Logfile of random's system information tool 1.08 (written by random/random)
Run by jiri urvalek at 2010-09-19 08:14:37
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 153 GB (82%) free of 186 GB
Total RAM: 3071 MB (68% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-06-13 110652]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-15 278192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programfiler\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-06-03 814648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programfiler\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Programfiler\YouTube Downloader Toolbar\SearchSettings.dll [2010-02-19 1109504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
YouTube Downloader Toolbar - C:\Programfiler\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll [2010-02-19 700416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F3FEE66E-E034-436a-86E4-9690573BEE8A} - YouTube Downloader Toolbar - C:\Programfiler\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll [2010-02-19 700416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-15 278192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"=C:\WINDOWS\system32\nvraidservice.exe [2005-01-17 84480]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-20 77824]
"CARPService"=C:\WINDOWS\system32\carpserv.exe [2003-03-19 4608]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2004-12-08 550912]
"ledpointer"=C:\WINDOWS\CNYHKey.exe [2004-03-02 5576704]
"PCMService"=C:\Programfiler\CyberLink\PowerCinema\PCMService.exe [2005-07-08 127118]
"OEM-Reset"= []
"SunJavaUpdateSched"=C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe [2010-02-18 248040]
"Norman ZANDA"=C:\Programfiler\Norman\Npm\Bin\ZLH.EXE [2010-01-29 189824]
"nwiz"=nwiz.exe /installquiet []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-03-16 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-03-16 13670504]
"Adobe Reader Speed Launcher"=C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"Share-to-Web Namespace Daemon"=C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2001-07-03 57344]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-06-13 127036]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"SearchSettings"=C:\Programfiler\YouTube Downloader Toolbar\SearchSettings.exe [2010-02-19 974848]
"avast5"=C:\Programfiler\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"WMPNSCFG"=C:\Programfiler\Windows Media Player\WMPNSCFG.exe [2006-11-15 204288]
"MSMSGS"=C:\Programfiler\Messenger\msmsgs.exe [2008-04-14 1695232]
"Uniblue RegistryBooster 2009"=C:\Programfiler\Uniblue\RegistryBooster\RegistryBooster.exe /S []
"SpybotSD TeaTimer"=C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart
Adobe Gamma Loader.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
McAfee Security Scan Plus.lnk - C:\Programfiler\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Documents and Settings\jiri urvalek\Start-meny\Programmer\Oppstart
OpenOffice.org 3.2.lnk - C:\Programfiler\OpenOffice.org 3\program\quickstart.exe
Picture Motion Browser Media Check Tool.lnk - C:\Programfiler\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programfiler\CyberLink\PowerCinema\PowerCinema.exe"="C:\Programfiler\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:PowerCinema"
"C:\Programfiler\CA\Etrust Antivirus\InoRpc.exe"="C:\Programfiler\CA\Etrust Antivirus\InoRpc.exe:*:Enabled:eTrust Antivirus - RPC Server"
"C:\Programfiler\CA\Etrust Antivirus\InocIT.exe"="C:\Programfiler\CA\Etrust Antivirus\InocIT.exe:*:Enabled:eTrust Antivirus - Local Scanner"
"C:\Programfiler\CA\Etrust Antivirus\Realmon.exe"="C:\Programfiler\CA\Etrust Antivirus\Realmon.exe:*:Enabled:eTrust Antivirus - Realtime monitor"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programfiler\Pinnacle\Studio 12\Programs\RM.exe"="C:\Programfiler\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Programfiler\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Programfiler\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Programfiler\Pinnacle\Studio 12\Programs\umi.exe"="C:\Programfiler\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Programfiler\Spotify\spotify.exe"="C:\Programfiler\Spotify\spotify.exe:*:Enabled:Spotify"
"C:\Programfiler\Skype\Plugin Manager\skypePM.exe"="C:\Programfiler\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Programfiler\AVS4YOU\Registration.exe"="C:\Programfiler\AVS4YOU\Registration.exe:*:Enabled: Activation"
"C:\Programfiler\Skype\Phone\Skype.exe"="C:\Programfiler\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 3 months======
2010-09-19 08:14:37 ----D---- C:\rsit
2010-09-18 21:27:46 ----D---- C:\Programfiler\Trend Micro
2010-09-18 12:43:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-18 12:43:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-18 12:43:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-18 12:43:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-18 12:43:31 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-18 12:43:24 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-18 12:39:39 ----A---- C:\WINDOWS\imsins.BAK
2010-09-18 12:39:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-09-16 07:01:59 ----D---- C:\Documents and Settings\All Users\Programdata\McAfee Security Scan
2010-09-16 07:01:56 ----D---- C:\Programfiler\McAfee Security Scan
2010-09-16 06:40:22 ----D---- C:\Documents and Settings\jiri urvalek\Programdata\Mozilla
2010-09-16 06:40:03 ----D---- C:\Programfiler\Mozilla Firefox
2010-09-16 05:39:37 ----A---- C:\WINDOWS\system32\drivers\ale_nf64.sys
2010-09-16 05:39:37 ----A---- C:\WINDOWS\system32\drivers\ale_nf.sys
2010-09-14 05:25:28 ----D---- C:\Programfiler\CCleaner
2010-09-13 23:51:34 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2010-09-13 23:51:34 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2010-09-13 23:51:34 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2010-09-13 23:51:34 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010-09-13 23:51:33 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2010-09-13 23:51:33 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2010-09-13 23:51:33 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2010-09-13 23:50:57 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-09-13 23:50:49 ----D---- C:\Programfiler\Alwil Software
2010-09-13 23:50:49 ----D---- C:\Documents and Settings\All Users\Programdata\Alwil Software
2010-08-25 19:42:52 ----ASH---- C:\hiberfil.sys
2010-08-24 21:00:08 ----D---- C:\Programfiler\Spybot - Search & Destroy
2010-08-24 20:57:05 ----D---- C:\Documents and Settings\jiri urvalek\Programdata\Uniblue
2010-08-24 20:56:03 ----HDC---- C:\Documents and Settings\All Users\Programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}
2010-08-11 11:06:20 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-11 11:06:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-11 11:06:00 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-11 11:05:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-11 11:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-11 11:02:32 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-11 10:58:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-11 10:58:30 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-11 10:58:19 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-07-19 07:51:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-06-20 20:32:46 ----D---- C:\Documents and Settings\jiri urvalek\Programdata\PDF Writer
2010-06-20 20:32:46 ----D---- C:\Documents and Settings\All Users\Programdata\PDF Writer
2010-06-20 20:31:14 ----D---- C:\Programfiler\Fellesfiler\Bullzip
2010-06-20 20:31:14 ----A---- C:\WINDOWS\system32\bzpdfc.dll
2010-06-20 20:31:14 ----A---- C:\WINDOWS\system32\bzFlRdr.dll
2010-06-20 20:31:14 ----A---- C:\WINDOWS\system32\bzDCT.dll
2010-06-20 20:31:11 ----A---- C:\WINDOWS\system32\bzpdf.dll
2010-06-20 20:31:10 ----D---- C:\Programfiler\Bullzip
======List of files/folders modified in the last 3 months======
2010-09-19 08:14:16 ----D---- C:\WINDOWS\Prefetch
2010-09-19 07:55:13 ----D---- C:\WINDOWS\Temp
2010-09-19 07:40:39 ----A---- C:\Log.txt
2010-09-18 21:41:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-18 21:27:46 ----RD---- C:\Programfiler
2010-09-18 14:27:33 ----D---- C:\WINDOWS\system32
2010-09-18 14:27:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-09-18 14:23:44 ----D---- C:\WINDOWS
2010-09-18 12:44:00 ----HD---- C:\WINDOWS\inf
2010-09-18 12:43:56 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-18 12:43:53 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-09-18 12:39:50 ----D---- C:\WINDOWS\Debug
2010-09-18 12:39:45 ----A---- C:\WINDOWS\system32\MRT.exe
2010-09-18 11:26:50 ----SHD---- C:\WINDOWS\Installer
2010-09-18 11:26:48 ----SHD---- C:\Config.Msi
2010-09-18 09:59:56 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-16 07:05:43 ----D---- C:\Documents and Settings\All Users\Programdata\NOS
2010-09-14 07:32:23 ----D---- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy
2010-09-14 07:16:56 ----D---- C:\WINDOWS\Minidump
2010-09-13 23:51:34 ----D---- C:\WINDOWS\system32\drivers
2010-09-13 23:51:29 ----D---- C:\WINDOWS\WinSxS
2010-09-08 22:34:28 ----D---- C:\Documents and Settings\jiri urvalek\Programdata\Skype
2010-09-08 19:47:21 ----D---- C:\Documents and Settings\jiri urvalek\Programdata\skypePM
2010-08-26 16:41:39 ----D---- C:\Programfiler\SureThing Express Labeler
2010-08-25 18:59:17 ----D---- C:\Documents and Settings
2010-08-24 23:42:51 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-19 20:53:59 ----D---- C:\Programfiler\YouTube Downloader
2010-08-19 06:15:27 ----D---- C:\WINDOWS\network diagnostic
2010-08-17 15:17:06 ----A---- C:\WINDOWS\system32\spoolsv.exe
2010-08-11 11:27:16 ----RSD---- C:\WINDOWS\assembly
2010-08-11 11:24:10 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-11 11:03:00 ----D---- C:\Programfiler\Internet Explorer
2010-08-11 11:02:53 ----D---- C:\WINDOWS\ie8updates
2010-08-11 10:58:34 ----D---- C:\Programfiler\Movie Maker
2010-07-27 08:30:30 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-22 17:46:10 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2010-07-22 08:19:06 ----A---- C:\WINDOWS\system32\xpsp4res.dll
2010-06-30 14:33:22 ----A---- C:\WINDOWS\system32\schannel.dll
2010-06-24 17:57:44 ----A---- C:\WINDOWS\system32\ieframe.dll
2010-06-24 14:27:46 ----A---- C:\WINDOWS\system32\wininet.dll
2010-06-24 14:27:46 ----A---- C:\WINDOWS\system32\urlmon.dll
2010-06-24 14:27:45 ----N---- C:\WINDOWS\system32\occache.dll
2010-06-24 14:27:45 ----N---- C:\WINDOWS\system32\mstime.dll
2010-06-24 14:27:45 ----A---- C:\WINDOWS\system32\mshtml.dll
2010-06-24 14:27:43 ----N---- C:\WINDOWS\system32\jsproxy.dll
2010-06-24 14:27:43 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2010-06-24 14:27:43 ----A---- C:\WINDOWS\system32\msfeeds.dll
2010-06-24 14:27:43 ----A---- C:\WINDOWS\system32\iertutil.dll
2010-06-24 14:27:42 ----A---- C:\WINDOWS\system32\iepeers.dll
2010-06-24 14:27:40 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2010-06-23 14:08:09 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2010-06-20 20:31:14 ----D---- C:\Programfiler\Fellesfiler
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2006-06-12 89264]
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2005-05-17 92800]
R0 nvatabus;nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [2005-05-17 92800]
R0 nvraid;NVIDIA nForce(tm) RAID Class Driver; C:\WINDOWS\system32\DRIVERS\nvraid.sys [2005-08-08 76288]
R0 ohci1394;Texas Instruments OHCI-kompatibel IEEE 1394-vertskontroller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\Drivers\PxHelp20.sys [2006-11-02 36624]
R1 AmdK8;AMD-prosessordriver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 39424]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-03-17 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2006-03-17 22684]
R1 kbdhid;Tastatur-HID-driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 NGS;Norman General Security Driver; \??\c:\programfiler\norman\ngs\bin\ngs.sys []
R1 NPROSEC;Norman Security driver; \??\C:\Programfiler\Norman\Ngs\Bin\nprosec.sys []
R1 tdi_nf;Norman Network Filter TDIL driver; \??\C:\WINDOWS\system32\drivers\tdi_nf.sys []
R1 WS2IFSL;Windows Socket 2.0-støttemiljø for ikke-IFS-tjenesteleverandør; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-06-13 25724]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-06-13 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-06-13 86844]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-06-13 14716]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-06-13 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-06-13 88476]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-06-13 94460]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-03-17 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-03-19 11044]
R2 Ndiskio;Ndiskio; \??\C:\Programfiler\Norman\Nse\Bin\NDISKIO.SYS []
R2 nregsec;Norman Registry Security driver; \??\C:\Programfiler\Norman\Ngs\Bin\nregsec.sys []
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\system32\DRIVERS\strmdisp.sys [2003-03-19 22400]
R3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 799744]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-20 2324480]
R3 Arp1394;1394 ARP-klientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 BthEnum;Driver for Bluetooth-forespørselsblokk; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
R3 BTHUSB;USB-driver for Bluetooth-radio; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
R3 HidUsb;Microsoft HID-klassedriver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-03-19 1107072]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-03-19 177024]
R3 IMT0521;Inmax USB IMT-0521 Smartcard Reader; C:\WINDOWS\System32\Drivers\IMT0521.sys [2003-07-11 34825]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 MODEMCSA;Unimodem Streaming-filterenhet; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;HID-driver for mus; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-06 12160]
R3 NIC1394;1394-nettverksdriver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nnetsec;Norman Network Security service; C:\WINDOWS\system32\DRIVERS\nnetsec.sys [2010-06-21 48272]
R3 NNetSecC;Norman Network Filter NDIS common driver; \??\C:\Programfiler\Norman\ngs\bin\nnetsecc.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-03-16 10232352]
R3 NvcMFlt;NvcMFlt; C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2009-10-09 21832]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 RFCOMM;Bluetooth-enhet (TDI for RFCOMM-protokoll); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
R3 usbccgp;Microsoft USB generell overordnet driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Microsoft USB PRINTER-klasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB-skannerdriver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB-masselagringsenhet; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-03-19 622592]
S3 BTHPORT;Driver for Bluetooth-port; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272256]
S3 CCDECODE;Dekoder for teksting for hørselshemmede; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MPE;BDA MPE-filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Tee/Sink-to-Sink-konverterer for Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-kodek; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/video-tilkobling; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 ovt519;VGA USB Camera; C:\WINDOWS\System32\Drivers\ov519vid.sys [2003-05-06 163072]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\SCR33X2K.sys [2003-12-03 63608]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB-lyddriver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 WSTCODEC;World Standard Teletext-kodek; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Application Updater;Application Updater; C:\Programfiler\Application Updater\ApplicationUpdater.exe [2010-02-19 380928]
R2 avast! Antivirus;avast! Antivirus; C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Programfiler\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [2005-07-08 221281]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Programfiler\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [2005-07-08 110687]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [2005-07-08 61440]
R2 eLoggerSvc6;Norman eLogger service 6; C:\Programfiler\Norman\Npm\Bin\elogsvc.exe [2009-10-11 152904]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programfiler\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 MamutSyncService;Mamut Synchronization Service; C:\Programfiler\Mamut\Synchronization\Mamut.SynchronizationService.SynchronizationWindowsService.exe [2010-01-22 16384]
R2 MSSQL$MAMUT;SQL Server (MAMUT); C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 NNFSVC;Norman Network Filtering service; C:\Programfiler\Norman\Ngs\Bin\Nnf.exe [2010-06-24 219904]
R2 Norman ZANDA;Norman ZANDA; C:\Programfiler\Norman\Npm\Bin\Zanda.exe [2010-05-18 301192]
R2 NPFSvc32;Norman Personal Firewall Service; C:\Programfiler\Norman\npf\bin\npfsvc32.exe [2010-08-26 288936]
R2 NPROSECSVC;Norman Security service; C:\Programfiler\Norman\Ngs\Bin\Nprosec.exe [2010-05-07 103016]
R2 NVOY;Norman Resource Provider; C:\Programfiler\Norman\npm\bin\nvoy.exe [2010-03-15 98776]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-03-16 154216]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Programfiler\CyberLink\Shared Files\RichVideo.exe [2005-01-31 143360]
R2 SQLBrowser;SQL Server Browser; C:\Programfiler\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Programfiler\Windows Media Player\WMPNetwk.exe [2006-11-15 914944]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 Norman NJeeves;Norman NJeeves; C:\Programfiler\Norman\Npm\Bin\Njeeves.exe [2009-10-07 129928]
R3 nsesvc;Norman Scanner Engine Service; C:\Programfiler\Norman\Nse\Bin\NSESVC.EXE [2010-06-14 282624]
R3 nvcoas;Norman Virus Control on-access component; C:\Programfiler\Norman\Nvc\Bin\nvcoas.exe [2010-08-12 210248]
R3 Scheduler;Norman Scheduler Service; C:\Programfiler\Norman\Npm\Bin\scheduler.exe [2009-10-15 133272]
S2 gupdate;Googles oppdateringstjeneste (gupdate); C:\Programfiler\Google\Update\GoogleUpdate.exe [2010-04-05 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 gusvc;Google Software Updater; C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-04-05 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Programfiler\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 nosGetPlusHelper;getPlus(R) Helper 3004; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 ose;Office Source Engine; C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Programfiler\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosim o kontr. logu, celkove pomaly PC, problem IE,Firefox
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontr. logu, celkove pomaly PC, problem IE,Fire
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontr. logu, celkove pomaly PC, problem IE,Fire
Dobry den,
takze ComboFix to projel a log vypada takhle:
ComboFix 10-09-17.04 - jiri urvalek 19.09.2010 15:34:59.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.3071.2111 [GMT 2:00]
Kjører fra: c:\documents and settings\jiri urvalek\Skrivebord\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norman Security Suite *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
FW: Norman Security Suite *enabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}
ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!
.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programfiler\YouTube Downloader Toolbar\IE\1.0\yoUTubedownloadertoolbarie.dll
c:\programfiler\YouTube Downloader Toolbar\SeARchsettings.dll
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2010-08-19 til 2010-09-19 )))))))))))))))))))))))))))))))))
.
2010-09-19 06:14 . 2010-09-19 06:14 -------- d-----w- C:\rsit
2010-09-18 19:27 . 2010-09-18 19:27 -------- d-----w- c:\programfiler\Trend Micro
2010-09-16 05:01 . 2010-09-16 05:01 -------- d-----w- c:\documents and settings\All Users\Programdata\McAfee Security Scan
2010-09-16 05:01 . 2010-09-16 05:01 -------- d-----w- c:\programfiler\McAfee Security Scan
2010-09-16 05:00 . 2010-09-01 13:52 35136 ----a-w- c:\documents and settings\jiri urvalek\Programdata\Mozilla\Firefox\Profiles\zfgzra06.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-09-16 05:00 . 2010-09-01 13:52 32032 ----a-w- c:\documents and settings\jiri urvalek\Programdata\Mozilla\Firefox\Profiles\zfgzra06.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-09-16 04:40 . 2010-09-16 04:40 0 ----a-w- c:\windows\nsreg.dat
2010-09-16 04:40 . 2010-09-16 04:40 -------- d-----w- c:\documents and settings\jiri urvalek\Lokale innstillinger\Programdata\Mozilla
2010-09-16 03:39 . 2010-08-19 07:12 68176 ----a-w- c:\windows\system32\drivers\ale_nf64.sys
2010-09-16 03:39 . 2010-08-19 07:12 61472 ----a-w- c:\windows\system32\drivers\ale_nf.sys
2010-09-14 05:16 . 2010-09-19 07:33 -------- d--h--r- c:\documents and settings\jiri urvalek\Siste
2010-09-14 03:25 . 2010-09-14 03:25 -------- d-----w- c:\programfiler\CCleaner
2010-09-13 21:51 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-13 21:51 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-13 21:51 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-13 21:51 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-13 21:51 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-13 21:51 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-13 21:51 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-13 21:50 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-13 21:50 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-13 21:50 . 2010-09-13 21:50 -------- d-----w- c:\programfiler\Alwil Software
2010-09-13 21:50 . 2010-09-13 21:50 -------- d-----w- c:\documents and settings\All Users\Programdata\Alwil Software
2010-08-25 17:06 . 2010-08-25 17:06 -------- d-----w- c:\documents and settings\Administrator\Programdata\Share-to-Web-opplastingsmappe
2010-08-24 19:00 . 2010-08-24 19:04 -------- d-----w- c:\programfiler\Spybot - Search & Destroy
2010-08-24 18:57 . 2010-08-24 18:57 -------- d-----w- c:\documents and settings\jiri urvalek\Programdata\Uniblue
2010-08-24 18:56 . 2009-05-18 14:53 2567558 -c----w- c:\documents and settings\All Users\Programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster.exe
2010-08-24 18:56 . 2009-03-06 10:14 2019624 -c----w- c:\documents and settings\All Users\Programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\EA491AD6\D628A3BB\RegistryBooster.exe
2010-08-24 18:56 . 2010-08-25 05:40 -------- dc-h--w- c:\documents and settings\All Users\Programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-19 13:38 . 2010-06-15 21:10 -------- d-----w- c:\programfiler\YouTube Downloader Toolbar
2010-09-18 12:27 . 2005-09-05 15:16 97180 ----a-w- c:\windows\system32\perfc014.dat
2010-09-18 12:27 . 2005-09-05 15:16 491052 ----a-w- c:\windows\system32\perfh014.dat
2010-09-16 05:05 . 2008-09-27 07:56 -------- d-----w- c:\documents and settings\All Users\Programdata\NOS
2010-09-14 05:32 . 2009-12-27 18:42 -------- d-----w- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy
2010-09-13 18:09 . 2010-05-25 21:43 1 ----a-w- c:\documents and settings\jiri urvalek\Programdata\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-08 20:34 . 2010-04-24 19:31 -------- d-----w- c:\documents and settings\jiri urvalek\Programdata\Skype
2010-09-08 17:47 . 2010-04-24 19:39 -------- d-----w- c:\documents and settings\jiri urvalek\Programdata\skypePM
2010-08-26 14:41 . 2010-04-17 18:43 -------- d-----w- c:\programfiler\SureThing Express Labeler
2010-08-19 18:53 . 2010-06-15 21:10 -------- d-----w- c:\programfiler\YouTube Downloader
2010-08-17 13:17 . 2005-09-05 15:16 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:46 . 2005-09-05 15:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-07 17:38 . 2010-07-07 17:38 501936 ----a-w- c:\documents and settings\All Users\Programdata\Google\Google Toolbar\Update\gtb15.tmp.exe
2010-06-30 12:33 . 2005-09-05 15:16 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2005-09-05 15:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:03 . 2005-09-05 15:16 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2005-09-05 15:16 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2003-01-13 09:20 . 2005-09-06 09:57 278528 ----a-w- c:\programfiler\internet explorer\plugins\PanoViewer.dll
1999-04-30 14:00 . 2005-09-06 09:57 98304 ----a-w- c:\programfiler\internet explorer\plugins\UPjpeg.dll
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]
"SpybotSD TeaTimer"="c:\programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2005-01-17 84480]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]
"CARPService"="carpserv.exe" [2003-03-18 4608]
"CHotkey"="mHotkey.exe" [2004-12-08 550912]
"ledpointer"="CNYHKey.exe" [2004-03-02 5576704]
"PCMService"="c:\programfiler\CyberLink\PowerCinema\PCMService.exe" [2005-07-08 127118]
"SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Norman ZANDA"="c:\programfiler\Norman\Npm\Bin\ZLH.EXE" [2010-01-29 189824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Share-to-Web Namespace Daemon"="c:\programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SearchSettings"="c:\programfiler\YouTube Downloader Toolbar\SearchSettings.exe" [2010-02-19 974848]
"avast5"="c:\programfiler\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\jiri urvalek\Start-meny\Programmer\Oppstart\
OpenOffice.org 3.2.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
Picture Motion Browser Media Check Tool.lnk - c:\programfiler\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-4-28 385024]
c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
Adobe Gamma Loader.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-8 113664]
McAfee Security Scan Plus.lnk - c:\programfiler\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programfiler\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Programfiler\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Programfiler\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Programfiler\\Spotify\\spotify.exe"=
"c:\\Programfiler\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programfiler\\AVS4YOU\\Registration.exe"=
"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.09.2010 23:51 165584]
R1 NGS;Norman General Security Driver;c:\programfiler\Norman\Ngs\Bin\ngs.sys [01.06.2010 22:28 26744]
R1 NPROSEC;Norman Security driver;c:\programfiler\Norman\Ngs\Bin\nprosec.sys [01.06.2010 22:28 72392]
R1 tdi_nf;Norman Network Filter TDIL driver;c:\windows\system32\drivers\tdi_nf.sys [01.06.2010 22:28 376136]
R2 Application Updater;Application Updater;c:\programfiler\Application Updater\ApplicationUpdater.exe [19.02.2010 19:43 380928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.09.2010 23:51 17744]
R2 MamutSyncService;Mamut Synchronization Service;c:\programfiler\Mamut\Synchronization\Mamut.SynchronizationService.SynchronizationWindowsService.exe [22.01.2010 08:26 16384]
R2 MSSQL$MAMUT;SQL Server (MAMUT);c:\programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10.02.2007 05:29 29178224]
R2 Ndiskio;Ndiskio;c:\programfiler\Norman\Nse\Bin\Ndiskio.sys [05.04.2010 21:56 22880]
R2 NNFSVC;Norman Network Filtering service;c:\programfiler\Norman\Ngs\Bin\nnf.exe [01.06.2010 22:28 219904]
R2 NPFSvc32;Norman Personal Firewall Service;c:\programfiler\Norman\Npf\Bin\npfsvc32.exe [16.09.2010 05:39 288936]
R2 NPROSECSVC;Norman Security service;c:\programfiler\Norman\Ngs\Bin\nprosec.exe [01.06.2010 22:28 103016]
R2 nregsec;Norman Registry Security driver;c:\programfiler\Norman\Ngs\Bin\nregsec.sys [01.06.2010 22:28 40384]
R2 NVOY;Norman Resource Provider;c:\programfiler\Norman\Npm\Bin\nvoy.exe [05.04.2010 21:57 98776]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [06.09.2005 10:51 799744]
R3 IMT0521;Inmax USB IMT-0521 Smartcard Reader;c:\windows\system32\drivers\IMT0521.sys [06.09.2005 11:06 34825]
R3 nnetsec;Norman Network Security service;c:\windows\system32\drivers\nnetsec.sys [01.06.2010 22:28 48272]
R3 NNetSecC;Norman Network Filter NDIS common driver;c:\programfiler\Norman\Ngs\Bin\nnetsecc.sys [01.06.2010 22:28 29968]
R3 nsesvc;Norman Scanner Engine Service;c:\programfiler\Norman\Nse\Bin\Nsesvc.exe [17.06.2010 20:59 282624]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [05.04.2010 21:56 21832]
R3 nvcoas;Norman Virus Control on-access component;c:\programfiler\Norman\nvc\bin\Nvcoas.exe [17.08.2010 00:10 210248]
R3 Scheduler;Norman Scheduler Service;c:\programfiler\Norman\Npm\Bin\scheduler.exe [05.04.2010 21:57 133272]
S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [05.04.2010 20:49 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programfiler\McAfee Security Scan\2.0.181\McCHSvc.exe [15.01.2010 14:49 227232]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [05.09.2005 17:16 14336]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [06.09.2005 11:06 63608]
--- Andre tjenester/drivere lastet i minnet ---
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-04-05 18:49]
2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-04-05 18:49]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.gmx.net/
uInternet Connection Wizard,ShellNext = hxxp://www.targa.co.uk/
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki - c:\programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\programfiler\Norman\ngs\bin\nlf.dll
FF - ProfilePath - c:\documents and settings\jiri urvalek\Programdata\Mozilla\Firefox\Profiles\zfgzra06.default\
FF - prefs.js: browser.startup.homepage - hxxp://gmx.de
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\jiri urvalek\Programdata\Mozilla\Firefox\Profiles\zfgzra06.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\programfiler\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programfiler\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - TOMME PEKERE FJERNET - - - -
HKCU-Run-Uniblue RegistryBooster 2009 - c:\programfiler\Uniblue\RegistryBooster\RegistryBooster.exe
HKLM-Run-OEM-Reset - (no file)
HKLM-Run-nwiz - nwiz.exe
AddRemove-NVIDIA Display Control Panel - c:\programfiler\NVIDIA Corporation\Uninstall\nvuninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-19 15:39
Windows 5.1.2600 Service Pack 3 NTFS
skanner skjulte prosesser ...
skanner skjulte autostart-oppføringer ...
skanner skjulte filer ...
skanning vellykket
skjulte filer: 0
**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Tidspunkt ferdig: 2010-09-19 15:41:25
ComboFix-quarantined-files.txt 2010-09-19 13:41
Pre-Run: 160 341 987 328 byte ledig
Post-Run: 160 565 776 384 byte ledig
- - End Of File - - 01C0F13EF4B9FA00B259139ECF0B89E2
takze ComboFix to projel a log vypada takhle:
ComboFix 10-09-17.04 - jiri urvalek 19.09.2010 15:34:59.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.3071.2111 [GMT 2:00]
Kjører fra: c:\documents and settings\jiri urvalek\Skrivebord\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norman Security Suite *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
FW: Norman Security Suite *enabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}
ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!
.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programfiler\YouTube Downloader Toolbar\IE\1.0\yoUTubedownloadertoolbarie.dll
c:\programfiler\YouTube Downloader Toolbar\SeARchsettings.dll
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2010-08-19 til 2010-09-19 )))))))))))))))))))))))))))))))))
.
2010-09-19 06:14 . 2010-09-19 06:14 -------- d-----w- C:\rsit
2010-09-18 19:27 . 2010-09-18 19:27 -------- d-----w- c:\programfiler\Trend Micro
2010-09-16 05:01 . 2010-09-16 05:01 -------- d-----w- c:\documents and settings\All Users\Programdata\McAfee Security Scan
2010-09-16 05:01 . 2010-09-16 05:01 -------- d-----w- c:\programfiler\McAfee Security Scan
2010-09-16 05:00 . 2010-09-01 13:52 35136 ----a-w- c:\documents and settings\jiri urvalek\Programdata\Mozilla\Firefox\Profiles\zfgzra06.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-09-16 05:00 . 2010-09-01 13:52 32032 ----a-w- c:\documents and settings\jiri urvalek\Programdata\Mozilla\Firefox\Profiles\zfgzra06.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-09-16 04:40 . 2010-09-16 04:40 0 ----a-w- c:\windows\nsreg.dat
2010-09-16 04:40 . 2010-09-16 04:40 -------- d-----w- c:\documents and settings\jiri urvalek\Lokale innstillinger\Programdata\Mozilla
2010-09-16 03:39 . 2010-08-19 07:12 68176 ----a-w- c:\windows\system32\drivers\ale_nf64.sys
2010-09-16 03:39 . 2010-08-19 07:12 61472 ----a-w- c:\windows\system32\drivers\ale_nf.sys
2010-09-14 05:16 . 2010-09-19 07:33 -------- d--h--r- c:\documents and settings\jiri urvalek\Siste
2010-09-14 03:25 . 2010-09-14 03:25 -------- d-----w- c:\programfiler\CCleaner
2010-09-13 21:51 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-13 21:51 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-13 21:51 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-13 21:51 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-13 21:51 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-13 21:51 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-13 21:51 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-13 21:50 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-13 21:50 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-13 21:50 . 2010-09-13 21:50 -------- d-----w- c:\programfiler\Alwil Software
2010-09-13 21:50 . 2010-09-13 21:50 -------- d-----w- c:\documents and settings\All Users\Programdata\Alwil Software
2010-08-25 17:06 . 2010-08-25 17:06 -------- d-----w- c:\documents and settings\Administrator\Programdata\Share-to-Web-opplastingsmappe
2010-08-24 19:00 . 2010-08-24 19:04 -------- d-----w- c:\programfiler\Spybot - Search & Destroy
2010-08-24 18:57 . 2010-08-24 18:57 -------- d-----w- c:\documents and settings\jiri urvalek\Programdata\Uniblue
2010-08-24 18:56 . 2009-05-18 14:53 2567558 -c----w- c:\documents and settings\All Users\Programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster.exe
2010-08-24 18:56 . 2009-03-06 10:14 2019624 -c----w- c:\documents and settings\All Users\Programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\EA491AD6\D628A3BB\RegistryBooster.exe
2010-08-24 18:56 . 2010-08-25 05:40 -------- dc-h--w- c:\documents and settings\All Users\Programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-19 13:38 . 2010-06-15 21:10 -------- d-----w- c:\programfiler\YouTube Downloader Toolbar
2010-09-18 12:27 . 2005-09-05 15:16 97180 ----a-w- c:\windows\system32\perfc014.dat
2010-09-18 12:27 . 2005-09-05 15:16 491052 ----a-w- c:\windows\system32\perfh014.dat
2010-09-16 05:05 . 2008-09-27 07:56 -------- d-----w- c:\documents and settings\All Users\Programdata\NOS
2010-09-14 05:32 . 2009-12-27 18:42 -------- d-----w- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy
2010-09-13 18:09 . 2010-05-25 21:43 1 ----a-w- c:\documents and settings\jiri urvalek\Programdata\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-08 20:34 . 2010-04-24 19:31 -------- d-----w- c:\documents and settings\jiri urvalek\Programdata\Skype
2010-09-08 17:47 . 2010-04-24 19:39 -------- d-----w- c:\documents and settings\jiri urvalek\Programdata\skypePM
2010-08-26 14:41 . 2010-04-17 18:43 -------- d-----w- c:\programfiler\SureThing Express Labeler
2010-08-19 18:53 . 2010-06-15 21:10 -------- d-----w- c:\programfiler\YouTube Downloader
2010-08-17 13:17 . 2005-09-05 15:16 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:46 . 2005-09-05 15:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-07 17:38 . 2010-07-07 17:38 501936 ----a-w- c:\documents and settings\All Users\Programdata\Google\Google Toolbar\Update\gtb15.tmp.exe
2010-06-30 12:33 . 2005-09-05 15:16 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2005-09-05 15:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:03 . 2005-09-05 15:16 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2005-09-05 15:16 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2003-01-13 09:20 . 2005-09-06 09:57 278528 ----a-w- c:\programfiler\internet explorer\plugins\PanoViewer.dll
1999-04-30 14:00 . 2005-09-06 09:57 98304 ----a-w- c:\programfiler\internet explorer\plugins\UPjpeg.dll
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]
"SpybotSD TeaTimer"="c:\programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2005-01-17 84480]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]
"CARPService"="carpserv.exe" [2003-03-18 4608]
"CHotkey"="mHotkey.exe" [2004-12-08 550912]
"ledpointer"="CNYHKey.exe" [2004-03-02 5576704]
"PCMService"="c:\programfiler\CyberLink\PowerCinema\PCMService.exe" [2005-07-08 127118]
"SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Norman ZANDA"="c:\programfiler\Norman\Npm\Bin\ZLH.EXE" [2010-01-29 189824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Share-to-Web Namespace Daemon"="c:\programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SearchSettings"="c:\programfiler\YouTube Downloader Toolbar\SearchSettings.exe" [2010-02-19 974848]
"avast5"="c:\programfiler\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\jiri urvalek\Start-meny\Programmer\Oppstart\
OpenOffice.org 3.2.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
Picture Motion Browser Media Check Tool.lnk - c:\programfiler\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-4-28 385024]
c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
Adobe Gamma Loader.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-8 113664]
McAfee Security Scan Plus.lnk - c:\programfiler\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programfiler\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Programfiler\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Programfiler\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Programfiler\\Spotify\\spotify.exe"=
"c:\\Programfiler\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programfiler\\AVS4YOU\\Registration.exe"=
"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.09.2010 23:51 165584]
R1 NGS;Norman General Security Driver;c:\programfiler\Norman\Ngs\Bin\ngs.sys [01.06.2010 22:28 26744]
R1 NPROSEC;Norman Security driver;c:\programfiler\Norman\Ngs\Bin\nprosec.sys [01.06.2010 22:28 72392]
R1 tdi_nf;Norman Network Filter TDIL driver;c:\windows\system32\drivers\tdi_nf.sys [01.06.2010 22:28 376136]
R2 Application Updater;Application Updater;c:\programfiler\Application Updater\ApplicationUpdater.exe [19.02.2010 19:43 380928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.09.2010 23:51 17744]
R2 MamutSyncService;Mamut Synchronization Service;c:\programfiler\Mamut\Synchronization\Mamut.SynchronizationService.SynchronizationWindowsService.exe [22.01.2010 08:26 16384]
R2 MSSQL$MAMUT;SQL Server (MAMUT);c:\programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10.02.2007 05:29 29178224]
R2 Ndiskio;Ndiskio;c:\programfiler\Norman\Nse\Bin\Ndiskio.sys [05.04.2010 21:56 22880]
R2 NNFSVC;Norman Network Filtering service;c:\programfiler\Norman\Ngs\Bin\nnf.exe [01.06.2010 22:28 219904]
R2 NPFSvc32;Norman Personal Firewall Service;c:\programfiler\Norman\Npf\Bin\npfsvc32.exe [16.09.2010 05:39 288936]
R2 NPROSECSVC;Norman Security service;c:\programfiler\Norman\Ngs\Bin\nprosec.exe [01.06.2010 22:28 103016]
R2 nregsec;Norman Registry Security driver;c:\programfiler\Norman\Ngs\Bin\nregsec.sys [01.06.2010 22:28 40384]
R2 NVOY;Norman Resource Provider;c:\programfiler\Norman\Npm\Bin\nvoy.exe [05.04.2010 21:57 98776]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [06.09.2005 10:51 799744]
R3 IMT0521;Inmax USB IMT-0521 Smartcard Reader;c:\windows\system32\drivers\IMT0521.sys [06.09.2005 11:06 34825]
R3 nnetsec;Norman Network Security service;c:\windows\system32\drivers\nnetsec.sys [01.06.2010 22:28 48272]
R3 NNetSecC;Norman Network Filter NDIS common driver;c:\programfiler\Norman\Ngs\Bin\nnetsecc.sys [01.06.2010 22:28 29968]
R3 nsesvc;Norman Scanner Engine Service;c:\programfiler\Norman\Nse\Bin\Nsesvc.exe [17.06.2010 20:59 282624]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [05.04.2010 21:56 21832]
R3 nvcoas;Norman Virus Control on-access component;c:\programfiler\Norman\nvc\bin\Nvcoas.exe [17.08.2010 00:10 210248]
R3 Scheduler;Norman Scheduler Service;c:\programfiler\Norman\Npm\Bin\scheduler.exe [05.04.2010 21:57 133272]
S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [05.04.2010 20:49 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programfiler\McAfee Security Scan\2.0.181\McCHSvc.exe [15.01.2010 14:49 227232]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [05.09.2005 17:16 14336]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [06.09.2005 11:06 63608]
--- Andre tjenester/drivere lastet i minnet ---
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-04-05 18:49]
2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-04-05 18:49]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.gmx.net/
uInternet Connection Wizard,ShellNext = hxxp://www.targa.co.uk/
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki - c:\programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\programfiler\Norman\ngs\bin\nlf.dll
FF - ProfilePath - c:\documents and settings\jiri urvalek\Programdata\Mozilla\Firefox\Profiles\zfgzra06.default\
FF - prefs.js: browser.startup.homepage - hxxp://gmx.de
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\jiri urvalek\Programdata\Mozilla\Firefox\Profiles\zfgzra06.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\programfiler\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programfiler\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - TOMME PEKERE FJERNET - - - -
HKCU-Run-Uniblue RegistryBooster 2009 - c:\programfiler\Uniblue\RegistryBooster\RegistryBooster.exe
HKLM-Run-OEM-Reset - (no file)
HKLM-Run-nwiz - nwiz.exe
AddRemove-NVIDIA Display Control Panel - c:\programfiler\NVIDIA Corporation\Uninstall\nvuninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-19 15:39
Windows 5.1.2600 Service Pack 3 NTFS
skanner skjulte prosesser ...
skanner skjulte autostart-oppføringer ...
skanner skjulte filer ...
skanning vellykket
skjulte filer: 0
**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Tidspunkt ferdig: 2010-09-19 15:41:25
ComboFix-quarantined-files.txt 2010-09-19 13:41
Pre-Run: 160 341 987 328 byte ledig
Post-Run: 160 565 776 384 byte ledig
- - End Of File - - 01C0F13EF4B9FA00B259139ECF0B89E2
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontr. logu, celkove pomaly PC, problem IE,Fire
Otevřte poznámkový blok a zkopírujte do něj:
Dále doporučuji udělat pořádek v antivirech. Vídím tam Avast, McAfee a Normana. Ponechte si pouze jeden, ostatní odinstalujte. Mohlo by docházet k sw. kolizím.
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Folder::
c:\programfiler\YouTube Downloader Toolbar
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
Driver::
mchInjDrv
Dále doporučuji udělat pořádek v antivirech. Vídím tam Avast, McAfee a Normana. Ponechte si pouze jeden, ostatní odinstalujte. Mohlo by docházet k sw. kolizím.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontr. logu, celkove pomaly PC, problem IE,Fire
Diky za rychlou odpoved.
Jen s timto:
"Uložte na plochu jako CFScript.txt."
si nejsem zcela jisty jak by text mel vypadat, jak ho upravit
Jen s timto:
"Uložte na plochu jako CFScript.txt."
si nejsem zcela jisty jak by text mel vypadat, jak ho upravit
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontr. logu, celkove pomaly PC, problem IE,Fire
Přesně takto:
měl by, i když jsem dosud nikdy v norských Win nepracoval, ale neměl by být rozdíl. CF smaže toolbar + 1 fake driver. Pak dejte nový log, aby bylo jité, že mazání proběhlo.Folder::
c:\programfiler\YouTube Downloader Toolbar
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
Driver::
mchInjDrv
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontr. logu, celkove pomaly PC, problem IE,Fire
Takze novy log po doporucenych operacich vypada takto:
ComboFix 10-09-17.04 - jiri urvalek 19.09.2010 18:16:30.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.3071.2227 [GMT 2:00]
Kjører fra: c:\documents and settings\jiri urvalek\Skrivebord\ComboFix.exe
AV: Norman Security Suite *On-access scanning enabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
FW: Norman Security Suite *enabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}
ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2010-08-19 til 2010-09-19 )))))))))))))))))))))))))))))))))
.
2010-09-19 06:14 . 2010-09-19 06:14 -------- d-----w- C:\rsit
2010-09-18 19:27 . 2010-09-18 19:27 -------- d-----w- c:\programfiler\Trend Micro
2010-09-16 05:00 . 2010-09-01 13:52 35136 ----a-w- c:\documents and settings\jiri urvalek\Programdata\Mozilla\Firefox\Profiles\zfgzra06.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-09-16 05:00 . 2010-09-01 13:52 32032 ----a-w- c:\documents and settings\jiri urvalek\Programdata\Mozilla\Firefox\Profiles\zfgzra06.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-09-16 04:40 . 2010-09-16 04:40 0 ----a-w- c:\windows\nsreg.dat
2010-09-16 04:40 . 2010-09-16 04:40 -------- d-----w- c:\documents and settings\jiri urvalek\Lokale innstillinger\Programdata\Mozilla
2010-09-16 03:39 . 2010-08-19 07:12 68176 ----a-w- c:\windows\system32\drivers\ale_nf64.sys
2010-09-16 03:39 . 2010-08-19 07:12 61472 ----a-w- c:\windows\system32\drivers\ale_nf.sys
2010-09-14 05:16 . 2010-09-19 15:32 -------- d--h--r- c:\documents and settings\jiri urvalek\Siste
2010-09-14 03:25 . 2010-09-14 03:25 -------- d-----w- c:\programfiler\CCleaner
2010-09-13 21:50 . 2010-09-13 21:50 -------- d-----w- c:\programfiler\Alwil Software
2010-09-13 21:50 . 2010-09-13 21:50 -------- d-----w- c:\documents and settings\All Users\Programdata\Alwil Software
2010-08-25 17:06 . 2010-08-25 17:06 -------- d-----w- c:\documents and settings\Administrator\Programdata\Share-to-Web-opplastingsmappe
2010-08-24 19:00 . 2010-08-24 19:04 -------- d-----w- c:\programfiler\Spybot - Search & Destroy
2010-08-24 18:57 . 2010-08-24 18:57 -------- d-----w- c:\documents and settings\jiri urvalek\Programdata\Uniblue
2010-08-24 18:56 . 2009-05-18 14:53 2567558 -c----w- c:\documents and settings\All Users\Programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster.exe
2010-08-24 18:56 . 2009-03-06 10:14 2019624 -c----w- c:\documents and settings\All Users\Programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\EA491AD6\D628A3BB\RegistryBooster.exe
2010-08-24 18:56 . 2010-08-25 05:40 -------- dc-h--w- c:\documents and settings\All Users\Programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 12:27 . 2005-09-05 15:16 97180 ----a-w- c:\windows\system32\perfc014.dat
2010-09-18 12:27 . 2005-09-05 15:16 491052 ----a-w- c:\windows\system32\perfh014.dat
2010-09-16 05:05 . 2008-09-27 07:56 -------- d-----w- c:\documents and settings\All Users\Programdata\NOS
2010-09-14 05:32 . 2009-12-27 18:42 -------- d-----w- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy
2010-09-13 18:09 . 2010-05-25 21:43 1 ----a-w- c:\documents and settings\jiri urvalek\Programdata\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-08 20:34 . 2010-04-24 19:31 -------- d-----w- c:\documents and settings\jiri urvalek\Programdata\Skype
2010-09-08 17:47 . 2010-04-24 19:39 -------- d-----w- c:\documents and settings\jiri urvalek\Programdata\skypePM
2010-08-26 14:41 . 2010-04-17 18:43 -------- d-----w- c:\programfiler\SureThing Express Labeler
2010-08-19 18:53 . 2010-06-15 21:10 -------- d-----w- c:\programfiler\YouTube Downloader
2010-08-17 13:17 . 2005-09-05 15:16 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:46 . 2005-09-05 15:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-07 17:38 . 2010-07-07 17:38 501936 ----a-w- c:\documents and settings\All Users\Programdata\Google\Google Toolbar\Update\gtb15.tmp.exe
2010-06-30 12:33 . 2005-09-05 15:16 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2005-09-05 15:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:03 . 2005-09-05 15:16 1851904 ----a-w- c:\windows\system32\win32k.sys
2003-01-13 09:20 . 2005-09-06 09:57 278528 ----a-w- c:\programfiler\internet explorer\plugins\PanoViewer.dll
1999-04-30 14:00 . 2005-09-06 09:57 98304 ----a-w- c:\programfiler\internet explorer\plugins\UPjpeg.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-09-19_13.39.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-19 15:49 . 2010-09-19 15:49 16384 c:\windows\Temp\Perflib_Perfdata_888.dat
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]
"SpybotSD TeaTimer"="c:\programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2005-01-17 84480]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]
"CARPService"="carpserv.exe" [2003-03-18 4608]
"CHotkey"="mHotkey.exe" [2004-12-08 550912]
"ledpointer"="CNYHKey.exe" [2004-03-02 5576704]
"PCMService"="c:\programfiler\CyberLink\PowerCinema\PCMService.exe" [2005-07-08 127118]
"SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Norman ZANDA"="c:\programfiler\Norman\Npm\Bin\ZLH.EXE" [2010-01-29 189824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Share-to-Web Namespace Daemon"="c:\programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\jiri urvalek\Start-meny\Programmer\Oppstart\
OpenOffice.org 3.2.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
Picture Motion Browser Media Check Tool.lnk - c:\programfiler\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-4-28 385024]
c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
Adobe Gamma Loader.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-8 113664]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programfiler\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Programfiler\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Programfiler\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Programfiler\\Spotify\\spotify.exe"=
"c:\\Programfiler\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programfiler\\AVS4YOU\\Registration.exe"=
"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 NGS;Norman General Security Driver;c:\programfiler\Norman\Ngs\Bin\ngs.sys [01.06.2010 22:28 26744]
R1 NPROSEC;Norman Security driver;c:\programfiler\Norman\Ngs\Bin\nprosec.sys [01.06.2010 22:28 72392]
R1 tdi_nf;Norman Network Filter TDIL driver;c:\windows\system32\drivers\tdi_nf.sys [01.06.2010 22:28 376136]
R2 Application Updater;Application Updater;c:\programfiler\Application Updater\ApplicationUpdater.exe [19.02.2010 19:43 380928]
R2 MamutSyncService;Mamut Synchronization Service;c:\programfiler\Mamut\Synchronization\Mamut.SynchronizationService.SynchronizationWindowsService.exe [22.01.2010 08:26 16384]
R2 MSSQL$MAMUT;SQL Server (MAMUT);c:\programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10.02.2007 05:29 29178224]
R2 Ndiskio;Ndiskio;c:\programfiler\Norman\Nse\Bin\Ndiskio.sys [05.04.2010 21:56 22880]
R2 NNFSVC;Norman Network Filtering service;c:\programfiler\Norman\Ngs\Bin\nnf.exe [01.06.2010 22:28 219904]
R2 NPFSvc32;Norman Personal Firewall Service;c:\programfiler\Norman\Npf\Bin\npfsvc32.exe [16.09.2010 05:39 288936]
R2 NPROSECSVC;Norman Security service;c:\programfiler\Norman\Ngs\Bin\nprosec.exe [01.06.2010 22:28 103016]
R2 nregsec;Norman Registry Security driver;c:\programfiler\Norman\Ngs\Bin\nregsec.sys [01.06.2010 22:28 40384]
R2 NVOY;Norman Resource Provider;c:\programfiler\Norman\Npm\Bin\nvoy.exe [05.04.2010 21:57 98776]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [06.09.2005 10:51 799744]
R3 IMT0521;Inmax USB IMT-0521 Smartcard Reader;c:\windows\system32\drivers\IMT0521.sys [06.09.2005 11:06 34825]
R3 nnetsec;Norman Network Security service;c:\windows\system32\drivers\nnetsec.sys [01.06.2010 22:28 48272]
R3 NNetSecC;Norman Network Filter NDIS common driver;c:\programfiler\Norman\Ngs\Bin\nnetsecc.sys [01.06.2010 22:28 29968]
R3 nsesvc;Norman Scanner Engine Service;c:\programfiler\Norman\Nse\Bin\Nsesvc.exe [17.06.2010 20:59 282624]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [05.04.2010 21:56 21832]
R3 nvcoas;Norman Virus Control on-access component;c:\programfiler\Norman\nvc\bin\Nvcoas.exe [17.08.2010 00:10 210248]
R3 Scheduler;Norman Scheduler Service;c:\programfiler\Norman\Npm\Bin\scheduler.exe [05.04.2010 21:57 133272]
S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [05.04.2010 20:49 135664]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [05.09.2005 17:16 14336]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [06.09.2005 11:06 63608]
--- Andre tjenester/drivere lastet i minnet ---
*NewlyCreated* - MCHINJDRV
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-04-05 18:49]
2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-04-05 18:49]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.gmx.net/
uInternet Connection Wizard,ShellNext = hxxp://www.targa.co.uk/
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki - c:\programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\programfiler\Norman\ngs\bin\nlf.dll
FF - ProfilePath - c:\documents and settings\jiri urvalek\Programdata\Mozilla\Firefox\Profiles\zfgzra06.default\
FF - prefs.js: browser.startup.homepage - hxxp://gmx.de
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\jiri urvalek\Programdata\Mozilla\Firefox\Profiles\zfgzra06.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\programfiler\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programfiler\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-19 18:19
Windows 5.1.2600 Service Pack 3 NTFS
skanner skjulte prosesser ...
skanner skjulte autostart-oppføringer ...
skanner skjulte filer ...
skanning vellykket
skjulte filer: 0
**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------
- - - - - - - > 'explorer.exe'(2528)
c:\programfiler\Norman\nvc\bin\Niphk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tidspunkt ferdig: 2010-09-19 18:21:36
ComboFix-quarantined-files.txt 2010-09-19 16:21
ComboFix2.txt 2010-09-19 15:56
ComboFix3.txt 2010-09-19 13:41
Pre-Run: 160 550 842 368 byte ledig
Post-Run: 160 533 909 504 byte ledig
- - End Of File - - ECC1DC7C44D378A1F26A0ECF0FFB542E
ComboFix 10-09-17.04 - jiri urvalek 19.09.2010 18:16:30.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.3071.2227 [GMT 2:00]
Kjører fra: c:\documents and settings\jiri urvalek\Skrivebord\ComboFix.exe
AV: Norman Security Suite *On-access scanning enabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
FW: Norman Security Suite *enabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}
ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2010-08-19 til 2010-09-19 )))))))))))))))))))))))))))))))))
.
2010-09-19 06:14 . 2010-09-19 06:14 -------- d-----w- C:\rsit
2010-09-18 19:27 . 2010-09-18 19:27 -------- d-----w- c:\programfiler\Trend Micro
2010-09-16 05:00 . 2010-09-01 13:52 35136 ----a-w- c:\documents and settings\jiri urvalek\Programdata\Mozilla\Firefox\Profiles\zfgzra06.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-09-16 05:00 . 2010-09-01 13:52 32032 ----a-w- c:\documents and settings\jiri urvalek\Programdata\Mozilla\Firefox\Profiles\zfgzra06.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-09-16 04:40 . 2010-09-16 04:40 0 ----a-w- c:\windows\nsreg.dat
2010-09-16 04:40 . 2010-09-16 04:40 -------- d-----w- c:\documents and settings\jiri urvalek\Lokale innstillinger\Programdata\Mozilla
2010-09-16 03:39 . 2010-08-19 07:12 68176 ----a-w- c:\windows\system32\drivers\ale_nf64.sys
2010-09-16 03:39 . 2010-08-19 07:12 61472 ----a-w- c:\windows\system32\drivers\ale_nf.sys
2010-09-14 05:16 . 2010-09-19 15:32 -------- d--h--r- c:\documents and settings\jiri urvalek\Siste
2010-09-14 03:25 . 2010-09-14 03:25 -------- d-----w- c:\programfiler\CCleaner
2010-09-13 21:50 . 2010-09-13 21:50 -------- d-----w- c:\programfiler\Alwil Software
2010-09-13 21:50 . 2010-09-13 21:50 -------- d-----w- c:\documents and settings\All Users\Programdata\Alwil Software
2010-08-25 17:06 . 2010-08-25 17:06 -------- d-----w- c:\documents and settings\Administrator\Programdata\Share-to-Web-opplastingsmappe
2010-08-24 19:00 . 2010-08-24 19:04 -------- d-----w- c:\programfiler\Spybot - Search & Destroy
2010-08-24 18:57 . 2010-08-24 18:57 -------- d-----w- c:\documents and settings\jiri urvalek\Programdata\Uniblue
2010-08-24 18:56 . 2009-05-18 14:53 2567558 -c----w- c:\documents and settings\All Users\Programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster.exe
2010-08-24 18:56 . 2009-03-06 10:14 2019624 -c----w- c:\documents and settings\All Users\Programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\EA491AD6\D628A3BB\RegistryBooster.exe
2010-08-24 18:56 . 2010-08-25 05:40 -------- dc-h--w- c:\documents and settings\All Users\Programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 12:27 . 2005-09-05 15:16 97180 ----a-w- c:\windows\system32\perfc014.dat
2010-09-18 12:27 . 2005-09-05 15:16 491052 ----a-w- c:\windows\system32\perfh014.dat
2010-09-16 05:05 . 2008-09-27 07:56 -------- d-----w- c:\documents and settings\All Users\Programdata\NOS
2010-09-14 05:32 . 2009-12-27 18:42 -------- d-----w- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy
2010-09-13 18:09 . 2010-05-25 21:43 1 ----a-w- c:\documents and settings\jiri urvalek\Programdata\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-08 20:34 . 2010-04-24 19:31 -------- d-----w- c:\documents and settings\jiri urvalek\Programdata\Skype
2010-09-08 17:47 . 2010-04-24 19:39 -------- d-----w- c:\documents and settings\jiri urvalek\Programdata\skypePM
2010-08-26 14:41 . 2010-04-17 18:43 -------- d-----w- c:\programfiler\SureThing Express Labeler
2010-08-19 18:53 . 2010-06-15 21:10 -------- d-----w- c:\programfiler\YouTube Downloader
2010-08-17 13:17 . 2005-09-05 15:16 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:46 . 2005-09-05 15:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-07 17:38 . 2010-07-07 17:38 501936 ----a-w- c:\documents and settings\All Users\Programdata\Google\Google Toolbar\Update\gtb15.tmp.exe
2010-06-30 12:33 . 2005-09-05 15:16 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2005-09-05 15:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:03 . 2005-09-05 15:16 1851904 ----a-w- c:\windows\system32\win32k.sys
2003-01-13 09:20 . 2005-09-06 09:57 278528 ----a-w- c:\programfiler\internet explorer\plugins\PanoViewer.dll
1999-04-30 14:00 . 2005-09-06 09:57 98304 ----a-w- c:\programfiler\internet explorer\plugins\UPjpeg.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-09-19_13.39.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-19 15:49 . 2010-09-19 15:49 16384 c:\windows\Temp\Perflib_Perfdata_888.dat
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]
"SpybotSD TeaTimer"="c:\programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2005-01-17 84480]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]
"CARPService"="carpserv.exe" [2003-03-18 4608]
"CHotkey"="mHotkey.exe" [2004-12-08 550912]
"ledpointer"="CNYHKey.exe" [2004-03-02 5576704]
"PCMService"="c:\programfiler\CyberLink\PowerCinema\PCMService.exe" [2005-07-08 127118]
"SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Norman ZANDA"="c:\programfiler\Norman\Npm\Bin\ZLH.EXE" [2010-01-29 189824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Share-to-Web Namespace Daemon"="c:\programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\jiri urvalek\Start-meny\Programmer\Oppstart\
OpenOffice.org 3.2.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
Picture Motion Browser Media Check Tool.lnk - c:\programfiler\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-4-28 385024]
c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
Adobe Gamma Loader.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-8 113664]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programfiler\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Programfiler\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Programfiler\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Programfiler\\Spotify\\spotify.exe"=
"c:\\Programfiler\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programfiler\\AVS4YOU\\Registration.exe"=
"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 NGS;Norman General Security Driver;c:\programfiler\Norman\Ngs\Bin\ngs.sys [01.06.2010 22:28 26744]
R1 NPROSEC;Norman Security driver;c:\programfiler\Norman\Ngs\Bin\nprosec.sys [01.06.2010 22:28 72392]
R1 tdi_nf;Norman Network Filter TDIL driver;c:\windows\system32\drivers\tdi_nf.sys [01.06.2010 22:28 376136]
R2 Application Updater;Application Updater;c:\programfiler\Application Updater\ApplicationUpdater.exe [19.02.2010 19:43 380928]
R2 MamutSyncService;Mamut Synchronization Service;c:\programfiler\Mamut\Synchronization\Mamut.SynchronizationService.SynchronizationWindowsService.exe [22.01.2010 08:26 16384]
R2 MSSQL$MAMUT;SQL Server (MAMUT);c:\programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10.02.2007 05:29 29178224]
R2 Ndiskio;Ndiskio;c:\programfiler\Norman\Nse\Bin\Ndiskio.sys [05.04.2010 21:56 22880]
R2 NNFSVC;Norman Network Filtering service;c:\programfiler\Norman\Ngs\Bin\nnf.exe [01.06.2010 22:28 219904]
R2 NPFSvc32;Norman Personal Firewall Service;c:\programfiler\Norman\Npf\Bin\npfsvc32.exe [16.09.2010 05:39 288936]
R2 NPROSECSVC;Norman Security service;c:\programfiler\Norman\Ngs\Bin\nprosec.exe [01.06.2010 22:28 103016]
R2 nregsec;Norman Registry Security driver;c:\programfiler\Norman\Ngs\Bin\nregsec.sys [01.06.2010 22:28 40384]
R2 NVOY;Norman Resource Provider;c:\programfiler\Norman\Npm\Bin\nvoy.exe [05.04.2010 21:57 98776]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [06.09.2005 10:51 799744]
R3 IMT0521;Inmax USB IMT-0521 Smartcard Reader;c:\windows\system32\drivers\IMT0521.sys [06.09.2005 11:06 34825]
R3 nnetsec;Norman Network Security service;c:\windows\system32\drivers\nnetsec.sys [01.06.2010 22:28 48272]
R3 NNetSecC;Norman Network Filter NDIS common driver;c:\programfiler\Norman\Ngs\Bin\nnetsecc.sys [01.06.2010 22:28 29968]
R3 nsesvc;Norman Scanner Engine Service;c:\programfiler\Norman\Nse\Bin\Nsesvc.exe [17.06.2010 20:59 282624]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [05.04.2010 21:56 21832]
R3 nvcoas;Norman Virus Control on-access component;c:\programfiler\Norman\nvc\bin\Nvcoas.exe [17.08.2010 00:10 210248]
R3 Scheduler;Norman Scheduler Service;c:\programfiler\Norman\Npm\Bin\scheduler.exe [05.04.2010 21:57 133272]
S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [05.04.2010 20:49 135664]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [05.09.2005 17:16 14336]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [06.09.2005 11:06 63608]
--- Andre tjenester/drivere lastet i minnet ---
*NewlyCreated* - MCHINJDRV
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-04-05 18:49]
2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-04-05 18:49]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.gmx.net/
uInternet Connection Wizard,ShellNext = hxxp://www.targa.co.uk/
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki - c:\programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\programfiler\Norman\ngs\bin\nlf.dll
FF - ProfilePath - c:\documents and settings\jiri urvalek\Programdata\Mozilla\Firefox\Profiles\zfgzra06.default\
FF - prefs.js: browser.startup.homepage - hxxp://gmx.de
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\jiri urvalek\Programdata\Mozilla\Firefox\Profiles\zfgzra06.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\programfiler\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programfiler\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-19 18:19
Windows 5.1.2600 Service Pack 3 NTFS
skanner skjulte prosesser ...
skanner skjulte autostart-oppføringer ...
skanner skjulte filer ...
skanning vellykket
skjulte filer: 0
**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------
- - - - - - - > 'explorer.exe'(2528)
c:\programfiler\Norman\nvc\bin\Niphk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tidspunkt ferdig: 2010-09-19 18:21:36
ComboFix-quarantined-files.txt 2010-09-19 16:21
ComboFix2.txt 2010-09-19 15:56
ComboFix3.txt 2010-09-19 13:41
Pre-Run: 160 550 842 368 byte ledig
Post-Run: 160 533 909 504 byte ledig
- - End Of File - - ECC1DC7C44D378A1F26A0ECF0FFB542E
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontr. logu, celkove pomaly PC, problem IE,Fire
CF nebyl spuštěn pomocí skriptu, tudíž nic nebylo smazáno. Skript uloženyý na ploše muisíte myší přetáhnout nad ikonu ComboFix a pustit. CF se automaticky spustí a vykoná jen to, co je ve skriptu. V hlavičcce logu pak nedte řádek:
Použité ovládací přepínače (samozřejmě Norsky) :: c:\documents and settings\jiri urvalek\Skrivebord\CFScript.txt
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontr. logu, celkove pomaly PC, problem IE,Fire
No prisahal bych, ze jsem ten soubor opravdu pretahl a pustil na ComboFix. Asi neco selhalo.
Provedl jsem vse znovu, po scanningu se PC sam vypnul a znova nastartoval a dostal jsem novy log:
Jinak behem startu scanningu hlasi ComboFix chybu - viz preklad jednoho radku, co zacina ADVARSEL.
ComboFix 10-09-17.04 - jiri urvalek 19.09.2010 20:21:19.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.3071.2180 [GMT 2:00]
Kjører fra: c:\documents and settings\jiri urvalek\Skrivebord\ComboFix.exe
Command switches brukt :: c:\documents and settings\jiri urvalek\Skrivebord\CFScript.txt
AV: Norman Security Suite *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
FW: Norman Security Suite *enabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}
ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!
(VAROVANI-TENTO PC NEMA INSTALOVANOU WINDOWS RECOVERY CONSOLE /preklad horniho radku Jiri Urvalek/)
.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MCHINJDRV
((((((((((((((((((((((((((( Filer Opprettet Fra 2010-08-19 til 2010-09-19 )))))))))))))))))))))))))))))))))
.
2010-09-19 06:14 . 2010-09-19 06:14 -------- d-----w- C:\rsit
2010-09-18 19:27 . 2010-09-18 19:27 -------- d-----w- c:\programfiler\Trend Micro
2010-09-16 04:40 . 2010-09-16 04:40 0 ----a-w- c:\windows\nsreg.dat
2010-09-16 04:40 . 2010-09-16 04:40 -------- d-----w- c:\documents and settings\jiri urvalek\Lokale innstillinger\Programdata\Mozilla
2010-09-16 03:39 . 2010-08-19 07:12 68176 ----a-w- c:\windows\system32\drivers\ale_nf64.sys
2010-09-16 03:39 . 2010-08-19 07:12 61472 ----a-w- c:\windows\system32\drivers\ale_nf.sys
2010-09-14 05:16 . 2010-09-19 18:15 -------- d--h--r- c:\documents and settings\jiri urvalek\Siste
2010-09-14 03:25 . 2010-09-14 03:25 -------- d-----w- c:\programfiler\CCleaner
2010-09-13 21:50 . 2010-09-13 21:50 -------- d-----w- c:\programfiler\Alwil Software
2010-09-13 21:50 . 2010-09-13 21:50 -------- d-----w- c:\documents and settings\All Users\Programdata\Alwil Software
2010-08-25 17:06 . 2010-08-25 17:06 -------- d-----w- c:\documents and settings\Administrator\Programdata\Share-to-Web-opplastingsmappe
2010-08-24 19:00 . 2010-08-24 19:04 -------- d-----w- c:\programfiler\Spybot - Search & Destroy
2010-08-24 18:57 . 2010-08-24 18:57 -------- d-----w- c:\documents and settings\jiri urvalek\Programdata\Uniblue
2010-08-24 18:56 . 2010-08-25 05:40 -------- dc-h--w- c:\documents and settings\All Users\Programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 12:27 . 2005-09-05 15:16 97180 ----a-w- c:\windows\system32\perfc014.dat
2010-09-18 12:27 . 2005-09-05 15:16 491052 ----a-w- c:\windows\system32\perfh014.dat
2010-09-16 05:05 . 2008-09-27 07:56 -------- d-----w- c:\documents and settings\All Users\Programdata\NOS
2010-09-14 05:32 . 2009-12-27 18:42 -------- d-----w- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy
2010-09-13 18:09 . 2010-05-25 21:43 1 ----a-w- c:\documents and settings\jiri urvalek\Programdata\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-08 20:34 . 2010-04-24 19:31 -------- d-----w- c:\documents and settings\jiri urvalek\Programdata\Skype
2010-09-08 17:47 . 2010-04-24 19:39 -------- d-----w- c:\documents and settings\jiri urvalek\Programdata\skypePM
2010-09-01 13:52 . 2010-09-16 05:00 35136 ----a-w- c:\documents and settings\jiri urvalek\Programdata\Mozilla\Firefox\Profiles\zfgzra06.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-09-01 13:52 . 2010-09-16 05:00 32032 ----a-w- c:\documents and settings\jiri urvalek\Programdata\Mozilla\Firefox\Profiles\zfgzra06.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-08-26 14:41 . 2010-04-17 18:43 -------- d-----w- c:\programfiler\SureThing Express Labeler
2010-08-19 18:53 . 2010-06-15 21:10 -------- d-----w- c:\programfiler\YouTube Downloader
2010-08-17 13:17 . 2005-09-05 15:16 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:46 . 2005-09-05 15:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-07 17:38 . 2010-07-07 17:38 501936 ----a-w- c:\documents and settings\All Users\Programdata\Google\Google Toolbar\Update\gtb15.tmp.exe
2010-06-30 12:33 . 2005-09-05 15:16 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2005-09-05 15:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:03 . 2005-09-05 15:16 1851904 ----a-w- c:\windows\system32\win32k.sys
2003-01-13 09:20 . 2005-09-06 09:57 278528 ----a-w- c:\programfiler\internet explorer\plugins\PanoViewer.dll
1999-04-30 14:00 . 2005-09-06 09:57 98304 ----a-w- c:\programfiler\internet explorer\plugins\UPjpeg.dll
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]
"SpybotSD TeaTimer"="c:\programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2005-01-17 84480]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]
"CARPService"="carpserv.exe" [2003-03-18 4608]
"CHotkey"="mHotkey.exe" [2004-12-08 550912]
"ledpointer"="CNYHKey.exe" [2004-03-02 5576704]
"PCMService"="c:\programfiler\CyberLink\PowerCinema\PCMService.exe" [2005-07-08 127118]
"SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Norman ZANDA"="c:\programfiler\Norman\Npm\Bin\ZLH.EXE" [2010-01-29 189824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Share-to-Web Namespace Daemon"="c:\programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\jiri urvalek\Start-meny\Programmer\Oppstart\
OpenOffice.org 3.2.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
Picture Motion Browser Media Check Tool.lnk - c:\programfiler\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-4-28 385024]
c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
Adobe Gamma Loader.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-8 113664]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programfiler\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Programfiler\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Programfiler\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Programfiler\\Spotify\\spotify.exe"=
"c:\\Programfiler\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programfiler\\AVS4YOU\\Registration.exe"=
"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 NGS;Norman General Security Driver;c:\programfiler\Norman\Ngs\Bin\ngs.sys [01.06.2010 22:28 26744]
R1 NPROSEC;Norman Security driver;c:\programfiler\Norman\Ngs\Bin\nprosec.sys [01.06.2010 22:28 72392]
R1 tdi_nf;Norman Network Filter TDIL driver;c:\windows\system32\drivers\tdi_nf.sys [01.06.2010 22:28 376136]
R2 Application Updater;Application Updater;c:\programfiler\Application Updater\ApplicationUpdater.exe [19.02.2010 19:43 380928]
R2 MamutSyncService;Mamut Synchronization Service;c:\programfiler\Mamut\Synchronization\Mamut.SynchronizationService.SynchronizationWindowsService.exe [22.01.2010 08:26 16384]
R2 MSSQL$MAMUT;SQL Server (MAMUT);c:\programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10.02.2007 05:29 29178224]
R2 Ndiskio;Ndiskio;c:\programfiler\Norman\Nse\Bin\Ndiskio.sys [05.04.2010 21:56 22880]
R2 NNFSVC;Norman Network Filtering service;c:\programfiler\Norman\Ngs\Bin\nnf.exe [01.06.2010 22:28 219904]
R2 NPFSvc32;Norman Personal Firewall Service;c:\programfiler\Norman\Npf\Bin\npfsvc32.exe [16.09.2010 05:39 288936]
R2 NPROSECSVC;Norman Security service;c:\programfiler\Norman\Ngs\Bin\nprosec.exe [01.06.2010 22:28 103016]
R2 nregsec;Norman Registry Security driver;c:\programfiler\Norman\Ngs\Bin\nregsec.sys [01.06.2010 22:28 40384]
R2 NVOY;Norman Resource Provider;c:\programfiler\Norman\Npm\Bin\nvoy.exe [05.04.2010 21:57 98776]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [06.09.2005 10:51 799744]
R3 IMT0521;Inmax USB IMT-0521 Smartcard Reader;c:\windows\system32\drivers\IMT0521.sys [06.09.2005 11:06 34825]
R3 nnetsec;Norman Network Security service;c:\windows\system32\drivers\nnetsec.sys [01.06.2010 22:28 48272]
R3 NNetSecC;Norman Network Filter NDIS common driver;c:\programfiler\Norman\Ngs\Bin\nnetsecc.sys [01.06.2010 22:28 29968]
R3 nsesvc;Norman Scanner Engine Service;c:\programfiler\Norman\Nse\Bin\Nsesvc.exe [17.06.2010 20:59 282624]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [05.04.2010 21:56 21832]
R3 nvcoas;Norman Virus Control on-access component;c:\programfiler\Norman\nvc\bin\Nvcoas.exe [17.08.2010 00:10 210248]
R3 Scheduler;Norman Scheduler Service;c:\programfiler\Norman\Npm\Bin\scheduler.exe [05.04.2010 21:57 133272]
S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [05.04.2010 20:49 135664]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [05.09.2005 17:16 14336]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [06.09.2005 11:06 63608]
--- Andre tjenester/drivere lastet i minnet ---
*NewlyCreated* - MCHINJDRV
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-04-05 18:49]
2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-04-05 18:49]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.gmx.net/
uInternet Connection Wizard,ShellNext = hxxp://www.targa.co.uk/
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki - c:\programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\programfiler\Norman\ngs\bin\nlf.dll
FF - ProfilePath - c:\documents and settings\jiri urvalek\Programdata\Mozilla\Firefox\Profiles\zfgzra06.default\
FF - prefs.js: browser.startup.homepage - hxxp://gmx.de
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\jiri urvalek\Programdata\Mozilla\Firefox\Profiles\zfgzra06.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\programfiler\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programfiler\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-19 20:30
Windows 5.1.2600 Service Pack 3 NTFS
skanner skjulte prosesser ...
skanner skjulte autostart-oppføringer ...
skanner skjulte filer ...
skanning vellykket
skjulte filer: 0
**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------
- - - - - - - > 'explorer.exe'(232)
c:\programfiler\Norman\nvc\bin\Niphk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre Kjørende Prosesser ------------------------
.
c:\programfiler\Norman\Npm\Bin\elogsvc.exe
c:\windows\system32\nvsvc32.exe
c:\programfiler\Norman\Npm\Bin\Zanda.exe
c:\windows\System32\SCardSvr.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\carpserv.exe
c:\windows\mHotkey.exe
c:\windows\CNYHKey.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\progra~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
c:\programfiler\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\programfiler\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\programfiler\Java\jre6\bin\jqs.exe
c:\programfiler\OpenOffice.org 3\program\soffice.exe
c:\programfiler\OpenOffice.org 3\program\soffice.bin
c:\programfiler\CyberLink\Shared Files\RichVideo.exe
c:\programfiler\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\programfiler\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\programfiler\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programfiler\Norman\Npm\Bin\Njeeves.exe
c:\programfiler\Norman\Nvc\Bin\Nip.exe
c:\programfiler\Norman\Nvc\Bin\cclaw.exe
c:\windows\system32\wscntfy.exe
c:\programfiler\Norman\npf\bin\npfuser.exe
.
**************************************************************************
.
Tidspunkt ferdig: 2010-09-19 20:36:52 - maskinen ble startet på nytt
ComboFix-quarantined-files.txt 2010-09-19 18:36
ComboFix2.txt 2010-09-19 16:21
ComboFix3.txt 2010-09-19 15:56
ComboFix4.txt 2010-09-19 13:41
Pre-Run: 160 528 846 848 byte ledig
Post-Run: 160 522 731 520 byte ledig
- - End Of File - - 1B3E64F94CFB004BF93D66A6685598FC
Provedl jsem vse znovu, po scanningu se PC sam vypnul a znova nastartoval a dostal jsem novy log:
Jinak behem startu scanningu hlasi ComboFix chybu - viz preklad jednoho radku, co zacina ADVARSEL.
ComboFix 10-09-17.04 - jiri urvalek 19.09.2010 20:21:19.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.3071.2180 [GMT 2:00]
Kjører fra: c:\documents and settings\jiri urvalek\Skrivebord\ComboFix.exe
Command switches brukt :: c:\documents and settings\jiri urvalek\Skrivebord\CFScript.txt
AV: Norman Security Suite *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
FW: Norman Security Suite *enabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}
ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!
(VAROVANI-TENTO PC NEMA INSTALOVANOU WINDOWS RECOVERY CONSOLE /preklad horniho radku Jiri Urvalek/)
.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MCHINJDRV
((((((((((((((((((((((((((( Filer Opprettet Fra 2010-08-19 til 2010-09-19 )))))))))))))))))))))))))))))))))
.
2010-09-19 06:14 . 2010-09-19 06:14 -------- d-----w- C:\rsit
2010-09-18 19:27 . 2010-09-18 19:27 -------- d-----w- c:\programfiler\Trend Micro
2010-09-16 04:40 . 2010-09-16 04:40 0 ----a-w- c:\windows\nsreg.dat
2010-09-16 04:40 . 2010-09-16 04:40 -------- d-----w- c:\documents and settings\jiri urvalek\Lokale innstillinger\Programdata\Mozilla
2010-09-16 03:39 . 2010-08-19 07:12 68176 ----a-w- c:\windows\system32\drivers\ale_nf64.sys
2010-09-16 03:39 . 2010-08-19 07:12 61472 ----a-w- c:\windows\system32\drivers\ale_nf.sys
2010-09-14 05:16 . 2010-09-19 18:15 -------- d--h--r- c:\documents and settings\jiri urvalek\Siste
2010-09-14 03:25 . 2010-09-14 03:25 -------- d-----w- c:\programfiler\CCleaner
2010-09-13 21:50 . 2010-09-13 21:50 -------- d-----w- c:\programfiler\Alwil Software
2010-09-13 21:50 . 2010-09-13 21:50 -------- d-----w- c:\documents and settings\All Users\Programdata\Alwil Software
2010-08-25 17:06 . 2010-08-25 17:06 -------- d-----w- c:\documents and settings\Administrator\Programdata\Share-to-Web-opplastingsmappe
2010-08-24 19:00 . 2010-08-24 19:04 -------- d-----w- c:\programfiler\Spybot - Search & Destroy
2010-08-24 18:57 . 2010-08-24 18:57 -------- d-----w- c:\documents and settings\jiri urvalek\Programdata\Uniblue
2010-08-24 18:56 . 2010-08-25 05:40 -------- dc-h--w- c:\documents and settings\All Users\Programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 12:27 . 2005-09-05 15:16 97180 ----a-w- c:\windows\system32\perfc014.dat
2010-09-18 12:27 . 2005-09-05 15:16 491052 ----a-w- c:\windows\system32\perfh014.dat
2010-09-16 05:05 . 2008-09-27 07:56 -------- d-----w- c:\documents and settings\All Users\Programdata\NOS
2010-09-14 05:32 . 2009-12-27 18:42 -------- d-----w- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy
2010-09-13 18:09 . 2010-05-25 21:43 1 ----a-w- c:\documents and settings\jiri urvalek\Programdata\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-08 20:34 . 2010-04-24 19:31 -------- d-----w- c:\documents and settings\jiri urvalek\Programdata\Skype
2010-09-08 17:47 . 2010-04-24 19:39 -------- d-----w- c:\documents and settings\jiri urvalek\Programdata\skypePM
2010-09-01 13:52 . 2010-09-16 05:00 35136 ----a-w- c:\documents and settings\jiri urvalek\Programdata\Mozilla\Firefox\Profiles\zfgzra06.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-09-01 13:52 . 2010-09-16 05:00 32032 ----a-w- c:\documents and settings\jiri urvalek\Programdata\Mozilla\Firefox\Profiles\zfgzra06.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-08-26 14:41 . 2010-04-17 18:43 -------- d-----w- c:\programfiler\SureThing Express Labeler
2010-08-19 18:53 . 2010-06-15 21:10 -------- d-----w- c:\programfiler\YouTube Downloader
2010-08-17 13:17 . 2005-09-05 15:16 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:46 . 2005-09-05 15:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-07 17:38 . 2010-07-07 17:38 501936 ----a-w- c:\documents and settings\All Users\Programdata\Google\Google Toolbar\Update\gtb15.tmp.exe
2010-06-30 12:33 . 2005-09-05 15:16 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:27 . 2005-09-05 15:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:03 . 2005-09-05 15:16 1851904 ----a-w- c:\windows\system32\win32k.sys
2003-01-13 09:20 . 2005-09-06 09:57 278528 ----a-w- c:\programfiler\internet explorer\plugins\PanoViewer.dll
1999-04-30 14:00 . 2005-09-06 09:57 98304 ----a-w- c:\programfiler\internet explorer\plugins\UPjpeg.dll
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]
"SpybotSD TeaTimer"="c:\programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2005-01-17 84480]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]
"CARPService"="carpserv.exe" [2003-03-18 4608]
"CHotkey"="mHotkey.exe" [2004-12-08 550912]
"ledpointer"="CNYHKey.exe" [2004-03-02 5576704]
"PCMService"="c:\programfiler\CyberLink\PowerCinema\PCMService.exe" [2005-07-08 127118]
"SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Norman ZANDA"="c:\programfiler\Norman\Npm\Bin\ZLH.EXE" [2010-01-29 189824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Share-to-Web Namespace Daemon"="c:\programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\jiri urvalek\Start-meny\Programmer\Oppstart\
OpenOffice.org 3.2.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
Picture Motion Browser Media Check Tool.lnk - c:\programfiler\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-4-28 385024]
c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
Adobe Gamma Loader.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-8 113664]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programfiler\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Programfiler\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Programfiler\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Programfiler\\Spotify\\spotify.exe"=
"c:\\Programfiler\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programfiler\\AVS4YOU\\Registration.exe"=
"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 NGS;Norman General Security Driver;c:\programfiler\Norman\Ngs\Bin\ngs.sys [01.06.2010 22:28 26744]
R1 NPROSEC;Norman Security driver;c:\programfiler\Norman\Ngs\Bin\nprosec.sys [01.06.2010 22:28 72392]
R1 tdi_nf;Norman Network Filter TDIL driver;c:\windows\system32\drivers\tdi_nf.sys [01.06.2010 22:28 376136]
R2 Application Updater;Application Updater;c:\programfiler\Application Updater\ApplicationUpdater.exe [19.02.2010 19:43 380928]
R2 MamutSyncService;Mamut Synchronization Service;c:\programfiler\Mamut\Synchronization\Mamut.SynchronizationService.SynchronizationWindowsService.exe [22.01.2010 08:26 16384]
R2 MSSQL$MAMUT;SQL Server (MAMUT);c:\programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10.02.2007 05:29 29178224]
R2 Ndiskio;Ndiskio;c:\programfiler\Norman\Nse\Bin\Ndiskio.sys [05.04.2010 21:56 22880]
R2 NNFSVC;Norman Network Filtering service;c:\programfiler\Norman\Ngs\Bin\nnf.exe [01.06.2010 22:28 219904]
R2 NPFSvc32;Norman Personal Firewall Service;c:\programfiler\Norman\Npf\Bin\npfsvc32.exe [16.09.2010 05:39 288936]
R2 NPROSECSVC;Norman Security service;c:\programfiler\Norman\Ngs\Bin\nprosec.exe [01.06.2010 22:28 103016]
R2 nregsec;Norman Registry Security driver;c:\programfiler\Norman\Ngs\Bin\nregsec.sys [01.06.2010 22:28 40384]
R2 NVOY;Norman Resource Provider;c:\programfiler\Norman\Npm\Bin\nvoy.exe [05.04.2010 21:57 98776]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [06.09.2005 10:51 799744]
R3 IMT0521;Inmax USB IMT-0521 Smartcard Reader;c:\windows\system32\drivers\IMT0521.sys [06.09.2005 11:06 34825]
R3 nnetsec;Norman Network Security service;c:\windows\system32\drivers\nnetsec.sys [01.06.2010 22:28 48272]
R3 NNetSecC;Norman Network Filter NDIS common driver;c:\programfiler\Norman\Ngs\Bin\nnetsecc.sys [01.06.2010 22:28 29968]
R3 nsesvc;Norman Scanner Engine Service;c:\programfiler\Norman\Nse\Bin\Nsesvc.exe [17.06.2010 20:59 282624]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [05.04.2010 21:56 21832]
R3 nvcoas;Norman Virus Control on-access component;c:\programfiler\Norman\nvc\bin\Nvcoas.exe [17.08.2010 00:10 210248]
R3 Scheduler;Norman Scheduler Service;c:\programfiler\Norman\Npm\Bin\scheduler.exe [05.04.2010 21:57 133272]
S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [05.04.2010 20:49 135664]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [05.09.2005 17:16 14336]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [06.09.2005 11:06 63608]
--- Andre tjenester/drivere lastet i minnet ---
*NewlyCreated* - MCHINJDRV
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-04-05 18:49]
2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-04-05 18:49]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://www.gmx.net/
uInternet Connection Wizard,ShellNext = hxxp://www.targa.co.uk/
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki - c:\programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\programfiler\Norman\ngs\bin\nlf.dll
FF - ProfilePath - c:\documents and settings\jiri urvalek\Programdata\Mozilla\Firefox\Profiles\zfgzra06.default\
FF - prefs.js: browser.startup.homepage - hxxp://gmx.de
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\jiri urvalek\Programdata\Mozilla\Firefox\Profiles\zfgzra06.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\programfiler\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programfiler\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");
c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-19 20:30
Windows 5.1.2600 Service Pack 3 NTFS
skanner skjulte prosesser ...
skanner skjulte autostart-oppføringer ...
skanner skjulte filer ...
skanning vellykket
skjulte filer: 0
**************************************************************************
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------
- - - - - - - > 'explorer.exe'(232)
c:\programfiler\Norman\nvc\bin\Niphk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre Kjørende Prosesser ------------------------
.
c:\programfiler\Norman\Npm\Bin\elogsvc.exe
c:\windows\system32\nvsvc32.exe
c:\programfiler\Norman\Npm\Bin\Zanda.exe
c:\windows\System32\SCardSvr.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\carpserv.exe
c:\windows\mHotkey.exe
c:\windows\CNYHKey.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\progra~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
c:\programfiler\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\programfiler\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\programfiler\Java\jre6\bin\jqs.exe
c:\programfiler\OpenOffice.org 3\program\soffice.exe
c:\programfiler\OpenOffice.org 3\program\soffice.bin
c:\programfiler\CyberLink\Shared Files\RichVideo.exe
c:\programfiler\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\programfiler\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\programfiler\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programfiler\Norman\Npm\Bin\Njeeves.exe
c:\programfiler\Norman\Nvc\Bin\Nip.exe
c:\programfiler\Norman\Nvc\Bin\cclaw.exe
c:\windows\system32\wscntfy.exe
c:\programfiler\Norman\npf\bin\npfuser.exe
.
**************************************************************************
.
Tidspunkt ferdig: 2010-09-19 20:36:52 - maskinen ble startet på nytt
ComboFix-quarantined-files.txt 2010-09-19 18:36
ComboFix2.txt 2010-09-19 16:21
ComboFix3.txt 2010-09-19 15:56
ComboFix4.txt 2010-09-19 13:41
Pre-Run: 160 528 846 848 byte ledig
Post-Run: 160 522 731 520 byte ledig
- - End Of File - - 1B3E64F94CFB004BF93D66A6685598FC
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontr. logu, celkove pomaly PC, problem IE,Fire
Ano, ted je to v pořádku. Položky smazány. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontr. logu, celkove pomaly PC, problem IE,Fire
Problem pretrvava i po provedenych upravach.
Spociva v tom, ze IE nenajde zadanou webovou stranku rychle a snadne. Az po 5-6 opakovanem pokusu nekdy okno zadane webove stranky/adresy/ naskoci. Kdyz vsak na takove strance poklepu na odkaz na dalsi stranku, nastane opet to same, IE adresu nenachazi, az opet po nekolika opakovanych pokusech. Obrovska ztrata casu, dost k nastvani. Presel jsem na hledac FireFox a bylo to asi tak hodinu -dve lepsi, nez i na Foxu nastaly zcela identicke problemy.
A bohuzel, jak jsem uvedl nenastala zmena k lepsimu po provedenych upravach.
Spociva v tom, ze IE nenajde zadanou webovou stranku rychle a snadne. Az po 5-6 opakovanem pokusu nekdy okno zadane webove stranky/adresy/ naskoci. Kdyz vsak na takove strance poklepu na odkaz na dalsi stranku, nastane opet to same, IE adresu nenachazi, az opet po nekolika opakovanych pokusech. Obrovska ztrata casu, dost k nastvani. Presel jsem na hledac FireFox a bylo to asi tak hodinu -dve lepsi, nez i na Foxu nastaly zcela identicke problemy.
A bohuzel, jak jsem uvedl nenastala zmena k lepsimu po provedenych upravach.
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontr. logu, celkove pomaly PC, problem IE,Fire
Udělejte sken IceSword: http://www.viry.cz/forum/viewtopic.php?f=29&t=11394 a dejte logy Process a KernelModule.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontr. logu, celkove pomaly PC, problem IE,Fire
TAdy jsou logy:
Process:
System Idle Process
System
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Norman\Npf\Bin\npfsvc32.exe
C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Programfiler\Norman\nvc\bin\Nip.exe
C:\Documents and Settings\jiri urvalek\Mine dokumenter\Nedlastingar\IceSword122en\IceSword122en\IceSword.exe
C:\WINDOWS\system32\smss.exe
C:\Programfiler\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\mHotkey.exe
C:\Programfiler\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Norman\Npm\Bin\elogsvc.exe
C:\Programfiler\Norman\Ngs\Bin\nnf.exe
C:\Programfiler\Norman\Ngs\Bin\nprosec.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\Application Updater\ApplicationUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Mozilla Firefox\plugin-container.exe
C:\Programfiler\Norman\Npm\Bin\nvoy.exe
C:\Programfiler\Mamut\Synchronization\Mamut.SynchronizationService.SynchronizationWindowsService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Programfiler\Norman\nvc\bin\CClaw.exe
C:\Programfiler\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Programfiler\Norman\Npm\Bin\Zlh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\carpserv.exe
C:\Programfiler\Windows Media Player\wmpnetwk.exe
C:\Programfiler\Norman\Nse\Bin\Nsesvc.exe
C:\Programfiler\CyberLink\PowerCinema\PCMService.exe
C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\Windows Media Player\wmpnscfg.exe
C:\Programfiler\Norman\nvc\bin\Nvcoas.exe
C:\Programfiler\OpenOffice.org 3\program\soffice.exe
C:\Programfiler\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\CNYHKey.exe
C:\Programfiler\Norman\Npf\Bin\npfuser.exe
C:\Programfiler\Norman\Npm\Bin\scheduler.exe
C:\Programfiler\Norman\Npm\Bin\Njeeves.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
Kernel Module:
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
nvraid.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
nvatabus.sys
nvata.sys
disk.sys
fltmgr.sys
sr.sys
DRVMCDB.SYS
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\AmdK8.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\ALCXWDM.SYS
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\3xHybrid.sys
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\system32\DRIVERS\HSFHWBS2.sys
\SystemRoot\system32\DRIVERS\HSF_DP.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\nvnetbus.sys
\SystemRoot\system32\DRIVERS\NVNRM.SYS
\SystemRoot\system32\DRIVERS\NVSNPU.SYS
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\nnetsec.sys
\??\C:\Programfiler\Norman\ngs\bin\nnetsecc.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\MarvinBus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\system32\DRIVERS\NVENETFD.sys
\??\C:\Programfiler\Norman\Ngs\Bin\nprosec.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_N.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\??\C:\WINDOWS\system32\drivers\tdi_nf.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\c:\programfiler\norman\ngs\bin\ngs.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\Drivers\IMT0521.sys
\SystemRoot\System32\Drivers\SMCLIB.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\Udfs.SYS
\SystemRoot\System32\Drivers\dump_nvatabus.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\DLA\DLADResN.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\??\C:\Programfiler\Norman\Nse\Bin\NDISKIO.SYS
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\??\C:\Programfiler\Norman\Ngs\Bin\nregsec.sys
\SystemRoot\system32\DRIVERS\strmdisp.sys
\SystemRoot\system32\DRIVERS\nvcw32mf.sys
\??\C:\Programfiler\Norman\Npm\Bin\NmchInjDrv.sys
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\system32\ntdll.dll
Process:
System Idle Process
System
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Norman\Npf\Bin\npfsvc32.exe
C:\Programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Programfiler\Norman\nvc\bin\Nip.exe
C:\Documents and Settings\jiri urvalek\Mine dokumenter\Nedlastingar\IceSword122en\IceSword122en\IceSword.exe
C:\WINDOWS\system32\smss.exe
C:\Programfiler\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\mHotkey.exe
C:\Programfiler\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Norman\Npm\Bin\elogsvc.exe
C:\Programfiler\Norman\Ngs\Bin\nnf.exe
C:\Programfiler\Norman\Ngs\Bin\nprosec.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\Application Updater\ApplicationUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Programfiler\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Mozilla Firefox\plugin-container.exe
C:\Programfiler\Norman\Npm\Bin\nvoy.exe
C:\Programfiler\Mamut\Synchronization\Mamut.SynchronizationService.SynchronizationWindowsService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Programfiler\Norman\nvc\bin\CClaw.exe
C:\Programfiler\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Programfiler\Norman\Npm\Bin\Zlh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\carpserv.exe
C:\Programfiler\Windows Media Player\wmpnetwk.exe
C:\Programfiler\Norman\Nse\Bin\Nsesvc.exe
C:\Programfiler\CyberLink\PowerCinema\PCMService.exe
C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\Windows Media Player\wmpnscfg.exe
C:\Programfiler\Norman\nvc\bin\Nvcoas.exe
C:\Programfiler\OpenOffice.org 3\program\soffice.exe
C:\Programfiler\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\CNYHKey.exe
C:\Programfiler\Norman\Npf\Bin\npfuser.exe
C:\Programfiler\Norman\Npm\Bin\scheduler.exe
C:\Programfiler\Norman\Npm\Bin\Njeeves.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
Kernel Module:
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
nvraid.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
nvatabus.sys
nvata.sys
disk.sys
fltmgr.sys
sr.sys
DRVMCDB.SYS
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\AmdK8.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\ALCXWDM.SYS
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\3xHybrid.sys
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\system32\DRIVERS\HSFHWBS2.sys
\SystemRoot\system32\DRIVERS\HSF_DP.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\nvnetbus.sys
\SystemRoot\system32\DRIVERS\NVNRM.SYS
\SystemRoot\system32\DRIVERS\NVSNPU.SYS
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\nnetsec.sys
\??\C:\Programfiler\Norman\ngs\bin\nnetsecc.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\MarvinBus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\system32\DRIVERS\NVENETFD.sys
\??\C:\Programfiler\Norman\Ngs\Bin\nprosec.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_N.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\??\C:\WINDOWS\system32\drivers\tdi_nf.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\c:\programfiler\norman\ngs\bin\ngs.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\Drivers\IMT0521.sys
\SystemRoot\System32\Drivers\SMCLIB.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\Udfs.SYS
\SystemRoot\System32\Drivers\dump_nvatabus.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\DLA\DLADResN.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\??\C:\Programfiler\Norman\Nse\Bin\NDISKIO.SYS
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\??\C:\Programfiler\Norman\Ngs\Bin\nregsec.sys
\SystemRoot\system32\DRIVERS\strmdisp.sys
\SystemRoot\system32\DRIVERS\nvcw32mf.sys
\??\C:\Programfiler\Norman\Npm\Bin\NmchInjDrv.sys
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\system32\ntdll.dll
Re: Prosim o kontr. logu, celkove pomaly PC, problem IE,Fire
Dobry den,
zatim mockrat diky za pomoc, nebudu ted 4 dny u meho PC, ozvu se znovu.
S pozdravem
Jiri Urvalek
zatim mockrat diky za pomoc, nebudu ted 4 dny u meho PC, ozvu se znovu.
S pozdravem
Jiri Urvalek
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontr. logu, celkove pomaly PC, problem IE,Fire
Vratme se k ComboFix. Otevřte poznámkový blok a zkopírujte do něj:
myslím ale, že po 4 dnech bude třeba stáhnout nový CF, nebot má krátkou expiraci.
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pustte. CF se spustí a vykoná příkazy ze skriptu.Collect::
C:\Programfiler\Norman\Npm\Bin\NmchInjDrv.sys
Driver::
NmchInjDrv
myslím ale, že po 4 dnech bude třeba stáhnout nový CF, nebot má krátkou expiraci.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?