-19 17:27:59 ----A---- C:\WINDOWS\NeroDigital.ini
2010-06-19 17:19:45 ----A---- C:\WINDOWS\DVDRegionFree.INI
2010-06-19 09:29:48 ----D---- C:\WINDOWS\Debug
2010-06-19 09:27:51 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-06-19 09:26:56 ----D---- C:\Program Files\Common Files
2010-06-18 10:53:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-18 10:53:03 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-06-12 09:55:34 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-05 09:59:17 ----RSD---- C:\WINDOWS\Fonts
2010-05-28 21:37:34 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers; \??\C:\Program Files\iZ3D Driver\Win32\S3DInjectionDriver.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
R2 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-14 4429312]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2002-12-31 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-01-12 10276768]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-05-04 19968]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 477696]
R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
S3 amrfw5vo;amrfw5vo; C:\WINDOWS\system32\drivers\amrfw5vo.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\Streng\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 DrvAgent32;DrvAgent32; \??\C:\WINDOWS\system32\Drivers\DrvAgent32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\Streng\LOCALS~1\Temp\QRH125.tmp []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-04-11 17480]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 npkcrypt;npkcrypt; \??\C:\Hry\Lineage II\100kaSystem\npkcrypt.sys []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-05-04 46720]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2002-12-31 322120]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-01-11 154216]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-03-22 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-03-22 107832]
R2 S3D Service (Win32);S3D Service (Win32); C:\Program Files\iZ3D Driver\Win32\S3DCService.exe [2009-11-04 360960]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2008-06-09 53392]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-12-25 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosim o kontrolu logu (vnutena domovska stranka)
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu (vnutena domovska stranka)
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu logu (vnutena domovska stranka)
ComboFix 10-06-23.05 - Streng 24.06.2010 19:17:08.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2046.1589 [GMT 2:00]
Running from: c:\documents and settings\Streng\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Streng\My Documents\cc_20100624_153759.reg
c:\windows\system32\AVSredirect.dll
.
((((((((((((((((((((((((( Files Created from 2010-05-24 to 2010-06-24 )))))))))))))))))))))))))))))))
.
2010-06-24 08:52 . 2010-06-24 08:52 -------- d-----w- c:\documents and settings\Streng\Local Settings\Application Data\My Games
2010-06-24 07:55 . 2010-06-24 07:55 -------- d-----w- c:\documents and settings\Streng\Application Data\My Games
2010-06-24 07:38 . 2010-06-24 07:38 -------- d-----w- c:\documents and settings\Streng\WINDOWS
2010-06-23 08:37 . 2010-06-23 08:37 -------- d-----w- c:\documents and settings\Streng\Application Data\Ubisoft
2010-06-23 08:37 . 2010-06-23 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft
2010-06-23 08:34 . 2010-06-23 08:34 -------- d-----w- c:\program files\Ubisoft
2010-06-22 16:09 . 2010-06-23 08:22 -------- d-----w- c:\program files\Cyanide
2010-06-22 07:05 . 1999-12-17 08:13 86016 ----a-w- c:\windows\unvise32.exe
2010-06-22 06:31 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-06-21 14:37 . 2010-06-21 14:37 50354 ----a-w- c:\documents and settings\Streng\Application Data\Facebook\uninstall.exe
2010-06-21 14:37 . 2010-06-21 14:37 -------- d-----w- c:\documents and settings\Streng\Application Data\Facebook
2010-06-19 15:38 . 2010-06-19 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-19 12:17 . 2010-06-19 15:25 -------- d-----w- c:\program files\QIP Infium
2010-06-19 07:32 . 2010-06-19 07:32 -------- d-----w- c:\documents and settings\Streng\Local Settings\Application Data\AOL
2010-06-19 07:31 . 2010-06-19 07:32 -------- d-----w- c:\program files\ICQ7.2
2010-06-18 10:07 . 2010-06-18 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2010-06-18 09:56 . 2010-06-18 09:56 -------- d-----w- c:\program files\MSXML 6.0
2010-06-18 08:53 . 2008-04-13 18:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-06-18 08:53 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-06-18 08:52 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-06-18 08:51 . 2010-06-18 09:00 -------- d-----w- c:\documents and settings\Streng\Local Settings\Application Data\Nokia
2010-06-18 08:51 . 2010-06-18 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-06-18 08:51 . 2010-06-18 09:00 -------- d-----w- c:\documents and settings\Streng\Application Data\PC Suite
2010-06-18 08:51 . 2010-06-18 08:51 -------- d-----w- c:\documents and settings\Streng\Local Settings\Application Data\NokiaAccount
2010-06-18 08:51 . 2010-06-18 08:53 -------- d-----w- c:\documents and settings\Streng\Application Data\Nokia
2010-06-18 08:47 . 2010-06-18 08:47 -------- d-----w- c:\program files\DIFX
2010-06-18 08:46 . 2008-02-01 14:17 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-06-18 08:46 . 2010-06-18 08:46 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-06-18 08:46 . 2010-06-18 08:46 13930312 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-06-18 08:46 . 2010-06-18 08:46 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-06-18 08:46 . 2010-06-18 08:46 61440 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-06-18 08:46 . 2010-06-18 08:46 58880 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-06-18 08:46 . 2010-06-18 08:46 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-06-18 08:46 . 2010-06-18 08:46 98366952 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_webinstaller_ALL.exe
2010-06-18 08:46 . 2010-06-18 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\OviInstallerCache
2010-06-18 08:04 . 2010-06-18 08:04 -------- d-----w- c:\documents and settings\Streng\Local Settings\Application Data\DOSBox
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Streng\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-05 07:59 . 2009-09-27 07:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2010-06-05 07:59 . 2004-02-22 08:11 719872 ----a-w- c:\windows\system32\devil.dll
2010-06-05 07:59 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-06-05 07:59 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-06-05 07:59 . 2010-06-05 07:59 -------- d-----w- c:\program files\AviSynth 2.5
2010-06-05 07:55 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-06-05 07:55 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2010-06-05 07:55 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-06-05 07:55 . 2010-06-05 07:55 -------- d-----w- c:\program files\eRightSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 16:44 . 2010-01-23 15:34 -------- d-----w- c:\program files\trend micro
2010-06-24 13:37 . 2009-10-23 07:37 -------- d-----w- c:\program files\CCleaner
2010-06-24 10:50 . 2009-10-23 07:26 -------- d-----w- c:\documents and settings\Streng\Application Data\Skype
2010-06-24 10:20 . 2009-11-14 12:53 -------- d-----w- c:\program files\Garena
2010-06-24 09:46 . 2009-10-23 07:30 -------- d-----w- c:\documents and settings\Streng\Application Data\skypePM
2010-06-24 08:17 . 2009-10-22 21:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-23 09:31 . 2009-11-29 18:21 826 ----a-w- c:\windows\eReg.dat
2010-06-22 18:18 . 2009-10-23 08:59 -------- d-----w- c:\documents and settings\Streng\Application Data\uTorrent
2010-06-22 16:51 . 2009-10-23 07:55 -------- d-----w- c:\documents and settings\Streng\Application Data\Hamachi
2010-06-20 07:27 . 2009-10-23 07:04 -------- d-----w- c:\documents and settings\Streng\Application Data\ICQ
2010-06-19 15:41 . 2009-10-22 21:51 -------- d-----w- c:\program files\Alwil Software
2010-06-18 08:52 . 2010-06-18 08:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-06-18 08:52 . 2010-06-18 08:52 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-05-24 09:53 . 2009-10-22 21:26 -------- d-----w- c:\program files\ZyDAS Technology Corporation
2010-05-22 10:13 . 2009-12-20 14:04 -------- d-----w- c:\documents and settings\Streng\Application Data\GetRightToGo
2010-05-19 16:35 . 2010-05-19 16:35 -------- d-----w- c:\documents and settings\Streng\Application Data\LolClient
2010-05-19 15:26 . 2010-05-19 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-05-19 15:21 . 2010-05-19 15:21 -------- d-----w- c:\program files\Pando Networks
2010-05-17 08:59 . 2010-01-24 10:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-14 17:12 . 2010-05-14 17:12 -------- d-----w- c:\program files\Ventrilo
2010-05-14 17:11 . 2009-10-22 21:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-06 20:59 . 2009-10-22 21:51 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2009-10-22 21:51 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2009-10-22 21:51 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2009-10-22 21:51 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2009-10-22 21:51 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2009-10-22 21:51 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2009-10-22 21:51 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2009-10-22 21:51 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2009-10-22 21:51 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-02 05:22 . 2002-12-31 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 13:39 . 2010-01-24 10:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-01-24 10:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2002-12-31 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2002-12-31 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2002-12-31 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-04-16 10:10 . 2009-10-22 21:49 82560 ----a-w- c:\documents and settings\Streng\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-11 10:06 . 2009-10-23 07:55 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-03-30 22:16 . 2010-03-30 22:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-30 22:10 . 2010-03-30 22:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06 . 2010-06-05 07:55 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-10-23 08:19 . 2009-10-23 08:19 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 . 2010-06-05 07:55 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2010-06-05 07:55 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"="MSIEXEC" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-06 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Streng\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2009-10-22 487424]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Hry\\Modern Warfare 2\\iw4mp.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Hry\\NHL09\\nhl2009.exe"=
"c:\\Hry\\GTAIV\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Hry\\GTAIV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Hry\\GTAIV\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Hry\\Left 4 Dead 2\\left4dead2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Hry\\LOL\\air\\LolClient.exe"=
"c:\\Hry\\LOL\\game\\League of Legends.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\Hry\\Postal multi\\System\\Postal2MP.exe"=
"c:\\Hry\\Rune - Co-op\\RUNE\\SYSTEM\\RUNE.EXE"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Hry\\Assasin creed II\\AssassinsCreedIIGame.exe"=
"c:\\Hry\\Assasin creed II\\AssassinsCreedII.exe"=
"c:\\Hry\\Assasin creed II\\UPlayBrowser.exe"=
"c:\\Hry\\civilization4\\Civilization4.exe"=
"c:\\Hry\\civilization4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Hry\\civilization4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8376:TCP"= 8376:TCP:League of Legends Launcher
"8376:UDP"= 8376:UDP:League of Legends Launcher
"56202:TCP"= 56202:TCP:Pando Media Booster
"56202:UDP"= 56202:UDP:Pando Media Booster
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22.10.2009 23:51 164048]
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files\iZ3D Driver\Win32\S3DInjectionDriver.sys [13.1.2010 15:07 34968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.10.2009 23:51 19024]
R2 S3D Service (Win32);S3D Service (Win32);c:\program files\iZ3D Driver\Win32\S3DCService.exe [13.1.2010 15:07 360960]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.10.2009 9:38 685816]
S3 cpuz130;cpuz130;\??\c:\docume~1\Streng\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Streng\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [10.1.2010 14:59 23456]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Streng\LOCALS~1\Temp\QRH125.tmp --> c:\docume~1\Streng\LOCALS~1\Temp\QRH125.tmp [?]
.
Contents of the 'Scheduled Tasks' folder
2010-06-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-448539723-329068152-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-06-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-329068152-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Supplementary Scan -------
.
uStart Page = www.groogle.info
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\ICQ7.2\ICQ.exe
FF - ProfilePath - c:\documents and settings\Streng\Application Data\Mozilla\Firefox\Profiles\7tg3z501.default\
FF - prefs.js: browser.startup.homepage - www.groogle.info
FF - prefs.js: keyword.URL - hxxp://www.groogle.info/
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Streng\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Real\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\Netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.startup.page - 1
FF - user.js: browser.startup.homepage - www.groogle.info
FF - user.js: startup.homepage_override_url - www.groogle.info
FF - user.js: startup.homepage_welcome_url - www.groogle.info
FF - user.js: keyword.URL - hxxp://www.groogle.info/
FF - user.js: browser.search.order.1 - Searchc:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-PlayNC Launcher - (no file)
HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-CTFMON - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-24 19:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Streng\LOCALS~1\Temp\QRH125.tmp"
.
Completion time: 2010-06-24 19:22:00
ComboFix-quarantined-files.txt 2010-06-24 17:21
Pre-Run: 33 805 717 504 bytes free
Post-Run: 12 adresárov, 33 849 077 760 voľných bajtov
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - C8FCF7E70D60114F839D96B719B1D9BA
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2046.1589 [GMT 2:00]
Running from: c:\documents and settings\Streng\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Streng\My Documents\cc_20100624_153759.reg
c:\windows\system32\AVSredirect.dll
.
((((((((((((((((((((((((( Files Created from 2010-05-24 to 2010-06-24 )))))))))))))))))))))))))))))))
.
2010-06-24 08:52 . 2010-06-24 08:52 -------- d-----w- c:\documents and settings\Streng\Local Settings\Application Data\My Games
2010-06-24 07:55 . 2010-06-24 07:55 -------- d-----w- c:\documents and settings\Streng\Application Data\My Games
2010-06-24 07:38 . 2010-06-24 07:38 -------- d-----w- c:\documents and settings\Streng\WINDOWS
2010-06-23 08:37 . 2010-06-23 08:37 -------- d-----w- c:\documents and settings\Streng\Application Data\Ubisoft
2010-06-23 08:37 . 2010-06-23 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft
2010-06-23 08:34 . 2010-06-23 08:34 -------- d-----w- c:\program files\Ubisoft
2010-06-22 16:09 . 2010-06-23 08:22 -------- d-----w- c:\program files\Cyanide
2010-06-22 07:05 . 1999-12-17 08:13 86016 ----a-w- c:\windows\unvise32.exe
2010-06-22 06:31 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-06-21 14:37 . 2010-06-21 14:37 50354 ----a-w- c:\documents and settings\Streng\Application Data\Facebook\uninstall.exe
2010-06-21 14:37 . 2010-06-21 14:37 -------- d-----w- c:\documents and settings\Streng\Application Data\Facebook
2010-06-19 15:38 . 2010-06-19 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-19 12:17 . 2010-06-19 15:25 -------- d-----w- c:\program files\QIP Infium
2010-06-19 07:32 . 2010-06-19 07:32 -------- d-----w- c:\documents and settings\Streng\Local Settings\Application Data\AOL
2010-06-19 07:31 . 2010-06-19 07:32 -------- d-----w- c:\program files\ICQ7.2
2010-06-18 10:07 . 2010-06-18 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2010-06-18 09:56 . 2010-06-18 09:56 -------- d-----w- c:\program files\MSXML 6.0
2010-06-18 08:53 . 2008-04-13 18:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-06-18 08:53 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-06-18 08:52 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-06-18 08:51 . 2010-06-18 09:00 -------- d-----w- c:\documents and settings\Streng\Local Settings\Application Data\Nokia
2010-06-18 08:51 . 2010-06-18 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-06-18 08:51 . 2010-06-18 09:00 -------- d-----w- c:\documents and settings\Streng\Application Data\PC Suite
2010-06-18 08:51 . 2010-06-18 08:51 -------- d-----w- c:\documents and settings\Streng\Local Settings\Application Data\NokiaAccount
2010-06-18 08:51 . 2010-06-18 08:53 -------- d-----w- c:\documents and settings\Streng\Application Data\Nokia
2010-06-18 08:47 . 2010-06-18 08:47 -------- d-----w- c:\program files\DIFX
2010-06-18 08:46 . 2008-02-01 14:17 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-06-18 08:46 . 2010-06-18 08:46 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-06-18 08:46 . 2010-06-18 08:46 13930312 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-06-18 08:46 . 2010-06-18 08:46 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-06-18 08:46 . 2010-06-18 08:46 61440 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-06-18 08:46 . 2010-06-18 08:46 58880 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-06-18 08:46 . 2010-06-18 08:46 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-06-18 08:46 . 2010-06-18 08:46 98366952 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_webinstaller_ALL.exe
2010-06-18 08:46 . 2010-06-18 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\OviInstallerCache
2010-06-18 08:04 . 2010-06-18 08:04 -------- d-----w- c:\documents and settings\Streng\Local Settings\Application Data\DOSBox
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Streng\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-05 07:59 . 2009-09-27 07:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2010-06-05 07:59 . 2004-02-22 08:11 719872 ----a-w- c:\windows\system32\devil.dll
2010-06-05 07:59 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-06-05 07:59 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-06-05 07:59 . 2010-06-05 07:59 -------- d-----w- c:\program files\AviSynth 2.5
2010-06-05 07:55 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-06-05 07:55 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2010-06-05 07:55 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-06-05 07:55 . 2010-06-05 07:55 -------- d-----w- c:\program files\eRightSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 16:44 . 2010-01-23 15:34 -------- d-----w- c:\program files\trend micro
2010-06-24 13:37 . 2009-10-23 07:37 -------- d-----w- c:\program files\CCleaner
2010-06-24 10:50 . 2009-10-23 07:26 -------- d-----w- c:\documents and settings\Streng\Application Data\Skype
2010-06-24 10:20 . 2009-11-14 12:53 -------- d-----w- c:\program files\Garena
2010-06-24 09:46 . 2009-10-23 07:30 -------- d-----w- c:\documents and settings\Streng\Application Data\skypePM
2010-06-24 08:17 . 2009-10-22 21:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-23 09:31 . 2009-11-29 18:21 826 ----a-w- c:\windows\eReg.dat
2010-06-22 18:18 . 2009-10-23 08:59 -------- d-----w- c:\documents and settings\Streng\Application Data\uTorrent
2010-06-22 16:51 . 2009-10-23 07:55 -------- d-----w- c:\documents and settings\Streng\Application Data\Hamachi
2010-06-20 07:27 . 2009-10-23 07:04 -------- d-----w- c:\documents and settings\Streng\Application Data\ICQ
2010-06-19 15:41 . 2009-10-22 21:51 -------- d-----w- c:\program files\Alwil Software
2010-06-18 08:52 . 2010-06-18 08:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-06-18 08:52 . 2010-06-18 08:52 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-05-24 09:53 . 2009-10-22 21:26 -------- d-----w- c:\program files\ZyDAS Technology Corporation
2010-05-22 10:13 . 2009-12-20 14:04 -------- d-----w- c:\documents and settings\Streng\Application Data\GetRightToGo
2010-05-19 16:35 . 2010-05-19 16:35 -------- d-----w- c:\documents and settings\Streng\Application Data\LolClient
2010-05-19 15:26 . 2010-05-19 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-05-19 15:21 . 2010-05-19 15:21 -------- d-----w- c:\program files\Pando Networks
2010-05-17 08:59 . 2010-01-24 10:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-14 17:12 . 2010-05-14 17:12 -------- d-----w- c:\program files\Ventrilo
2010-05-14 17:11 . 2009-10-22 21:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-06 20:59 . 2009-10-22 21:51 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2009-10-22 21:51 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2009-10-22 21:51 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2009-10-22 21:51 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2009-10-22 21:51 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2009-10-22 21:51 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2009-10-22 21:51 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2009-10-22 21:51 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2009-10-22 21:51 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-02 05:22 . 2002-12-31 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 13:39 . 2010-01-24 10:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-01-24 10:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2002-12-31 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2002-12-31 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2002-12-31 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-04-16 10:10 . 2009-10-22 21:49 82560 ----a-w- c:\documents and settings\Streng\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-11 10:06 . 2009-10-23 07:55 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-03-30 22:16 . 2010-03-30 22:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-30 22:10 . 2010-03-30 22:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06 . 2010-06-05 07:55 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-10-23 08:19 . 2009-10-23 08:19 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 . 2010-06-05 07:55 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2010-06-05 07:55 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"="MSIEXEC" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-06 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Streng\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2009-10-22 487424]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Hry\\Modern Warfare 2\\iw4mp.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Hry\\NHL09\\nhl2009.exe"=
"c:\\Hry\\GTAIV\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Hry\\GTAIV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Hry\\GTAIV\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Hry\\Left 4 Dead 2\\left4dead2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Hry\\LOL\\air\\LolClient.exe"=
"c:\\Hry\\LOL\\game\\League of Legends.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\Hry\\Postal multi\\System\\Postal2MP.exe"=
"c:\\Hry\\Rune - Co-op\\RUNE\\SYSTEM\\RUNE.EXE"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Hry\\Assasin creed II\\AssassinsCreedIIGame.exe"=
"c:\\Hry\\Assasin creed II\\AssassinsCreedII.exe"=
"c:\\Hry\\Assasin creed II\\UPlayBrowser.exe"=
"c:\\Hry\\civilization4\\Civilization4.exe"=
"c:\\Hry\\civilization4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Hry\\civilization4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8376:TCP"= 8376:TCP:League of Legends Launcher
"8376:UDP"= 8376:UDP:League of Legends Launcher
"56202:TCP"= 56202:TCP:Pando Media Booster
"56202:UDP"= 56202:UDP:Pando Media Booster
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22.10.2009 23:51 164048]
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files\iZ3D Driver\Win32\S3DInjectionDriver.sys [13.1.2010 15:07 34968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.10.2009 23:51 19024]
R2 S3D Service (Win32);S3D Service (Win32);c:\program files\iZ3D Driver\Win32\S3DCService.exe [13.1.2010 15:07 360960]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.10.2009 9:38 685816]
S3 cpuz130;cpuz130;\??\c:\docume~1\Streng\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Streng\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [10.1.2010 14:59 23456]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Streng\LOCALS~1\Temp\QRH125.tmp --> c:\docume~1\Streng\LOCALS~1\Temp\QRH125.tmp [?]
.
Contents of the 'Scheduled Tasks' folder
2010-06-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-448539723-329068152-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-06-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-329068152-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Supplementary Scan -------
.
uStart Page = www.groogle.info
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\ICQ7.2\ICQ.exe
FF - ProfilePath - c:\documents and settings\Streng\Application Data\Mozilla\Firefox\Profiles\7tg3z501.default\
FF - prefs.js: browser.startup.homepage - www.groogle.info
FF - prefs.js: keyword.URL - hxxp://www.groogle.info/
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Streng\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Real\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\Netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.startup.page - 1
FF - user.js: browser.startup.homepage - www.groogle.info
FF - user.js: startup.homepage_override_url - www.groogle.info
FF - user.js: startup.homepage_welcome_url - www.groogle.info
FF - user.js: keyword.URL - hxxp://www.groogle.info/
FF - user.js: browser.search.order.1 - Searchc:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-PlayNC Launcher - (no file)
HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-CTFMON - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-24 19:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Streng\LOCALS~1\Temp\QRH125.tmp"
.
Completion time: 2010-06-24 19:22:00
ComboFix-quarantined-files.txt 2010-06-24 17:21
Pre-Run: 33 805 717 504 bytes free
Post-Run: 12 adresárov, 33 849 077 760 voľných bajtov
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - C8FCF7E70D60114F839D96B719B1D9BA
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu (vnutena domovska stranka)
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04708068-7ab0-11df-9860-001a9f91cb75}]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu logu (vnutena domovska stranka)
ComboFix 10-06-23.05 - Streng 25.06.2010 0:26.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2046.1677 [GMT 2:00]
Running from: c:\documents and settings\Streng\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Streng\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Files Created from 2010-05-24 to 2010-06-24 )))))))))))))))))))))))))))))))
.
2010-06-24 08:52 . 2010-06-24 08:52 -------- d-----w- c:\documents and settings\Streng\Local Settings\Application Data\My Games
2010-06-24 07:55 . 2010-06-24 07:55 -------- d-----w- c:\documents and settings\Streng\Application Data\My Games
2010-06-24 07:38 . 2010-06-24 07:38 -------- d-----w- c:\documents and settings\Streng\WINDOWS
2010-06-23 08:37 . 2010-06-23 08:37 -------- d-----w- c:\documents and settings\Streng\Application Data\Ubisoft
2010-06-23 08:37 . 2010-06-23 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft
2010-06-23 08:34 . 2010-06-23 08:34 -------- d-----w- c:\program files\Ubisoft
2010-06-22 16:09 . 2010-06-23 08:22 -------- d-----w- c:\program files\Cyanide
2010-06-22 07:05 . 1999-12-17 08:13 86016 ----a-w- c:\windows\unvise32.exe
2010-06-22 06:31 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-06-21 14:37 . 2010-06-21 14:37 50354 ----a-w- c:\documents and settings\Streng\Application Data\Facebook\uninstall.exe
2010-06-21 14:37 . 2010-06-21 14:37 -------- d-----w- c:\documents and settings\Streng\Application Data\Facebook
2010-06-19 15:38 . 2010-06-19 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-19 12:17 . 2010-06-19 15:25 -------- d-----w- c:\program files\QIP Infium
2010-06-19 07:32 . 2010-06-19 07:32 -------- d-----w- c:\documents and settings\Streng\Local Settings\Application Data\AOL
2010-06-19 07:31 . 2010-06-19 07:32 -------- d-----w- c:\program files\ICQ7.2
2010-06-18 10:07 . 2010-06-18 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2010-06-18 09:56 . 2010-06-18 09:56 -------- d-----w- c:\program files\MSXML 6.0
2010-06-18 08:53 . 2008-04-13 18:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-06-18 08:53 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-06-18 08:52 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-06-18 08:51 . 2010-06-18 09:00 -------- d-----w- c:\documents and settings\Streng\Local Settings\Application Data\Nokia
2010-06-18 08:51 . 2010-06-18 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-06-18 08:51 . 2010-06-18 09:00 -------- d-----w- c:\documents and settings\Streng\Application Data\PC Suite
2010-06-18 08:51 . 2010-06-18 08:51 -------- d-----w- c:\documents and settings\Streng\Local Settings\Application Data\NokiaAccount
2010-06-18 08:51 . 2010-06-18 08:53 -------- d-----w- c:\documents and settings\Streng\Application Data\Nokia
2010-06-18 08:47 . 2010-06-18 08:47 -------- d-----w- c:\program files\DIFX
2010-06-18 08:46 . 2008-02-01 14:17 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-06-18 08:46 . 2010-06-18 08:46 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-06-18 08:46 . 2010-06-18 08:46 13930312 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-06-18 08:46 . 2010-06-18 08:46 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-06-18 08:46 . 2010-06-18 08:46 61440 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-06-18 08:46 . 2010-06-18 08:46 58880 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-06-18 08:46 . 2010-06-18 08:46 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-06-18 08:46 . 2010-06-18 08:46 98366952 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_webinstaller_ALL.exe
2010-06-18 08:46 . 2010-06-18 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\OviInstallerCache
2010-06-18 08:04 . 2010-06-18 08:04 -------- d-----w- c:\documents and settings\Streng\Local Settings\Application Data\DOSBox
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Streng\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-05 07:59 . 2009-09-27 07:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2010-06-05 07:59 . 2004-02-22 08:11 719872 ----a-w- c:\windows\system32\devil.dll
2010-06-05 07:59 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-06-05 07:59 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-06-05 07:59 . 2010-06-05 07:59 -------- d-----w- c:\program files\AviSynth 2.5
2010-06-05 07:55 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-06-05 07:55 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2010-06-05 07:55 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-06-05 07:55 . 2010-06-05 07:55 -------- d-----w- c:\program files\eRightSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 16:44 . 2010-01-23 15:34 -------- d-----w- c:\program files\trend micro
2010-06-24 13:37 . 2009-10-23 07:37 -------- d-----w- c:\program files\CCleaner
2010-06-24 10:50 . 2009-10-23 07:26 -------- d-----w- c:\documents and settings\Streng\Application Data\Skype
2010-06-24 10:20 . 2009-11-14 12:53 -------- d-----w- c:\program files\Garena
2010-06-24 09:46 . 2009-10-23 07:30 -------- d-----w- c:\documents and settings\Streng\Application Data\skypePM
2010-06-24 08:17 . 2009-10-22 21:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-23 09:31 . 2009-11-29 18:21 826 ----a-w- c:\windows\eReg.dat
2010-06-22 18:18 . 2009-10-23 08:59 -------- d-----w- c:\documents and settings\Streng\Application Data\uTorrent
2010-06-22 16:51 . 2009-10-23 07:55 -------- d-----w- c:\documents and settings\Streng\Application Data\Hamachi
2010-06-20 07:27 . 2009-10-23 07:04 -------- d-----w- c:\documents and settings\Streng\Application Data\ICQ
2010-06-19 15:41 . 2009-10-22 21:51 -------- d-----w- c:\program files\Alwil Software
2010-06-18 08:52 . 2010-06-18 08:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-06-18 08:52 . 2010-06-18 08:52 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-05-24 09:53 . 2009-10-22 21:26 -------- d-----w- c:\program files\ZyDAS Technology Corporation
2010-05-22 10:13 . 2009-12-20 14:04 -------- d-----w- c:\documents and settings\Streng\Application Data\GetRightToGo
2010-05-19 16:35 . 2010-05-19 16:35 -------- d-----w- c:\documents and settings\Streng\Application Data\LolClient
2010-05-19 15:26 . 2010-05-19 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-05-19 15:21 . 2010-05-19 15:21 -------- d-----w- c:\program files\Pando Networks
2010-05-17 08:59 . 2010-01-24 10:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-14 17:12 . 2010-05-14 17:12 -------- d-----w- c:\program files\Ventrilo
2010-05-14 17:11 . 2009-10-22 21:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-06 20:59 . 2009-10-22 21:51 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2009-10-22 21:51 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2009-10-22 21:51 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2009-10-22 21:51 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2009-10-22 21:51 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2009-10-22 21:51 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2009-10-22 21:51 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2009-10-22 21:51 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2009-10-22 21:51 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-02 05:22 . 2002-12-31 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 13:39 . 2010-01-24 10:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-01-24 10:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2002-12-31 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2002-12-31 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2002-12-31 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-04-16 10:10 . 2009-10-22 21:49 82560 ----a-w- c:\documents and settings\Streng\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-11 10:06 . 2009-10-23 07:55 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-03-30 22:16 . 2010-03-30 22:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-30 22:10 . 2010-03-30 22:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06 . 2010-06-05 07:55 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-10-23 08:19 . 2009-10-23 08:19 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 . 2010-06-05 07:55 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2010-06-05 07:55 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-06-24_17.20.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-24 22:25 . 2010-06-24 22:25 16384 c:\windows\Temp\Perflib_Perfdata_7bc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"="MSIEXEC" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-06 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Streng\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2009-10-22 487424]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Hry\\Modern Warfare 2\\iw4mp.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Hry\\NHL09\\nhl2009.exe"=
"c:\\Hry\\GTAIV\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Hry\\GTAIV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Hry\\GTAIV\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Hry\\Left 4 Dead 2\\left4dead2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Hry\\LOL\\air\\LolClient.exe"=
"c:\\Hry\\LOL\\game\\League of Legends.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\Hry\\Postal multi\\System\\Postal2MP.exe"=
"c:\\Hry\\Rune - Co-op\\RUNE\\SYSTEM\\RUNE.EXE"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Hry\\Assasin creed II\\AssassinsCreedIIGame.exe"=
"c:\\Hry\\Assasin creed II\\AssassinsCreedII.exe"=
"c:\\Hry\\Assasin creed II\\UPlayBrowser.exe"=
"c:\\Hry\\civilization4\\Civilization4.exe"=
"c:\\Hry\\civilization4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Hry\\civilization4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8376:TCP"= 8376:TCP:League of Legends Launcher
"8376:UDP"= 8376:UDP:League of Legends Launcher
"56202:TCP"= 56202:TCP:Pando Media Booster
"56202:UDP"= 56202:UDP:Pando Media Booster
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22.10.2009 23:51 164048]
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files\iZ3D Driver\Win32\S3DInjectionDriver.sys [13.1.2010 15:07 34968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.10.2009 23:51 19024]
R2 S3D Service (Win32);S3D Service (Win32);c:\program files\iZ3D Driver\Win32\S3DCService.exe [13.1.2010 15:07 360960]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.10.2009 9:38 685816]
S3 cpuz130;cpuz130;\??\c:\docume~1\Streng\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Streng\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [10.1.2010 14:59 23456]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Streng\LOCALS~1\Temp\QRH125.tmp --> c:\docume~1\Streng\LOCALS~1\Temp\QRH125.tmp [?]
.
Contents of the 'Scheduled Tasks' folder
2010-06-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-448539723-329068152-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-06-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-329068152-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Supplementary Scan -------
.
uStart Page = http://www.groogle.info
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\ICQ7.2\ICQ.exe
FF - ProfilePath - c:\documents and settings\Streng\Application Data\Mozilla\Firefox\Profiles\7tg3z501.default\
FF - prefs.js: browser.startup.homepage - http://www.groogle.info
FF - prefs.js: keyword.URL - hxxp://www.groogle.info/
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Streng\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Real\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\Netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.startup.page - 1
FF - user.js: browser.startup.homepage - http://www.groogle.info
FF - user.js: startup.homepage_override_url - http://www.groogle.info
FF - user.js: startup.homepage_welcome_url - http://www.groogle.info
FF - user.js: keyword.URL - hxxp://www.groogle.info/
FF - user.js: browser.search.order.1 - Searchc:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-25 00:33
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Streng\LOCALS~1\Temp\QRH125.tmp"
.
Completion time: 2010-06-25 00:34:19
ComboFix-quarantined-files.txt 2010-06-24 22:34
ComboFix2.txt 2010-06-24 17:22
Pre-Run: 33 855 115 264 bytes free
Post-Run: 12 adresárov, 33 842 757 632 voľných bajtov
- - End Of File - - 0C9CFC96FDDE7C632F6F9D73C356E54D
Problem stále zotrváva
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2046.1677 [GMT 2:00]
Running from: c:\documents and settings\Streng\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Streng\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Files Created from 2010-05-24 to 2010-06-24 )))))))))))))))))))))))))))))))
.
2010-06-24 08:52 . 2010-06-24 08:52 -------- d-----w- c:\documents and settings\Streng\Local Settings\Application Data\My Games
2010-06-24 07:55 . 2010-06-24 07:55 -------- d-----w- c:\documents and settings\Streng\Application Data\My Games
2010-06-24 07:38 . 2010-06-24 07:38 -------- d-----w- c:\documents and settings\Streng\WINDOWS
2010-06-23 08:37 . 2010-06-23 08:37 -------- d-----w- c:\documents and settings\Streng\Application Data\Ubisoft
2010-06-23 08:37 . 2010-06-23 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft
2010-06-23 08:34 . 2010-06-23 08:34 -------- d-----w- c:\program files\Ubisoft
2010-06-22 16:09 . 2010-06-23 08:22 -------- d-----w- c:\program files\Cyanide
2010-06-22 07:05 . 1999-12-17 08:13 86016 ----a-w- c:\windows\unvise32.exe
2010-06-22 06:31 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-06-21 14:37 . 2010-06-21 14:37 50354 ----a-w- c:\documents and settings\Streng\Application Data\Facebook\uninstall.exe
2010-06-21 14:37 . 2010-06-21 14:37 -------- d-----w- c:\documents and settings\Streng\Application Data\Facebook
2010-06-19 15:38 . 2010-06-19 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-19 12:17 . 2010-06-19 15:25 -------- d-----w- c:\program files\QIP Infium
2010-06-19 07:32 . 2010-06-19 07:32 -------- d-----w- c:\documents and settings\Streng\Local Settings\Application Data\AOL
2010-06-19 07:31 . 2010-06-19 07:32 -------- d-----w- c:\program files\ICQ7.2
2010-06-18 10:07 . 2010-06-18 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2010-06-18 09:56 . 2010-06-18 09:56 -------- d-----w- c:\program files\MSXML 6.0
2010-06-18 08:53 . 2008-04-13 18:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-06-18 08:53 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-06-18 08:52 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-06-18 08:51 . 2010-06-18 09:00 -------- d-----w- c:\documents and settings\Streng\Local Settings\Application Data\Nokia
2010-06-18 08:51 . 2010-06-18 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-06-18 08:51 . 2010-06-18 09:00 -------- d-----w- c:\documents and settings\Streng\Application Data\PC Suite
2010-06-18 08:51 . 2010-06-18 08:51 -------- d-----w- c:\documents and settings\Streng\Local Settings\Application Data\NokiaAccount
2010-06-18 08:51 . 2010-06-18 08:53 -------- d-----w- c:\documents and settings\Streng\Application Data\Nokia
2010-06-18 08:47 . 2010-06-18 08:47 -------- d-----w- c:\program files\DIFX
2010-06-18 08:46 . 2008-02-01 14:17 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-06-18 08:46 . 2010-06-18 08:46 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-06-18 08:46 . 2010-06-18 08:46 13930312 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-06-18 08:46 . 2010-06-18 08:46 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-06-18 08:46 . 2010-06-18 08:46 61440 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-06-18 08:46 . 2010-06-18 08:46 58880 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-06-18 08:46 . 2010-06-18 08:46 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-06-18 08:46 . 2010-06-18 08:46 98366952 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_webinstaller_ALL.exe
2010-06-18 08:46 . 2010-06-18 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\OviInstallerCache
2010-06-18 08:04 . 2010-06-18 08:04 -------- d-----w- c:\documents and settings\Streng\Local Settings\Application Data\DOSBox
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Streng\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-05 07:59 . 2009-09-27 07:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2010-06-05 07:59 . 2004-02-22 08:11 719872 ----a-w- c:\windows\system32\devil.dll
2010-06-05 07:59 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-06-05 07:59 . 2004-01-24 22:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-06-05 07:59 . 2010-06-05 07:59 -------- d-----w- c:\program files\AviSynth 2.5
2010-06-05 07:55 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-06-05 07:55 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2010-06-05 07:55 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-06-05 07:55 . 2010-06-05 07:55 -------- d-----w- c:\program files\eRightSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 16:44 . 2010-01-23 15:34 -------- d-----w- c:\program files\trend micro
2010-06-24 13:37 . 2009-10-23 07:37 -------- d-----w- c:\program files\CCleaner
2010-06-24 10:50 . 2009-10-23 07:26 -------- d-----w- c:\documents and settings\Streng\Application Data\Skype
2010-06-24 10:20 . 2009-11-14 12:53 -------- d-----w- c:\program files\Garena
2010-06-24 09:46 . 2009-10-23 07:30 -------- d-----w- c:\documents and settings\Streng\Application Data\skypePM
2010-06-24 08:17 . 2009-10-22 21:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-23 09:31 . 2009-11-29 18:21 826 ----a-w- c:\windows\eReg.dat
2010-06-22 18:18 . 2009-10-23 08:59 -------- d-----w- c:\documents and settings\Streng\Application Data\uTorrent
2010-06-22 16:51 . 2009-10-23 07:55 -------- d-----w- c:\documents and settings\Streng\Application Data\Hamachi
2010-06-20 07:27 . 2009-10-23 07:04 -------- d-----w- c:\documents and settings\Streng\Application Data\ICQ
2010-06-19 15:41 . 2009-10-22 21:51 -------- d-----w- c:\program files\Alwil Software
2010-06-18 08:52 . 2010-06-18 08:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-06-18 08:52 . 2010-06-18 08:52 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-05-24 09:53 . 2009-10-22 21:26 -------- d-----w- c:\program files\ZyDAS Technology Corporation
2010-05-22 10:13 . 2009-12-20 14:04 -------- d-----w- c:\documents and settings\Streng\Application Data\GetRightToGo
2010-05-19 16:35 . 2010-05-19 16:35 -------- d-----w- c:\documents and settings\Streng\Application Data\LolClient
2010-05-19 15:26 . 2010-05-19 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-05-19 15:21 . 2010-05-19 15:21 -------- d-----w- c:\program files\Pando Networks
2010-05-17 08:59 . 2010-01-24 10:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-14 17:12 . 2010-05-14 17:12 -------- d-----w- c:\program files\Ventrilo
2010-05-14 17:11 . 2009-10-22 21:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-06 20:59 . 2009-10-22 21:51 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2009-10-22 21:51 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2009-10-22 21:51 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2009-10-22 21:51 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2009-10-22 21:51 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2009-10-22 21:51 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2009-10-22 21:51 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2009-10-22 21:51 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2009-10-22 21:51 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-02 05:22 . 2002-12-31 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 13:39 . 2010-01-24 10:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-01-24 10:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2002-12-31 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2002-12-31 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2002-12-31 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-04-16 10:10 . 2009-10-22 21:49 82560 ----a-w- c:\documents and settings\Streng\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-11 10:06 . 2009-10-23 07:55 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-03-30 22:16 . 2010-03-30 22:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-30 22:10 . 2010-03-30 22:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06 . 2010-06-05 07:55 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-10-23 08:19 . 2009-10-23 08:19 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 . 2010-06-05 07:55 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2010-06-05 07:55 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-06-24_17.20.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-24 22:25 . 2010-06-24 22:25 16384 c:\windows\Temp\Perflib_Perfdata_7bc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"="MSIEXEC" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-06 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Streng\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2009-10-22 487424]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Hry\\Modern Warfare 2\\iw4mp.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Hry\\NHL09\\nhl2009.exe"=
"c:\\Hry\\GTAIV\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Hry\\GTAIV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Hry\\GTAIV\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Hry\\Left 4 Dead 2\\left4dead2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Hry\\LOL\\air\\LolClient.exe"=
"c:\\Hry\\LOL\\game\\League of Legends.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\Hry\\Postal multi\\System\\Postal2MP.exe"=
"c:\\Hry\\Rune - Co-op\\RUNE\\SYSTEM\\RUNE.EXE"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Hry\\Assasin creed II\\AssassinsCreedIIGame.exe"=
"c:\\Hry\\Assasin creed II\\AssassinsCreedII.exe"=
"c:\\Hry\\Assasin creed II\\UPlayBrowser.exe"=
"c:\\Hry\\civilization4\\Civilization4.exe"=
"c:\\Hry\\civilization4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Hry\\civilization4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8376:TCP"= 8376:TCP:League of Legends Launcher
"8376:UDP"= 8376:UDP:League of Legends Launcher
"56202:TCP"= 56202:TCP:Pando Media Booster
"56202:UDP"= 56202:UDP:Pando Media Booster
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22.10.2009 23:51 164048]
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files\iZ3D Driver\Win32\S3DInjectionDriver.sys [13.1.2010 15:07 34968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.10.2009 23:51 19024]
R2 S3D Service (Win32);S3D Service (Win32);c:\program files\iZ3D Driver\Win32\S3DCService.exe [13.1.2010 15:07 360960]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.10.2009 9:38 685816]
S3 cpuz130;cpuz130;\??\c:\docume~1\Streng\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Streng\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [10.1.2010 14:59 23456]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Streng\LOCALS~1\Temp\QRH125.tmp --> c:\docume~1\Streng\LOCALS~1\Temp\QRH125.tmp [?]
.
Contents of the 'Scheduled Tasks' folder
2010-06-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-448539723-329068152-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-06-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-329068152-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Supplementary Scan -------
.
uStart Page = http://www.groogle.info
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\ICQ7.2\ICQ.exe
FF - ProfilePath - c:\documents and settings\Streng\Application Data\Mozilla\Firefox\Profiles\7tg3z501.default\
FF - prefs.js: browser.startup.homepage - http://www.groogle.info
FF - prefs.js: keyword.URL - hxxp://www.groogle.info/
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Streng\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Real\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\Netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.startup.page - 1
FF - user.js: browser.startup.homepage - http://www.groogle.info
FF - user.js: startup.homepage_override_url - http://www.groogle.info
FF - user.js: startup.homepage_welcome_url - http://www.groogle.info
FF - user.js: keyword.URL - hxxp://www.groogle.info/
FF - user.js: browser.search.order.1 - Searchc:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-25 00:33
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Streng\LOCALS~1\Temp\QRH125.tmp"
.
Completion time: 2010-06-25 00:34:19
ComboFix-quarantined-files.txt 2010-06-24 22:34
ComboFix2.txt 2010-06-24 17:22
Pre-Run: 33 855 115 264 bytes free
Post-Run: 12 adresárov, 33 842 757 632 voľných bajtov
- - End Of File - - 0C9CFC96FDDE7C632F6F9D73C356E54D
Problem stále zotrváva
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu (vnutena domovska stranka)
Log již vypadá čistý. Smažte cache prohlížeče a zkuste, zda půjde domovská stránka změnit. Myslím si, že se vám tohle stalo s instalací nějakého softu (hry), nebo nějakým připojením.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu logu (vnutena domovska stranka)
Cache zmazane historia zmazana , dokonca som pouzil aj Ccleaner , nic nepomaha , vzdy ked zmenim stranku po vypati a zapati firefoxu tam nabehne ta stranka groogle.info ... dokonca aj v logu je vidiet ako domovska stranka + je tam v tom logu este nieco s tou strankou comu nerozumiem
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu (vnutena domovska stranka)
Spusťte HJT pomocí C:\Program Files\trend micro\Streng.exe. V programu HijackThis fixněte:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.groogle.info
O1 - Hosts: 216.107.250.194 update.nProtect.com
O1 - Hosts: 216.107.250.194 update.nProtect.net
Restartujte PC a dejte nový log.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.groogle.info
O1 - Hosts: 216.107.250.194 update.nProtect.com
O1 - Hosts: 216.107.250.194 update.nProtect.net
Restartujte PC a dejte nový log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu logu (vnutena domovska stranka)
Logfile of random's system information tool 1.07 (written by random/random)
Run by Streng at 2010-06-26 09:15:53
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 32 GB (13%) free of 238 GB
Total RAM: 2046 MB (79% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:15:58, on 26.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\iZ3D Driver\Win32\S3DCService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Documents and Settings\Streng\Desktop\RSIT.exe
C:\Program Files\trend micro\Streng.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST" WISE_SETUP_EXE_PATH="c:\nvidia\displaydriver\191.07\winxp\english\PhysX_9.09.0814_SystemSoftware.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: S3D Service (Win32) - iZ3D Inc. - C:\Program Files\iZ3D Driver\Win32\S3DCService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 6607 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-448539723-329068152-839522115-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-329068152-839522115-1003.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-06 329312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-06-13 16377344]
"UVS12 Preload"=C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe [2008-06-09 397456]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-01-11 13666408]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-01-11 110696]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-03-06 202256]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"=MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI TRANSFORMS=C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST WISE_SETUP_EXE_PATH=c:\nvidia\displaydriver\191.07\winxp\english\PhysX_9.09.0814_SystemSoftware.exe []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Documents and Settings\Streng\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Hry\Modern Warfare 2\iw4mp.exe"="C:\Hry\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Hry\NHL09\nhl2009.exe"="C:\Hry\NHL09\nhl2009.exe:*:Enabled:nhl2009"
"C:\Hry\GTAIV\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Hry\GTAIV\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Hry\GTAIV\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Hry\GTAIV\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Hry\GTAIV\Grand Theft Auto IV\GTAIV.exe"="C:\Hry\GTAIV\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Hry\Left 4 Dead 2\left4dead2.exe"="C:\Hry\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Hry\LOL\air\LolClient.exe"="C:\Hry\LOL\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"C:\Hry\LOL\game\League of Legends.exe"="C:\Hry\LOL\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Hry\Warcraft III\Warcraft III.exe"="C:\Hry\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Hry\Postal multi\System\Postal2MP.exe"="C:\Hry\Postal multi\System\Postal2MP.exe:*:Enabled:Postal2MP"
"C:\Hry\Rune - Co-op\RUNE\SYSTEM\RUNE.EXE"="C:\Hry\Rune - Co-op\RUNE\SYSTEM\RUNE.EXE:*:Enabled:RUNE"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Hry\Assasin creed II\AssassinsCreedIIGame.exe"="C:\Hry\Assasin creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II"
"C:\Hry\Assasin creed II\AssassinsCreedII.exe"="C:\Hry\Assasin creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update"
"C:\Hry\Assasin creed II\UPlayBrowser.exe"="C:\Hry\Assasin creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay"
"C:\Hry\civilization4\Civilization4.exe"="C:\Hry\civilization4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\Hry\civilization4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Hry\civilization4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"C:\Hry\civilization4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Hry\civilization4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
======List of files/folders created in the last 1 months======
2010-06-25 00:34:19 ----A---- C:\ComboFix.txt
2010-06-24 19:08:09 ----A---- C:\Boot.bak
2010-06-24 19:08:00 ----RASHD---- C:\cmdcons
2010-06-24 19:02:01 ----A---- C:\WINDOWS\zip.exe
2010-06-24 19:02:01 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-06-24 19:02:01 ----A---- C:\WINDOWS\SWSC.exe
2010-06-24 19:02:01 ----A---- C:\WINDOWS\SWREG.exe
2010-06-24 19:02:01 ----A---- C:\WINDOWS\sed.exe
2010-06-24 19:02:01 ----A---- C:\WINDOWS\PEV.exe
2010-06-24 19:02:01 ----A---- C:\WINDOWS\NIRCMD.exe
2010-06-24 19:02:01 ----A---- C:\WINDOWS\MBR.exe
2010-06-24 19:02:01 ----A---- C:\WINDOWS\grep.exe
2010-06-24 19:01:52 ----D---- C:\WINDOWS\ERDNT
2010-06-24 19:00:30 ----D---- C:\Qoobox
2010-06-24 09:55:37 ----D---- C:\Documents and Settings\Streng\Application Data\My Games
2010-06-23 10:37:52 ----D---- C:\Documents and Settings\Streng\Application Data\Ubisoft
2010-06-23 10:37:52 ----D---- C:\Documents and Settings\All Users\Application Data\Ubisoft
2010-06-23 10:34:33 ----D---- C:\Program Files\Ubisoft
2010-06-22 18:09:44 ----D---- C:\Program Files\Cyanide
2010-06-22 09:05:42 ----A---- C:\WINDOWS\unvise32.exe
2010-06-22 08:31:56 ----A---- C:\WINDOWS\IsUninst.exe
2010-06-21 16:37:45 ----D---- C:\Documents and Settings\Streng\Application Data\Facebook
2010-06-19 17:38:10 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-06-19 14:17:55 ----D---- C:\Program Files\QIP Infium
2010-06-19 09:31:41 ----D---- C:\Program Files\ICQ7.2
2010-06-18 12:07:52 ----D---- C:\Documents and Settings\All Users\Application Data\Nokia
2010-06-18 11:56:07 ----D---- C:\Program Files\MSXML 6.0
2010-06-18 10:52:24 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2010-06-18 10:52:16 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2010-06-18 10:51:29 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite
2010-06-18 10:51:27 ----D---- C:\Documents and Settings\Streng\Application Data\PC Suite
2010-06-18 10:51:09 ----D---- C:\Documents and Settings\Streng\Application Data\Nokia
2010-06-18 10:47:05 ----D---- C:\Program Files\DIFX
2010-06-18 10:46:45 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2010-06-18 10:46:11 ----D---- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
2010-06-12 09:55:40 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-12 09:55:35 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-12 09:54:44 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-12 09:52:50 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-12 09:52:47 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-12 09:52:42 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-12 09:47:09 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2010-06-05 09:59:22 ----A---- C:\WINDOWS\system32\devil.dll
2010-06-05 09:59:22 ----A---- C:\WINDOWS\system32\avisynth.dll
2010-06-05 09:59:20 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2010-06-05 09:59:20 ----A---- C:\WINDOWS\system32\i420vfw.dll
2010-06-05 09:59:19 ----D---- C:\Program Files\AviSynth 2.5
2010-06-05 09:55:40 ----RSH---- C:\WINDOWS\system32\nbDX.dll
2010-06-05 09:55:40 ----RSH---- C:\WINDOWS\system32\msfDX.dll
2010-06-05 09:55:39 ----RSH---- C:\WINDOWS\system32\flvDX.dll
2010-06-05 09:55:32 ----D---- C:\Program Files\eRightSoft
======List of files/folders modified in the last 1 months======
2010-06-26 09:15:54 ----D---- C:\Program Files\trend micro
2010-06-26 09:15:33 ----SD---- C:\WINDOWS\Tasks
2010-06-26 09:14:15 ----D---- C:\WINDOWS\Temp
2010-06-26 09:09:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-25 17:41:48 ----D---- C:\Documents and Settings\Streng\Application Data\uTorrent
2010-06-25 17:41:17 ----D---- C:\WINDOWS\Prefetch
2010-06-25 17:41:06 ----A---- C:\WINDOWS\DVDRegionFree.INI
2010-06-25 17:20:58 ----A---- C:\WINDOWS\NeroDigital.ini
2010-06-25 00:37:49 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-25 00:33:11 ----D---- C:\WINDOWS
2010-06-25 00:33:11 ----A---- C:\WINDOWS\system.ini
2010-06-25 00:31:32 ----D---- C:\WINDOWS\system32\drivers
2010-06-25 00:31:32 ----D---- C:\WINDOWS\system32
2010-06-25 00:31:32 ----D---- C:\WINDOWS\AppPatch
2010-06-25 00:31:29 ----D---- C:\Program Files\Common Files
2010-06-24 19:08:09 ----RASH---- C:\boot.ini
2010-06-24 18:38:16 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-06-24 15:37:03 ----D---- C:\Program Files\CCleaner
2010-06-24 12:50:08 ----D---- C:\Documents and Settings\Streng\Application Data\Skype
2010-06-24 12:20:18 ----D---- C:\Program Files\Garena
2010-06-24 11:46:44 ----D---- C:\Documents and Settings\Streng\Application Data\skypePM
2010-06-24 10:48:35 ----D---- C:\WINDOWS\system32\DirectX
2010-06-24 10:48:34 ----HD---- C:\WINDOWS\inf
2010-06-24 10:48:29 ----RSD---- C:\WINDOWS\assembly
2010-06-24 10:34:30 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-24 10:17:17 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-24 10:17:00 ----SHD---- C:\WINDOWS\Installer
2010-06-24 09:55:17 ----D---- C:\Hry
2010-06-24 09:08:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-24 09:08:23 ----D---- C:\WINDOWS\WinSxS
2010-06-23 14:18:24 ----D---- C:\Program Files\Mozilla Firefox
2010-06-23 10:34:33 ----RD---- C:\Program Files
2010-06-22 18:51:47 ----D---- C:\Documents and Settings\Streng\Application Data\Hamachi
2010-06-20 09:27:57 ----D---- C:\Documents and Settings\Streng\Application Data\ICQ
2010-06-19 17:41:57 ----D---- C:\Program Files\Alwil Software
2010-06-19 09:29:48 ----D---- C:\WINDOWS\Debug
2010-06-19 09:27:51 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-06-18 10:53:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-18 10:53:03 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-06-12 09:55:34 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-05 09:59:17 ----RSD---- C:\WINDOWS\Fonts
2010-05-28 21:37:34 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers; \??\C:\Program Files\iZ3D Driver\Win32\S3DInjectionDriver.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
R2 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-14 4429312]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2002-12-31 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-01-12 10276768]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-05-04 19968]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 477696]
R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
S3 aekkxzdg;aekkxzdg; C:\WINDOWS\system32\drivers\aekkxzdg.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\Streng\LOCALS~1\Temp\catchme.sys []
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\Streng\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 DrvAgent32;DrvAgent32; \??\C:\WINDOWS\system32\Drivers\DrvAgent32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\Streng\LOCALS~1\Temp\QRH125.tmp []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-04-11 17480]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 npkcrypt;npkcrypt; \??\C:\Hry\Lineage II\100kaSystem\npkcrypt.sys []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-05-04 46720]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2002-12-31 322120]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-01-11 154216]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-03-22 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-03-22 107832]
R2 S3D Service (Win32);S3D Service (Win32); C:\Program Files\iZ3D Driver\Win32\S3DCService.exe [2009-11-04 360960]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2008-06-09 53392]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-12-25 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Fixol som len nasledujuce R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.groogle.info
Tie ostatne neboli v ponuke , Problem stale zotrvava
Run by Streng at 2010-06-26 09:15:53
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 32 GB (13%) free of 238 GB
Total RAM: 2046 MB (79% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:15:58, on 26.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\iZ3D Driver\Win32\S3DCService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Documents and Settings\Streng\Desktop\RSIT.exe
C:\Program Files\trend micro\Streng.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST" WISE_SETUP_EXE_PATH="c:\nvidia\displaydriver\191.07\winxp\english\PhysX_9.09.0814_SystemSoftware.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: S3D Service (Win32) - iZ3D Inc. - C:\Program Files\iZ3D Driver\Win32\S3DCService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 6607 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-448539723-329068152-839522115-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-329068152-839522115-1003.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-06 329312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-06-13 16377344]
"UVS12 Preload"=C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe [2008-06-09 397456]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-01-11 13666408]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-01-11 110696]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-03-06 202256]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"=MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI TRANSFORMS=C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST WISE_SETUP_EXE_PATH=c:\nvidia\displaydriver\191.07\winxp\english\PhysX_9.09.0814_SystemSoftware.exe []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Documents and Settings\Streng\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Hry\Modern Warfare 2\iw4mp.exe"="C:\Hry\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Hry\NHL09\nhl2009.exe"="C:\Hry\NHL09\nhl2009.exe:*:Enabled:nhl2009"
"C:\Hry\GTAIV\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Hry\GTAIV\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Hry\GTAIV\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Hry\GTAIV\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Hry\GTAIV\Grand Theft Auto IV\GTAIV.exe"="C:\Hry\GTAIV\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Hry\Left 4 Dead 2\left4dead2.exe"="C:\Hry\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Hry\LOL\air\LolClient.exe"="C:\Hry\LOL\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"C:\Hry\LOL\game\League of Legends.exe"="C:\Hry\LOL\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Hry\Warcraft III\Warcraft III.exe"="C:\Hry\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Hry\Postal multi\System\Postal2MP.exe"="C:\Hry\Postal multi\System\Postal2MP.exe:*:Enabled:Postal2MP"
"C:\Hry\Rune - Co-op\RUNE\SYSTEM\RUNE.EXE"="C:\Hry\Rune - Co-op\RUNE\SYSTEM\RUNE.EXE:*:Enabled:RUNE"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Hry\Assasin creed II\AssassinsCreedIIGame.exe"="C:\Hry\Assasin creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II"
"C:\Hry\Assasin creed II\AssassinsCreedII.exe"="C:\Hry\Assasin creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update"
"C:\Hry\Assasin creed II\UPlayBrowser.exe"="C:\Hry\Assasin creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay"
"C:\Hry\civilization4\Civilization4.exe"="C:\Hry\civilization4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\Hry\civilization4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Hry\civilization4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"C:\Hry\civilization4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Hry\civilization4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
======List of files/folders created in the last 1 months======
2010-06-25 00:34:19 ----A---- C:\ComboFix.txt
2010-06-24 19:08:09 ----A---- C:\Boot.bak
2010-06-24 19:08:00 ----RASHD---- C:\cmdcons
2010-06-24 19:02:01 ----A---- C:\WINDOWS\zip.exe
2010-06-24 19:02:01 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-06-24 19:02:01 ----A---- C:\WINDOWS\SWSC.exe
2010-06-24 19:02:01 ----A---- C:\WINDOWS\SWREG.exe
2010-06-24 19:02:01 ----A---- C:\WINDOWS\sed.exe
2010-06-24 19:02:01 ----A---- C:\WINDOWS\PEV.exe
2010-06-24 19:02:01 ----A---- C:\WINDOWS\NIRCMD.exe
2010-06-24 19:02:01 ----A---- C:\WINDOWS\MBR.exe
2010-06-24 19:02:01 ----A---- C:\WINDOWS\grep.exe
2010-06-24 19:01:52 ----D---- C:\WINDOWS\ERDNT
2010-06-24 19:00:30 ----D---- C:\Qoobox
2010-06-24 09:55:37 ----D---- C:\Documents and Settings\Streng\Application Data\My Games
2010-06-23 10:37:52 ----D---- C:\Documents and Settings\Streng\Application Data\Ubisoft
2010-06-23 10:37:52 ----D---- C:\Documents and Settings\All Users\Application Data\Ubisoft
2010-06-23 10:34:33 ----D---- C:\Program Files\Ubisoft
2010-06-22 18:09:44 ----D---- C:\Program Files\Cyanide
2010-06-22 09:05:42 ----A---- C:\WINDOWS\unvise32.exe
2010-06-22 08:31:56 ----A---- C:\WINDOWS\IsUninst.exe
2010-06-21 16:37:45 ----D---- C:\Documents and Settings\Streng\Application Data\Facebook
2010-06-19 17:38:10 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-06-19 14:17:55 ----D---- C:\Program Files\QIP Infium
2010-06-19 09:31:41 ----D---- C:\Program Files\ICQ7.2
2010-06-18 12:07:52 ----D---- C:\Documents and Settings\All Users\Application Data\Nokia
2010-06-18 11:56:07 ----D---- C:\Program Files\MSXML 6.0
2010-06-18 10:52:24 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2010-06-18 10:52:16 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2010-06-18 10:51:29 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite
2010-06-18 10:51:27 ----D---- C:\Documents and Settings\Streng\Application Data\PC Suite
2010-06-18 10:51:09 ----D---- C:\Documents and Settings\Streng\Application Data\Nokia
2010-06-18 10:47:05 ----D---- C:\Program Files\DIFX
2010-06-18 10:46:45 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2010-06-18 10:46:11 ----D---- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
2010-06-12 09:55:40 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-12 09:55:35 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-12 09:54:44 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-12 09:52:50 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-12 09:52:47 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-12 09:52:42 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-12 09:47:09 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2010-06-05 09:59:22 ----A---- C:\WINDOWS\system32\devil.dll
2010-06-05 09:59:22 ----A---- C:\WINDOWS\system32\avisynth.dll
2010-06-05 09:59:20 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2010-06-05 09:59:20 ----A---- C:\WINDOWS\system32\i420vfw.dll
2010-06-05 09:59:19 ----D---- C:\Program Files\AviSynth 2.5
2010-06-05 09:55:40 ----RSH---- C:\WINDOWS\system32\nbDX.dll
2010-06-05 09:55:40 ----RSH---- C:\WINDOWS\system32\msfDX.dll
2010-06-05 09:55:39 ----RSH---- C:\WINDOWS\system32\flvDX.dll
2010-06-05 09:55:32 ----D---- C:\Program Files\eRightSoft
======List of files/folders modified in the last 1 months======
2010-06-26 09:15:54 ----D---- C:\Program Files\trend micro
2010-06-26 09:15:33 ----SD---- C:\WINDOWS\Tasks
2010-06-26 09:14:15 ----D---- C:\WINDOWS\Temp
2010-06-26 09:09:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-25 17:41:48 ----D---- C:\Documents and Settings\Streng\Application Data\uTorrent
2010-06-25 17:41:17 ----D---- C:\WINDOWS\Prefetch
2010-06-25 17:41:06 ----A---- C:\WINDOWS\DVDRegionFree.INI
2010-06-25 17:20:58 ----A---- C:\WINDOWS\NeroDigital.ini
2010-06-25 00:37:49 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-25 00:33:11 ----D---- C:\WINDOWS
2010-06-25 00:33:11 ----A---- C:\WINDOWS\system.ini
2010-06-25 00:31:32 ----D---- C:\WINDOWS\system32\drivers
2010-06-25 00:31:32 ----D---- C:\WINDOWS\system32
2010-06-25 00:31:32 ----D---- C:\WINDOWS\AppPatch
2010-06-25 00:31:29 ----D---- C:\Program Files\Common Files
2010-06-24 19:08:09 ----RASH---- C:\boot.ini
2010-06-24 18:38:16 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-06-24 15:37:03 ----D---- C:\Program Files\CCleaner
2010-06-24 12:50:08 ----D---- C:\Documents and Settings\Streng\Application Data\Skype
2010-06-24 12:20:18 ----D---- C:\Program Files\Garena
2010-06-24 11:46:44 ----D---- C:\Documents and Settings\Streng\Application Data\skypePM
2010-06-24 10:48:35 ----D---- C:\WINDOWS\system32\DirectX
2010-06-24 10:48:34 ----HD---- C:\WINDOWS\inf
2010-06-24 10:48:29 ----RSD---- C:\WINDOWS\assembly
2010-06-24 10:34:30 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-24 10:17:17 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-24 10:17:00 ----SHD---- C:\WINDOWS\Installer
2010-06-24 09:55:17 ----D---- C:\Hry
2010-06-24 09:08:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-24 09:08:23 ----D---- C:\WINDOWS\WinSxS
2010-06-23 14:18:24 ----D---- C:\Program Files\Mozilla Firefox
2010-06-23 10:34:33 ----RD---- C:\Program Files
2010-06-22 18:51:47 ----D---- C:\Documents and Settings\Streng\Application Data\Hamachi
2010-06-20 09:27:57 ----D---- C:\Documents and Settings\Streng\Application Data\ICQ
2010-06-19 17:41:57 ----D---- C:\Program Files\Alwil Software
2010-06-19 09:29:48 ----D---- C:\WINDOWS\Debug
2010-06-19 09:27:51 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-06-18 10:53:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-18 10:53:03 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-06-12 09:55:34 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-05 09:59:17 ----RSD---- C:\WINDOWS\Fonts
2010-05-28 21:37:34 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers; \??\C:\Program Files\iZ3D Driver\Win32\S3DInjectionDriver.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
R2 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-14 4429312]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2002-12-31 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-01-12 10276768]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-05-04 19968]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 477696]
R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
S3 aekkxzdg;aekkxzdg; C:\WINDOWS\system32\drivers\aekkxzdg.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\Streng\LOCALS~1\Temp\catchme.sys []
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\Streng\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 DrvAgent32;DrvAgent32; \??\C:\WINDOWS\system32\Drivers\DrvAgent32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\Streng\LOCALS~1\Temp\QRH125.tmp []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-04-11 17480]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 npkcrypt;npkcrypt; \??\C:\Hry\Lineage II\100kaSystem\npkcrypt.sys []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-05-04 46720]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2002-12-31 322120]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-01-11 154216]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-03-22 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-03-22 107832]
R2 S3D Service (Win32);S3D Service (Win32); C:\Program Files\iZ3D Driver\Win32\S3DCService.exe [2009-11-04 360960]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2008-06-09 53392]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-12-25 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Fixol som len nasledujuce R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.groogle.info
Tie ostatne neboli v ponuke , Problem stale zotrvava
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu (vnutena domovska stranka)
Zkuste pomocí Mozbackup: http://www.slunecnice.cz/sw/mozbackup/ odinstalovat FF. Pak vyčistěte PC kompletně (soubory+registry) CCleanerem: http://www.viry.cz/forum/viewtopic.php?f=46&t=7478 . Nakonec opět pomocí Mozbackup FF zpět nainstalujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu logu (vnutena domovska stranka)
Problem vyrieseny , dakujem pekne za pomoc.
Este som sa ale chcel spytat , od pouzitia combofixu mi pri starte windowsu vyhodi tabulku ci chcem spustit windows normalne alebo chcem spustit recovery console , Moze to signalizovat nieco spatne ? alebo je to bezne ?
Robi to pri kazdom spusteni , popripade restartovani pocitaca
Este som sa ale chcel spytat , od pouzitia combofixu mi pri starte windowsu vyhodi tabulku ci chcem spustit windows normalne alebo chcem spustit recovery console , Moze to signalizovat nieco spatne ? alebo je to bezne ?
Robi to pri kazdom spusteni , popripade restartovani pocitaca
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu (vnutena domovska stranka)
Nainstaloval jste si konzolu pro zotavení, ačkoliv to nebylo nutné. Nic se v podstatě neděje, jen vám to zpozdí start cca o 3s. Dá se odstranit pouze editací soboru boot ini. Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?