VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Problem s vyrom

https://forum.viry.cz:443/viewtopic.php?t=109680

Stránka 1 z 1

Problem s vyrom

Napsal: 20 úno 2011 22:39
od Eikom
Zdravim. prosim pomomoze mi niekto s vyrusom alebo co to vlastne mam? uz mi s toho hrabe, na nete to stale chodi na megauploadzz a ked pisem ako aj tu tak mi to samo prida tuto adresu :
����� pribalujem log....dakujem


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:15:04, on 2.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21295)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Pc\Application Data\LangSoft\OETRN.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\LGScsiCommandService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Pc\My Documents\Preberanie\RSIT.exe
C:\Program Files\trend micro\Pc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ShowBarObj Class - {2863E737-DD3F-4280-9AF8-E9E79C16F312} - C:\Program Files\Searchster.Net\MinBHO.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WebIE.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
O2 - BHO: CQueryRankBHOImpl - {A003AFC5-9C04-459E-8B03-8A5E72B9F059} - C:\Documents and Settings\Pc\Application Data\file.dll
O2 - BHO: SignatureManagerBHO - {C6CC9344-BC12-4EA7-9E37-46D61866C771} - C:\Program Files\SM\SubsHelperBHO.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Searchster.Net - {F334C7B0-8774-4d5b-BD7A-4F448D03A1AE} - C:\Program Files\Searchster.Net\Searchster.Net.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WebIE.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\Pc\Application Data\LangSoft\OETRN.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportova do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {755B05A7-0770-4185-B5F6-E75A2CA527E2} - C:\Program Files\SM\SubsHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Signature Manager options - {755B05A7-0770-4185-B5F6-E75A2CA527E2} - C:\Program Files\SM\SubsHelper.dll (file missing)
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavi prekladaè - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: Preloži &oznaèený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: Preloži &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: LG SCSI command service (LGScsiCommandService) - Mobile Leader Co.,Ltd. - C:\WINDOWS\system32\LGScsiCommandService.exe

--
End of file - 7972 bytes























�����

Re: Problem s vyrom

Napsal: 20 úno 2011 22:55
od Rudy
Dejte log z RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 . Je podrobnější, než HijackThis.

Re: Problem s vyrom

Napsal: 20 úno 2011 23:02
od Eikom
tu je:
---------------------------------------------------------

Logfile of random's system information tool 1.08 (written by random/random)
Run by Pc at 2011-02-20 22:59:59
Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (15%) free of 20 GB
Total RAM: 2046 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:00:06, on 20.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21297)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Pc\Application Data\LangSoft\OETRN.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\LGScsiCommandService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Pc\Desktop\RSIT.exe
C:\Program Files\trend micro\Pc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ShowBarObj Class - {2863E737-DD3F-4280-9AF8-E9E79C16F312} - C:\Program Files\Searchster.Net\MinBHO.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WebIE.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
O2 - BHO: SignatureManagerBHO - {C6CC9344-BC12-4EA7-9E37-46D61866C771} - C:\Program Files\SM\SubsHelperBHO.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Searchster.Net - {F334C7B0-8774-4d5b-BD7A-4F448D03A1AE} - C:\Program Files\Searchster.Net\Searchster.Net.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WebIE.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\Pc\Application Data\LangSoft\OETRN.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {755B05A7-0770-4185-B5F6-E75A2CA527E2} - C:\Program Files\SM\SubsHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Signature Manager options - {755B05A7-0770-4185-B5F6-E75A2CA527E2} - C:\Program Files\SM\SubsHelper.dll (file missing)
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit prekladac - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložit &oznacený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: LG SCSI command service (LGScsiCommandService) - Mobile Leader Co.,Ltd. - C:\WINDOWS\system32\LGScsiCommandService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8270 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-22 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
Freecorder Toolbar - C:\Program Files\Freecorder\tbFree.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2863E737-DD3F-4280-9AF8-E9E79C16F312}]
ShowBarObj Class - C:\Program Files\Searchster.Net\MinBHO.dll [2010-12-03 220160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\TRANSLAT\WebIE.dll [2011-01-23 503808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56B38F40-4E70-11d4-A076-0080AD86BA2F}]
WebCGMHlprObj Class - C:\WINDOWS\system32\cgmopenbho.dll [2010-12-03 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6CC9344-BC12-4EA7-9E37-46D61866C771}]
SignatureManagerBHO - C:\Program Files\SM\SubsHelperBHO.dll [2010-12-24 126464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]
{1392b8d2-5c05-419f-a8f6-b9f15a596612} - Freecorder Toolbar - C:\Program Files\Freecorder\tbFree.dll [2010-10-18 3908192]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-10-18 3908192]
{F334C7B0-8774-4d5b-BD7A-4F448D03A1AE} - Searchster.Net - C:\Program Files\Searchster.Net\Searchster.Net.dll [2010-12-02 695296]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\TRANSLAT\WebIE.dll [2011-01-23 503808]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-02-07 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-02-07 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-02-07 118784]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-02-06 2021400]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"Freecorder FLV Service"=C:\Program Files\Freecorder\FLVSrvc.exe [2010-06-26 167936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2001-08-23 15360]
"OEXPRESS"=C:\Documents and Settings\Pc\Application Data\LangSoft\OETRN.EXE [2011-01-23 26624]
"WEBTRAN"= []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-02-07 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2001-08-23 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2011-02-13 23:23:04 ----A---- C:\WINDOWS\Lduvia.exe
2011-02-13 22:45:41 ----A---- C:\WINDOWS\BDTSupport.dll.old
2011-02-13 22:45:41 ----A---- C:\WINDOWS\BDTSupport.dll
2011-02-13 22:45:40 ----A---- C:\WINDOWS\SGDetectionTool.dll
2011-02-13 22:45:40 ----A---- C:\WINDOWS\PCTBDRes.dll
2011-02-13 22:45:40 ----A---- C:\WINDOWS\PCTBDCore.dll.old
2011-02-13 22:45:40 ----A---- C:\WINDOWS\PCTBDCore.dll
2011-02-13 22:41:56 ----A---- C:\WINDOWS\system32\drivers\pctgntdi.sys
2011-02-13 22:41:50 ----A---- C:\WINDOWS\system32\drivers\PCTCore.sys
2011-02-13 22:41:50 ----A---- C:\WINDOWS\system32\drivers\PCTAppEvent.sys
2011-02-13 22:41:42 ----A---- C:\WINDOWS\system32\drivers\pctplsg.sys
2011-02-13 22:41:33 ----D---- C:\Program Files\Spyware Doctor
2011-02-13 22:41:33 ----D---- C:\Program Files\Common Files\PC Tools
2011-02-13 22:41:33 ----D---- C:\Documents and Settings\Pc\Application Data\PC Tools
2011-02-13 22:41:33 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2011-02-11 18:05:02 ----D---- C:\Config.Msi
2011-02-11 17:44:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2011-02-11 17:44:27 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$
2011-02-11 17:43:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-02-10 20:06:21 ----A---- C:\WINDOWS\ModemLog_BCM V.92 56K Modem.txt
2011-02-10 19:38:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2011-02-10 19:38:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2485376$
2011-02-10 19:38:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$
2011-02-10 19:38:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2011-02-10 19:35:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2476687$
2011-02-10 19:28:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2011-02-10 19:25:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2011-02-08 22:24:49 ----D---- C:\Documents and Settings\Pc\Application Data\Apple Computer
2011-02-08 22:10:05 ----D---- C:\Program Files\QuickTime
2011-02-08 22:10:03 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2011-02-08 22:09:33 ----D---- C:\Program Files\Common Files\Apple
2011-02-08 22:09:16 ----D---- C:\Program Files\Apple Software Update
2011-02-08 22:09:16 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2011-02-04 09:36:40 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2011-02-02 10:40:42 ----D---- C:\Documents and Settings\Pc\Application Data\Windows Search
2011-02-02 10:21:24 ----D---- C:\WINDOWS\system32\WindowsPowerShell
2011-02-02 10:21:23 ----D---- C:\WINDOWS\system32\winrm
2011-02-02 10:21:18 ----HDC---- C:\WINDOWS\$968930Uinstall_KB968930$
2011-02-02 10:21:17 ----D---- C:\WINDOWS\$NtUninstallKB968930$
2011-02-02 10:21:08 ----D---- C:\WINDOWS\system32\sk-SK
2011-02-02 10:20:36 ----D---- C:\Documents and Settings\Pc\Application Data\Windows Desktop Search
2011-02-02 10:20:00 ----D---- C:\WINDOWS\system32\GroupPolicy
2011-02-02 10:20:00 ----D---- C:\Program Files\Windows Desktop Search
2011-02-02 10:19:47 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2011-02-01 00:34:02 ----D---- C:\Documents and Settings\Pc\Application Data\Sonarca Sound Recorder XiFi
2011-02-01 00:14:15 ----D---- C:\Documents and Settings\Pc\Application Data\Free WMA MP3 Converter
2011-02-01 00:09:23 ----D---- C:\Program Files\Free WMA MP3 Converter
2011-02-01 00:09:23 ----A---- C:\WINDOWS\system32\msvcr70.dll
2011-02-01 00:03:03 ----D---- C:\WINDOWS\Minidump
2011-01-31 13:08:34 ----D---- C:\Program Files\trend micro
2011-01-31 13:08:33 ----D---- C:\rsit
2011-01-29 19:45:18 ----D---- C:\Program Files\Volvo S40 (1995) Screensaver
2011-01-29 19:37:17 ----D---- C:\Program Files\Volvo S40 (2004) Screensaver
2011-01-29 19:23:19 ----A---- C:\WINDOWS\VOLVOS~1.exe
2011-01-29 15:52:18 ----D---- C:\Program Files\AudioShell
2011-01-24 22:34:05 ----D---- C:\Program Files\Autodesk
2011-01-23 22:48:33 ----A---- C:\WINDOWS\STXKBD32.INI
2011-01-23 22:17:53 ----A---- C:\WINDOWS\system32\BIVBX11.DLL
2011-01-23 22:17:39 ----D---- C:\TEACHER
2011-01-23 21:28:12 ----A---- C:\WINDOWS\TRNCOM.INI
2011-01-23 21:25:15 ----D---- C:\TRANSLAT
2011-01-23 21:24:58 ----D---- C:\Documents and Settings\Pc\Application Data\LangSoft
2011-01-23 21:24:58 ----D---- C:\Documents and Settings\All Users\Application Data\LangSoft
2011-01-23 19:33:52 ----D---- C:\Program Files\Apperson
2011-01-23 18:38:48 ----D---- C:\Program Files\Searchster.Net
2011-01-23 18:38:34 ----D---- C:\Program Files\SM

======List of files/folders modified in the last 1 months======

2011-02-20 23:00:00 ----D---- C:\WINDOWS\Temp
2011-02-20 22:51:57 ----D---- C:\Program Files\Mozilla Firefox
2011-02-20 22:51:08 ----D---- C:\WINDOWS
2011-02-20 22:50:50 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2011-02-20 22:50:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-02-20 22:50:29 ----D---- C:\WINDOWS\system32
2011-02-20 22:50:29 ----D---- C:\Program Files\Microsoft Silverlight
2011-02-20 22:48:45 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-20 22:48:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-02-20 22:46:47 ----HD---- C:\WINDOWS\inf
2011-02-20 22:46:03 ----SHD---- C:\WINDOWS\Installer
2011-02-20 22:38:04 ----A---- C:\WINDOWS\imsins.BAK
2011-02-20 22:37:45 ----D---- C:\WINDOWS\system32\drivers
2011-02-20 22:26:10 ----SD---- C:\Documents and Settings\Pc\Application Data\Microsoft
2011-02-20 21:54:51 ----D---- C:\WINDOWS\Registration
2011-02-20 21:42:27 ----D---- C:\Documents and Settings\Pc\Application Data\PriceGong
2011-02-20 16:05:18 ----A---- C:\WINDOWS\NeroDigital.ini
2011-02-16 22:55:40 ----SD---- C:\WINDOWS\Tasks
2011-02-14 01:25:09 ----D---- C:\Program Files\Internet Explorer
2011-02-14 01:15:53 ----A---- C:\WINDOWS\system32\MRT.exe
2011-02-14 01:15:33 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2011-02-14 01:14:06 ----HD---- C:\WINDOWS\$hf_mig$
2011-02-14 01:13:43 ----D---- C:\WINDOWS\system32\en-US
2011-02-14 01:03:16 ----D---- C:\WINDOWS\WinSxS
2011-02-14 01:00:57 ----D---- C:\WINDOWS\Microsoft.NET
2011-02-14 01:00:55 ----RSD---- C:\WINDOWS\assembly
2011-02-14 00:35:17 ----A---- C:\WINDOWS\DUMP4822.tmp
2011-02-14 00:14:16 ----D---- C:\WINDOWS\system32\CatRoot
2011-02-13 22:41:33 ----RD---- C:\Program Files
2011-02-13 22:41:33 ----D---- C:\Program Files\Common Files
2011-02-11 18:06:36 ----D---- C:\WINDOWS\system32\config
2011-02-11 18:06:15 ----D---- C:\WINDOWS\system32\wbem
2011-02-11 18:04:21 ----D---- C:\WINDOWS\system32\Restore
2011-02-11 17:34:26 ----D---- C:\Program Files\Microsoft SQL Server
2011-02-10 20:18:47 ----D---- C:\WINDOWS\system32\ias
2011-02-10 19:36:13 ----D---- C:\WINDOWS\ie7updates
2011-02-10 16:25:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-02-10 16:24:16 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2011-02-08 23:14:23 ----D---- C:\WINDOWS\Network Diagnostic
2011-02-02 10:24:54 ----D---- C:\WINDOWS\Prefetch
2011-02-02 10:22:24 ----D---- C:\WINDOWS\security
2011-02-02 10:21:29 ----D---- C:\WINDOWS\Help
2011-02-02 09:38:16 ----D---- C:\WINDOWS\SoftwareDistribution
2011-01-29 19:03:31 ----D---- C:\Hornresp
2011-01-25 17:26:50 ----A---- C:\WINDOWS\wtran32.INI
2011-01-21 15:42:25 ----A---- C:\WINDOWS\system32\shimgvw.dll
2011-01-21 15:42:25 ----A---- C:\WINDOWS\system32\shell32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PCTCore;PCTools KDS; C:\WINDOWS\system32\drivers\PCTCore.sys [2009-11-09 207792]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-02-06 56280]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2001-08-23 36352]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-02-06 130952]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2001-08-23 62848]
R3 AR5416;MWN-CB54G Wireless Adapter; C:\WINDOWS\system32\DRIVERS\athw.sys [2007-08-01 1314848]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2007-01-30 45568]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\system32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-02-06 33096]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-02-07 1399615]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-12-22 47360]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2004-11-15 264440]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2001-08-23 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2010-01-21 13056]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-22 32384]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2010-01-21 20864]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2010-01-21 24960]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2007-09-04 163712]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\WudfPf.sys []
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\wudfrd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
R2 LGScsiCommandService;LG SCSI command service; C:\WINDOWS\system32\LGScsiCommandService.exe [2010-04-12 47616]
R2 MSSQL$VIDA;SQL Server (VIDA); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 86880]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-02-06 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-11-06 1141712]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2001-08-23 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2001-08-23 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2001-08-23 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
























�����

Re: Problem s vyrom

Napsal: 20 úno 2011 23:10
od Rudy
Ještě poprosím o log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Re: Problem s vyrom

Napsal: 20 úno 2011 23:41
od Eikom
ComboFix 11-02-20.01 - Pc 20.02.2011 23:24:42.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1284 [GMT 1:00]
Running from: c:\documents and settings\Pc\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Pc\Application Data\inst.exe
c:\documents and settings\Pc\Application Data\PriceGong
c:\documents and settings\Pc\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\z.xml
c:\program files\Searchster.Net\MiNBho.dll
c:\program files\Searchster.Net\SeARchster.net.dll
c:\windows\system\WINSPOOL.DRV

c:\windows\system32\msgsvc.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2011-01-20 to 2011-02-20 )))))))))))))))))))))))))))))))
.

2011-02-20 22:19 . 2011-02-20 22:19 -------- d-----w- c:\documents and settings\Pc\Application Data\AVG
2011-02-20 21:26 . 2011-02-20 21:26 388096 ----a-r- c:\documents and settings\Pc\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-13 23:49 . 2011-02-13 23:49 -------- d-----w- c:\documents and settings\Pc\Local Settings\Application Data\PCHealth
2011-02-13 23:23 . 2011-02-13 23:23 -------- d-----w- c:\documents and settings\Pc\Local Settings\Application Data\Threat Expert
2011-02-13 22:23 . 2011-02-13 22:22 138240 ----a-w- c:\windows\Lduvia.exe
2011-02-13 21:45 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2011-02-13 21:45 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2011-02-13 21:45 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-02-13 21:45 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2011-02-13 21:41 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-02-13 21:41 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-02-13 21:41 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-02-13 21:41 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-02-13 21:41 . 2011-02-20 14:53 -------- d-----w- c:\program files\Spyware Doctor
2011-02-13 21:41 . 2011-02-13 21:46 -------- d-----w- c:\program files\Common Files\PC Tools
2011-02-13 21:41 . 2011-02-13 21:41 -------- d-----w- c:\documents and settings\Pc\Application Data\PC Tools
2011-02-13 21:41 . 2011-02-13 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-02-11 17:09 . 2011-02-11 17:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-02-11 17:06 . 2011-02-11 17:06 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-10 17:58 . 2011-02-10 17:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Freecorder
2011-02-10 17:57 . 2011-02-10 17:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-02-08 21:24 . 2011-02-08 21:24 -------- d-----w- c:\documents and settings\Pc\Application Data\Apple Computer
2011-02-08 21:09 . 2011-02-08 21:09 -------- d-----w- c:\program files\Common Files\Apple
2011-02-08 21:09 . 2011-02-08 21:09 -------- d-----w- c:\documents and settings\Pc\Local Settings\Application Data\Apple
2011-02-08 21:09 . 2011-02-08 21:09 -------- d-----w- c:\program files\Apple Software Update
2011-02-08 21:09 . 2011-02-08 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-02-08 21:09 . 2011-02-08 21:09 -------- d-----w- c:\documents and settings\Pc\Local Settings\Application Data\Apple Computer
2011-02-02 09:40 . 2011-02-02 09:40 -------- d-----w- c:\documents and settings\Pc\Application Data\Windows Search
2011-02-02 09:21 . 2011-02-02 09:21 -------- d-----w- c:\windows\system32\winrm
2011-02-02 09:21 . 2011-02-02 09:21 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-02-02 09:21 . 2011-02-02 09:21 -------- d-----w- c:\windows\system32\sk-SK
2011-02-02 09:20 . 2011-02-02 09:20 -------- d-----w- c:\documents and settings\Pc\Local Settings\Application Data\Identities
2011-02-02 09:20 . 2011-02-02 09:20 -------- d-----w- c:\documents and settings\Pc\Application Data\Windows Desktop Search
2011-02-02 09:20 . 2011-02-04 08:36 -------- d-----w- c:\program files\Windows Desktop Search
2011-02-02 09:20 . 2011-02-02 09:20 -------- d-----w- c:\windows\system32\GroupPolicy
2011-01-31 23:34 . 2011-01-31 23:34 -------- d-----w- c:\documents and settings\Pc\Application Data\Sonarca Sound Recorder XiFi
2011-01-31 23:14 . 2011-01-31 23:14 -------- d-----w- c:\documents and settings\Pc\Application Data\Free WMA MP3 Converter
2011-01-31 23:09 . 2011-01-31 23:09 -------- d-----w- c:\program files\Free WMA MP3 Converter
2011-01-31 23:09 . 2002-01-05 14:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-01-31 12:08 . 2011-02-20 22:00 -------- d-----w- c:\program files\trend micro
2011-01-31 12:08 . 2011-01-31 12:08 -------- d-----w- C:\rsit
2011-01-31 12:00 . 2011-01-31 12:00 -------- d-----w- c:\documents and settings\Pc\Local Settings\Application Data\ESET
2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-01-29 18:45 . 2011-01-29 18:45 2713084 ----a-w- c:\windows\Volvo S40 (1995) Screensaver.scr
2011-01-29 18:45 . 2011-01-29 18:45 -------- d-----w- c:\program files\Volvo S40 (1995) Screensaver
2011-01-29 18:37 . 2011-01-29 18:37 2664476 ----a-w- c:\windows\Volvo S40 (2004) Screensaver.scr
2011-01-29 18:37 . 2011-01-29 18:37 -------- d-----w- c:\program files\Volvo S40 (2004) Screensaver
2011-01-29 18:23 . 2011-01-29 18:26 2983111 ----a-w- c:\windows\VOLVOS~1.exe
2011-01-29 18:23 . 2011-01-29 18:26 210372 ----a-w- c:\windows\VOLVOS~1.scr
2011-01-29 14:52 . 2011-01-29 14:52 -------- d-----w- c:\program files\AudioShell
2011-01-25 18:15 . 2011-01-25 18:15 -------- d-----w- c:\documents and settings\Pc\Local Settings\Application Data\Ahead
2011-01-24 21:34 . 2011-01-24 21:34 -------- d-----w- c:\program files\Autodesk
2011-01-23 21:17 . 2011-01-23 21:17 81920 ----a-w- c:\windows\system32\BIVBX11.DLL
2011-01-23 21:17 . 2011-01-31 23:56 -------- d-----w- C:\TEACHER
2011-01-23 20:25 . 2011-02-13 12:49 -------- d-----w- C:\TRANSLAT
2011-01-23 20:24 . 2011-01-23 21:57 -------- d-----w- c:\documents and settings\Pc\Application Data\LangSoft
2011-01-23 20:24 . 2011-01-23 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\LangSoft
2011-01-23 18:33 . 2011-01-23 18:33 -------- d-----w- c:\program files\Apperson
2011-01-23 17:38 . 2011-02-20 22:30 -------- d-----w- c:\program files\Searchster.Net
2011-01-23 17:38 . 2011-02-02 09:42 -------- d-----w- c:\program files\SM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-13 23:35 . 2010-12-19 21:06 90112 ----a-w- c:\windows\DUMP4822.tmp
2011-01-21 14:42 . 2001-08-23 09:00 439808 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2001-08-23 09:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:14 . 2001-08-23 09:00 1864064 ----a-w- c:\windows\system32\win32k.sys
2010-12-23 11:37 . 2010-12-23 11:33 10980832 ----a-w- c:\program files\FLV PlayerATBSetup.exe
2010-12-22 12:32 . 2001-08-23 09:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-22 08:50 . 2010-12-22 08:50 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-12-22 08:50 . 2010-12-22 08:50 47360 ----a-w- c:\documents and settings\Pc\Application Data\pcouffin.sys
2010-12-20 23:20 . 2001-08-23 09:00 841216 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:20 . 2001-08-23 09:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:20 . 2001-08-23 09:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:20 . 2001-08-23 09:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-12-20 17:24 . 2001-08-23 09:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:48 . 2001-08-23 09:00 389120 ----a-w- c:\windows\system32\html.iec
2010-12-10 17:29 . 2010-12-10 17:29 2248032 ----a-w- c:\windows\system32\sqlncli.dll
2010-12-09 17:39 . 2008-04-23 15:44 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:15 . 2001-08-23 09:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2001-08-23 09:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:43 . 2001-08-23 09:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-03 11:02 . 2010-12-03 11:02 86016 ----a-w- c:\windows\system32\cgmopenbho.dll
2010-12-03 10:50 . 2010-12-23 15:06 126976 ----a-w- c:\windows\system32\CommHandlerJ2534.dll
2010-12-03 10:50 . 2010-12-23 15:06 102400 ----a-w- c:\windows\system32\CommHandlerVCT2000.dll
2010-12-03 10:50 . 2010-12-23 15:06 65536 ----a-w- c:\windows\system32\UtilityHandler.dll
2010-12-03 10:50 . 2010-12-23 15:05 45056 ----a-w- c:\windows\system32\VBFConverter.dll
2010-12-03 10:50 . 2010-12-23 15:05 53248 ----a-w- c:\windows\system32\VBFFactory.dll
2010-12-03 10:50 . 2010-12-23 15:05 61529 ----a-w- c:\windows\system32\VehicleCommunicator.dll
2010-12-03 10:50 . 2010-12-23 15:05 61529 ----a-w- c:\windows\system32\ProtocolHandlerD2.dll
2010-12-03 10:50 . 2010-12-23 15:05 77824 ----a-w- c:\windows\system32\ProtocolHandlerSwdlTCM.dll
2010-12-03 10:50 . 2010-12-23 15:05 45056 ----a-w- c:\windows\system32\VBFParser1.dll
2010-12-03 10:50 . 2010-12-23 15:05 106496 ----a-w- c:\windows\system32\CommHandlerJ2534Dec04.dll
2010-12-03 10:50 . 2010-12-23 15:05 49152 ----a-w- c:\windows\system32\VEMSDB.dll
2010-12-03 10:50 . 2010-12-23 15:05 49152 ----a-w- c:\windows\system32\X40ProgHandler.dll
2010-12-03 10:50 . 2010-12-23 15:05 86016 ----a-w- c:\windows\system32\ProtocolHandlerSwdlEMS.dll
2010-12-03 10:50 . 2010-12-23 15:05 430080 ----a-w- c:\windows\system32\libdb32.dll
2010-12-03 10:34 . 2010-12-23 15:05 98304 ----a-w- c:\windows\system32\fdi.DLL
2010-12-03 10:34 . 2010-12-23 15:05 81920 ----a-w- c:\windows\system32\fci.DLL
2010-12-03 10:34 . 2010-12-23 15:05 57344 ----a-w- c:\windows\system32\libdb_java32.dll
2010-12-03 10:34 . 2010-12-23 15:05 2560 ----a-w- c:\windows\system32\Invoke.dll
2010-12-03 10:34 . 2010-12-23 15:05 184320 ----a-w- c:\windows\system32\vctdrive.dll
2010-12-03 10:34 . 2010-12-23 15:05 140288 ----a-w- c:\windows\system32\Comdlg32.ocx
2010-12-03 10:34 . 2010-12-23 15:05 16384 ----a-w- c:\windows\system32\canlib32.dll
2010-12-03 10:33 . 2010-12-23 15:05 40517 ----a-w- c:\windows\system32\jRegistryKey.dll
2010-12-03 10:33 . 2010-12-23 15:05 278596 ----a-w- c:\windows\system32\vctdrive_vida.dll
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\Freecorder\tbFree.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6CC9344-BC12-4EA7-9E37-46D61866C771}]
2010-12-24 17:00 126464 ------w- c:\program files\SM\SubsHelperBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\documents and settings\Pc\Application Data\LangSoft\OETRN.EXE" [2011-01-23 26624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2001-08-23 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [13.2.2011 22:41 207792]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [13.2.2011 22:45 112592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6.2.2009 14:23 727720]
R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [1.1.2011 11:04 47616]
R2 MSSQL$VIDA;SQL Server (VIDA);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10.12.2010 18:29 29262680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [13.2.2011 22:41 359624]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [23.8.2001 10:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2011-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2011-02-20 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xportovat do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{755B05A7-0770-4185-B5F6-E75A2CA527E2} - {755B05A7-0770-4185-B5F6-E75A2CA527E2} - c:\program files\SM\SubsHelper.dll
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WebIE.dll
Trusted Zone: localhost
FF - ProfilePath - c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
FF - Ext: PriceBlink: info@priceblink.com - %profile%\extensions\info@priceblink.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WebTran: {003D3EDC-99B9-4a34-9C20-60CB94F7E829} - %profile%\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
FF - Ext: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Signature Manager: Subscription@helper.com - c:\program files\SM\FF
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-WEBTRAN - (no file)
AddRemove-Language Teacher - c:\docume~1\Pc\LOCALS~1\Temp\UN32.EXE
AddRemove-PC Translator - c:\docume~1\Pc\LOCALS~1\Temp\UN32.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-20 23:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(328)
c:\windows\system32\WININET.dll
c:\documents and settings\Pc\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\documents and settings\Pc\Application Data\LangSoft\TrnOEH.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\igfxsrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\SearchIndexer.exe
.
**************************************************************************
.
Completion time: 2011-02-20 23:38:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-20 22:38

Pre-Run: 4 035 698 688 bytes free
Post-Run: 4 161 691 648 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 82454B7A30926ED070CA76989FBA1187

Re: Problem s vyrom

Napsal: 21 úno 2011 18:00
od Rudy
Ještě dočistíme. Nejprve stáhněte odtud: http://www.dlldump.com/download-dll-fil ... nload.html knihovnu msgsvc.dll a rozbalte ji na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Folder::
c:\program files\Ask.com

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

Firefox::
FF - ProfilePath - c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
FF - Ext: PriceBlink: info@priceblink.com - %profile%\extensions\info@priceblink.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WebTran: {003D3EDC-99B9-4a34-9C20-60CB94F7E829} - %profile%\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
FF - Ext: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Signature Manager: Subscription@helper.com - c:\program files\SM\FF

FCopy::
c:\documents and settings\Pc\Desktop\msgsvc.dll | c:\windows\system32\msgsvc.dll
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: Problem s vyrom

Napsal: 22 úno 2011 15:55
od Eikom
ComboFix 11-02-21.02 - Pc 22.02.2011 15:33:13.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1440 [GMT 1:00]
Running from: c:\documents and settings\Pc\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Pc\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\.autoreg
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsIWebFF.xpt
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF.dll
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF.xpt
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\chrome.manifest
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\chrome\webff.jar
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\install.js
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\install.rdf
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\ConduitAutoCompleteSearch.js
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\ConduitAutoCompleteSearch.xpt
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\ConduitToolbar.idl
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\ConduitToolbar.js
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\ConduitToolbar.xpt
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.xpt
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.xpt
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\defaults\default_radio_skin.xml
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\defaults\fbAlert.js
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\chrome.manifest
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\chrome\freecorder.jar
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\install.rdf
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\lib\xpcom.js
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\META-INF\manifest.mf
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\META-INF\zigbert.rsa
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\META-INF\zigbert.sf
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\searchplugin\conduit.gif
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\searchplugin\conduit.ico
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\searchplugin\conduit.PNG
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\searchplugin\conduit.src
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\searchplugin\conduit.xml
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\version.txt
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences\defaults.js
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome.manifest
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome\chrome_user.jar
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\install.rdf
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\anttoolbar@ant.com
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\anttoolbar@ant.com\defaults\preferences\defaults.js
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\anttoolbar@ant.com\chrome.manifest
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\anttoolbar@ant.com\chrome\antbar.jar
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\anttoolbar@ant.com\install.rdf
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\components\fvd_single_site_detector.js
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\components\fvd_single_site_detector.xpt
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\defaults\preferences\fvd_single_setup.js
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome.manifest
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\content\fvd_download.js
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\content\fvd_download.xul
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\content\fvd_input_window.js
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\content\fvd_input_window.xul
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\content\fvd_license.js
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\content\fvd_license.xul
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\content\fvd_settings.js
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\content\fvd_settings.xul
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\content\fvd_short_urls.js
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\content\fvd_short_urls.xul
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\content\fvd_single.js
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\content\fvd_single.xul
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\locale\en-US\fvd.single.download.dtd
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\locale\en-US\fvd.single.download.properties
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\locale\en-US\fvd.single.dtd
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\locale\en-US\fvd.single.input_window.properties
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\locale\en-US\fvd.single.license.adult.txt
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\locale\en-US\fvd.single.license.dtd
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\locale\en-US\fvd.single.license.properties
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\locale\en-US\fvd.single.license.usage.txt
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\locale\en-US\fvd.single.properties
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\locale\en-US\fvd.single.settings.dtd
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\locale\en-US\fvd.single.settings.properties
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\locale\en-US\fvd.single.short_urls.dtd
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\skin\fvd.single.buttons.small.png
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\skin\fvd.single.css
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\skin\fvd.single.download.css
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\skin\fvd.single.download.png
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\skin\fvd.single.icon.png
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\skin\fvd.single.input_window.css
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\skin\fvd.single.license.css
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\skin\fvd.single.main_button.large.png
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\skin\fvd.single.main_button.small.png
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\skin\fvd.single.notify.unsupported.png
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\skin\fvd.single.settings.css
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\skin\fvd.single.settings.png
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\chrome\skin\fvd.single.short_urls.css
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\artur.dubovoy@gmail.com\install.rdf
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\components\ConduitToolbar.idl
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\components\ConduitToolbar.js
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\components\ConduitToolbar.xpt
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\components\FFExternalAlert.dll
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\components\FFExternalAlert.xpt
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\components\RadioWMPCore.xpt
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\defaults\alertSettingsComponent.xml
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\defaults\appContextMenu.xml
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\defaults\engineContextMenu.xml
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\defaults\engineSettings.json
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\defaults\fbAlert.js
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\defaults\getAppsContextMenu.xml
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\defaults\postAppsContextMenu.xml
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\defaults\toolbarContextMenu.xml
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\defaults\unsharedAppsContextMenu.xml
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\DualPackage\install.rdf
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\chrome.manifest
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\chrome\conduitengine.jar
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\install.rdf
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\lib\xpcom.js
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\META-INF\manifest.mf
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\META-INF\zigbert.rsa
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\META-INF\zigbert.sf
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\searchplugin\conduit.gif
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\searchplugin\conduit.ico
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\searchplugin\conduit.PNG
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\searchplugin\conduit.src
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\searchplugin\conduit.xml
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\engine@conduit.com\version.txt
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\__MACOSX\._chrome.manifest
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\__MACOSX\._install.rdf
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\__MACOSX\chrome\._.DS_Store
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\__MACOSX\chrome\content\._.DS_Store
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\__MACOSX\chrome\content\._disable_coupons.xul
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\__MACOSX\chrome\content\._main.xul
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\__MACOSX\chrome\content\images\._.DS_Store
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\__MACOSX\chrome\content\images\._green.png
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\__MACOSX\chrome\content\images\._info.png
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\__MACOSX\chrome\content\images\._pb_logo.png
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\__MACOSX\chrome\content\images\._pb_logo_grey.png
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\__MACOSX\chrome\content\images\._pb_logo_small.png
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\__MACOSX\chrome\content\images\._spacer.png
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\__MACOSX\chrome\content\images\._status_bar_off.png
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\__MACOSX\chrome\content\images\._status_bar_on.png
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\__MACOSX\chrome\content\images\._yellow.png
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\__MACOSX\chrome\content\js\._disable_coupons.js
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\__MACOSX\chrome\content\js\._jx.js
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\__MACOSX\chrome\content\js\._main.js
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\chrome.manifest
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\chrome\.DS_Store
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\chrome\content\.DS_Store
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\chrome\content\disable_coupons.xul
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\chrome\content\images\.DS_Store
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\chrome\content\images\green.png
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\chrome\content\images\info.png
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\chrome\content\images\pb_icon.png
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\chrome\content\images\pb_logo.png
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\chrome\content\images\pb_logo_grey.png
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\chrome\content\images\pb_logo_small.png
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\chrome\content\images\spacer.png
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\chrome\content\images\status_bar_off.png
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\chrome\content\images\status_bar_on.png
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\chrome\content\images\yellow.png
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\chrome\content\js\disable_coupons.js
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\chrome\content\js\jx.js
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\chrome\content\js\main.js
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\chrome\content\main.xul
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\extensions\info@priceblink.com\install.rdf
c:\documents and settings\Pc\Application Data\PriceGong
c:\documents and settings\Pc\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Pc\Application Data\PriceGong\Data\z.xml
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_25.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf
c:\program files\SM\FF
c:\program files\SM\FF\content\addDialog.xul
c:\program files\SM\FF\content\firefoxOverlay.xul
c:\program files\SM\FF\content\globals.js
c:\program files\SM\FF\content\main.js
c:\program files\SM\FF\content\overlay.js
c:\program files\SM\FF\content\prefs.xul
c:\program files\SM\FF\defaults\preferences\my_addon.js
c:\program files\SM\FF\chrome.manifest
c:\program files\SM\FF\install.rdf
c:\program files\SM\FF\locale\en-US\manyffaddon.dtd
c:\program files\SM\FF\locale\en-US\manyffaddon.properties
c:\program files\SM\FF\locale\en-US\my_addon.dtd
c:\program files\SM\FF\skin\my_addon.css
c:\program files\SM\FF\skin\overlay.css
c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\defaults\preferences\defaults.js
c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome.manifest
c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome\chrome.jar
c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\install.rdf
c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\MicrosoftDotNetFrameworkAssistant.xpi
c:\windows\system\winspool.drv

c:\windows\system32\msgsvc.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2011-01-22 to 2011-02-22 )))))))))))))))))))))))))))))))
.

2011-02-21 15:33 . 2011-02-21 15:33 -------- d-sh--w- c:\documents and settings\Pc\PrivacIE
2011-02-21 15:33 . 2011-02-21 15:33 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-02-21 15:31 . 2011-02-21 15:31 -------- d-sh--w- c:\documents and settings\Pc\IETldCache
2011-02-21 15:23 . 2011-02-21 15:25 -------- dc-h--w- c:\windows\ie8
2011-02-21 15:20 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-02-21 15:20 . 2010-12-20 23:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-21 15:20 . 2010-12-20 23:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-21 15:20 . 2010-12-20 23:59 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-20 23:32 . 2011-02-20 23:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-02-20 22:19 . 2011-02-20 22:19 -------- d-----w- c:\documents and settings\Pc\Application Data\AVG
2011-02-20 21:26 . 2011-02-20 21:26 388096 ----a-r- c:\documents and settings\Pc\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-13 23:49 . 2011-02-13 23:49 -------- d-----w- c:\documents and settings\Pc\Local Settings\Application Data\PCHealth
2011-02-13 23:23 . 2011-02-13 23:23 -------- d-----w- c:\documents and settings\Pc\Local Settings\Application Data\Threat Expert
2011-02-13 22:23 . 2011-02-13 22:22 138240 ----a-w- c:\windows\Lduvia.exe
2011-02-13 21:45 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2011-02-13 21:45 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2011-02-13 21:45 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-02-13 21:45 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2011-02-13 21:41 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-02-13 21:41 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-02-13 21:41 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-02-13 21:41 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-02-13 21:41 . 2011-02-20 14:53 -------- d-----w- c:\program files\Spyware Doctor
2011-02-13 21:41 . 2011-02-13 21:46 -------- d-----w- c:\program files\Common Files\PC Tools
2011-02-13 21:41 . 2011-02-13 21:41 -------- d-----w- c:\documents and settings\Pc\Application Data\PC Tools
2011-02-13 21:41 . 2011-02-13 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-02-11 17:09 . 2011-02-11 17:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-02-11 17:06 . 2011-02-11 17:06 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-10 17:58 . 2011-02-10 17:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Freecorder
2011-02-10 17:57 . 2011-02-10 17:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-02-08 21:24 . 2011-02-08 21:24 -------- d-----w- c:\documents and settings\Pc\Application Data\Apple Computer
2011-02-08 21:09 . 2011-02-08 21:09 -------- d-----w- c:\program files\Common Files\Apple
2011-02-08 21:09 . 2011-02-08 21:09 -------- d-----w- c:\documents and settings\Pc\Local Settings\Application Data\Apple
2011-02-08 21:09 . 2011-02-08 21:09 -------- d-----w- c:\program files\Apple Software Update
2011-02-08 21:09 . 2011-02-08 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-02-08 21:09 . 2011-02-08 21:09 -------- d-----w- c:\documents and settings\Pc\Local Settings\Application Data\Apple Computer
2011-02-02 09:40 . 2011-02-02 09:40 -------- d-----w- c:\documents and settings\Pc\Application Data\Windows Search
2011-02-02 09:21 . 2011-02-02 09:21 -------- d-----w- c:\windows\system32\winrm
2011-02-02 09:21 . 2011-02-02 09:21 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-02-02 09:21 . 2011-02-02 09:21 -------- d-----w- c:\windows\system32\sk-SK
2011-02-02 09:20 . 2011-02-02 09:20 -------- d-----w- c:\documents and settings\Pc\Local Settings\Application Data\Identities
2011-02-02 09:20 . 2011-02-02 09:20 -------- d-----w- c:\documents and settings\Pc\Application Data\Windows Desktop Search
2011-02-02 09:20 . 2011-02-04 08:36 -------- d-----w- c:\program files\Windows Desktop Search
2011-02-02 09:20 . 2011-02-02 09:20 -------- d-----w- c:\windows\system32\GroupPolicy
2011-01-31 23:34 . 2011-01-31 23:34 -------- d-----w- c:\documents and settings\Pc\Application Data\Sonarca Sound Recorder XiFi
2011-01-31 23:14 . 2011-01-31 23:14 -------- d-----w- c:\documents and settings\Pc\Application Data\Free WMA MP3 Converter
2011-01-31 23:09 . 2011-01-31 23:09 -------- d-----w- c:\program files\Free WMA MP3 Converter
2011-01-31 23:09 . 2002-01-05 14:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-01-31 12:08 . 2011-02-20 22:00 -------- d-----w- c:\program files\trend micro
2011-01-31 12:08 . 2011-01-31 12:08 -------- d-----w- C:\rsit
2011-01-31 12:00 . 2011-01-31 12:00 -------- d-----w- c:\documents and settings\Pc\Local Settings\Application Data\ESET
2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-01-29 18:45 . 2011-01-29 18:45 2713084 ----a-w- c:\windows\Volvo S40 (1995) Screensaver.scr
2011-01-29 18:45 . 2011-01-29 18:45 -------- d-----w- c:\program files\Volvo S40 (1995) Screensaver
2011-01-29 18:37 . 2011-01-29 18:37 2664476 ----a-w- c:\windows\Volvo S40 (2004) Screensaver.scr
2011-01-29 18:37 . 2011-01-29 18:37 -------- d-----w- c:\program files\Volvo S40 (2004) Screensaver
2011-01-29 18:23 . 2011-01-29 18:26 2983111 ----a-w- c:\windows\VOLVOS~1.exe
2011-01-29 18:23 . 2011-01-29 18:26 210372 ----a-w- c:\windows\VOLVOS~1.scr
2011-01-29 14:52 . 2011-01-29 14:52 -------- d-----w- c:\program files\AudioShell
2011-01-25 18:15 . 2011-01-25 18:15 -------- d-----w- c:\documents and settings\Pc\Local Settings\Application Data\Ahead
2011-01-24 21:34 . 2011-01-24 21:34 -------- d-----w- c:\program files\Autodesk
2011-01-23 21:17 . 2011-01-23 21:17 81920 ----a-w- c:\windows\system32\BIVBX11.DLL
2011-01-23 21:17 . 2011-01-31 23:56 -------- d-----w- C:\TEACHER
2011-01-23 20:25 . 2011-02-13 12:49 -------- d-----w- C:\TRANSLAT
2011-01-23 20:24 . 2011-01-23 21:57 -------- d-----w- c:\documents and settings\Pc\Application Data\LangSoft
2011-01-23 20:24 . 2011-01-23 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\LangSoft
2011-01-23 18:33 . 2011-01-23 18:33 -------- d-----w- c:\program files\Apperson
2011-01-23 17:38 . 2011-02-20 22:30 -------- d-----w- c:\program files\Searchster.Net
2011-01-23 17:38 . 2011-02-02 09:42 -------- d-----w- c:\program files\SM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-13 23:35 . 2010-12-19 21:06 90112 ----a-w- c:\windows\DUMP4822.tmp
2011-01-21 14:42 . 2001-08-23 09:00 439808 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2001-08-23 09:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:14 . 2001-08-23 09:00 1864064 ----a-w- c:\windows\system32\win32k.sys
2010-12-23 11:37 . 2010-12-23 11:33 10980832 ----a-w- c:\program files\FLV PlayerATBSetup.exe
2010-12-22 12:32 . 2001-08-23 09:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-22 08:50 . 2010-12-22 08:50 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-12-22 08:50 . 2010-12-22 08:50 47360 ----a-w- c:\documents and settings\Pc\Application Data\pcouffin.sys
2010-12-20 23:59 . 2001-08-23 09:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2001-08-23 09:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2001-08-23 09:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:24 . 2001-08-23 09:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2001-08-23 09:00 385024 ------w- c:\windows\system32\html.iec
2010-12-10 17:29 . 2010-12-10 17:29 2248032 ----a-w- c:\windows\system32\sqlncli.dll
2010-12-09 17:39 . 2008-04-23 15:44 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:15 . 2001-08-23 09:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2001-08-23 09:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:43 . 2001-08-23 09:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-03 11:02 . 2010-12-03 11:02 86016 ----a-w- c:\windows\system32\cgmopenbho.dll
2010-12-03 10:50 . 2010-12-23 15:06 126976 ----a-w- c:\windows\system32\CommHandlerJ2534.dll
2010-12-03 10:50 . 2010-12-23 15:06 102400 ----a-w- c:\windows\system32\CommHandlerVCT2000.dll
2010-12-03 10:50 . 2010-12-23 15:06 65536 ----a-w- c:\windows\system32\UtilityHandler.dll
2010-12-03 10:50 . 2010-12-23 15:05 45056 ----a-w- c:\windows\system32\VBFConverter.dll
2010-12-03 10:50 . 2010-12-23 15:05 53248 ----a-w- c:\windows\system32\VBFFactory.dll
2010-12-03 10:50 . 2010-12-23 15:05 61529 ----a-w- c:\windows\system32\VehicleCommunicator.dll
2010-12-03 10:50 . 2010-12-23 15:05 61529 ----a-w- c:\windows\system32\ProtocolHandlerD2.dll
2010-12-03 10:50 . 2010-12-23 15:05 77824 ----a-w- c:\windows\system32\ProtocolHandlerSwdlTCM.dll
2010-12-03 10:50 . 2010-12-23 15:05 45056 ----a-w- c:\windows\system32\VBFParser1.dll
2010-12-03 10:50 . 2010-12-23 15:05 106496 ----a-w- c:\windows\system32\CommHandlerJ2534Dec04.dll
2010-12-03 10:50 . 2010-12-23 15:05 49152 ----a-w- c:\windows\system32\VEMSDB.dll
2010-12-03 10:50 . 2010-12-23 15:05 49152 ----a-w- c:\windows\system32\X40ProgHandler.dll
2010-12-03 10:50 . 2010-12-23 15:05 86016 ----a-w- c:\windows\system32\ProtocolHandlerSwdlEMS.dll
2010-12-03 10:50 . 2010-12-23 15:05 430080 ----a-w- c:\windows\system32\libdb32.dll
2010-12-03 10:34 . 2010-12-23 15:05 98304 ----a-w- c:\windows\system32\fdi.DLL
2010-12-03 10:34 . 2010-12-23 15:05 81920 ----a-w- c:\windows\system32\fci.DLL
2010-12-03 10:34 . 2010-12-23 15:05 57344 ----a-w- c:\windows\system32\libdb_java32.dll
2010-12-03 10:34 . 2010-12-23 15:05 2560 ----a-w- c:\windows\system32\Invoke.dll
2010-12-03 10:34 . 2010-12-23 15:05 184320 ----a-w- c:\windows\system32\vctdrive.dll
2010-12-03 10:34 . 2010-12-23 15:05 140288 ----a-w- c:\windows\system32\Comdlg32.ocx
2010-12-03 10:34 . 2010-12-23 15:05 16384 ----a-w- c:\windows\system32\canlib32.dll
2010-12-03 10:33 . 2010-12-23 15:05 40517 ----a-w- c:\windows\system32\jRegistryKey.dll
2010-12-03 10:33 . 2010-12-23 15:05 278596 ----a-w- c:\windows\system32\vctdrive_vida.dll
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

Re: Problem s vyrom

Napsal: 22 úno 2011 15:56
od Eikom
((((((((((((((((((((((((((((( SnapShot@2011-02-20_22.33.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-22 14:42 . 2011-02-22 14:42 16384 c:\windows\Temp\Perflib_Perfdata_6bc.dat
+ 2001-08-23 09:00 . 2009-01-07 17:21 26144 c:\windows\system32\spupdsvc.exe
- 2001-08-23 09:00 . 2009-05-12 14:12 26144 c:\windows\system32\spupdsvc.exe
+ 2010-12-23 02:00 . 2009-01-07 17:20 16928 c:\windows\system32\spmsg.dll
- 2010-12-23 02:00 . 2009-05-12 14:12 16928 c:\windows\system32\spmsg.dll
+ 2001-08-23 09:00 . 2009-03-08 03:31 46592 c:\windows\system32\pngfilt.dll
- 2001-08-23 09:00 . 2001-08-23 09:00 23552 c:\windows\system32\normaliz.dll
+ 2001-08-23 09:00 . 2009-01-07 17:20 23552 c:\windows\system32\normaliz.dll
- 2001-08-23 09:00 . 2001-08-23 09:00 24576 c:\windows\system32\nlsdl.dll
+ 2001-08-23 09:00 . 2009-01-07 17:20 24576 c:\windows\system32\nlsdl.dll
- 2001-08-23 09:00 . 2001-08-23 09:00 48128 c:\windows\system32\mshtmler.dll
+ 2001-08-23 09:00 . 2009-03-08 03:31 48128 c:\windows\system32\mshtmler.dll
+ 2001-08-23 09:00 . 2010-12-20 23:59 66560 c:\windows\system32\mshtmled.dll
+ 2001-08-23 09:00 . 2009-03-08 03:31 45568 c:\windows\system32\mshta.exe
- 2001-08-23 09:00 . 2001-08-23 09:00 45568 c:\windows\system32\mshta.exe
+ 2001-08-23 09:00 . 2009-03-08 03:31 13312 c:\windows\system32\msfeedssync.exe
+ 2001-08-23 09:00 . 2010-12-20 23:59 55296 c:\windows\system32\msfeedsbs.dll
+ 2001-08-23 09:00 . 2010-12-20 23:59 25600 c:\windows\system32\jsproxy.dll
+ 2001-08-23 09:00 . 2009-03-08 03:32 94720 c:\windows\system32\inseng.dll
+ 2001-08-23 09:00 . 2009-03-08 03:31 34816 c:\windows\system32\imgutil.dll
+ 2001-08-23 09:00 . 2009-03-08 03:32 36864 c:\windows\system32\ieudinit.exe
+ 2001-08-23 09:00 . 2009-03-08 03:32 71680 c:\windows\system32\iesetup.dll
+ 2001-08-23 09:00 . 2009-03-08 03:32 55808 c:\windows\system32\iernonce.dll
+ 2001-08-23 09:00 . 2009-01-07 17:20 26112 c:\windows\system32\idndl.dll
- 2001-08-23 09:00 . 2001-08-23 09:00 26112 c:\windows\system32\idndl.dll
+ 2001-08-23 09:00 . 2009-03-08 03:31 59904 c:\windows\system32\icardie.dll
+ 2001-08-23 09:00 . 2009-03-08 03:31 46592 c:\windows\system32\dllcache\pngfilt.dll
- 2001-08-23 09:00 . 2001-08-23 09:00 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2001-08-23 09:00 . 2009-03-08 03:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2001-08-23 09:00 . 2010-12-20 23:59 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2001-08-23 09:00 . 2001-08-23 09:00 45568 c:\windows\system32\dllcache\mshta.exe
+ 2001-08-23 09:00 . 2009-03-08 03:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2010-12-22 23:31 . 2010-12-20 23:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2001-08-23 09:00 . 2010-12-20 23:59 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2001-08-23 09:00 . 2010-12-20 23:59 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2001-08-23 09:00 . 2009-03-08 03:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2001-08-23 09:00 . 2009-03-08 03:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2001-08-23 09:00 . 2009-03-08 03:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2001-08-23 09:00 . 2009-03-08 03:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2010-12-22 23:31 . 2009-03-08 03:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2010-12-19 20:26 . 2009-03-08 03:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2001-08-23 09:00 . 2009-03-08 03:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2001-08-23 09:00 . 2009-03-08 03:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2001-08-23 09:00 . 2009-03-08 03:33 18944 c:\windows\system32\corpol.dll
+ 2001-08-23 09:00 . 2009-03-08 03:32 72704 c:\windows\system32\admparse.dll
+ 2011-02-21 15:26 . 2009-03-08 03:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2011-02-21 15:26 . 2009-03-08 03:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2011-02-21 15:26 . 2009-03-08 03:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2011-02-21 15:27 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll
+ 2011-02-21 15:27 . 2009-03-08 03:31 66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll
+ 2011-02-21 15:27 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll
+ 2011-02-21 15:27 . 2009-03-08 03:34 43008 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll
+ 2011-02-21 15:27 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll
+ 2011-02-21 15:24 . 2009-03-08 13:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2011-02-21 15:23 . 2010-12-20 23:20 44544 c:\windows\ie8\pngfilt.dll
+ 2011-02-21 15:23 . 2001-08-23 09:00 48128 c:\windows\ie8\mshtmler.dll
+ 2011-02-21 15:23 . 2001-08-23 09:00 45568 c:\windows\ie8\mshta.exe
+ 2011-02-21 15:23 . 2001-08-23 09:00 12288 c:\windows\ie8\msfeedssync.exe
+ 2011-02-21 15:23 . 2010-12-20 23:20 52224 c:\windows\ie8\msfeedsbs.dll
+ 2011-02-21 15:23 . 2001-08-23 09:00 40960 c:\windows\ie8\licmgr10.dll
+ 2011-02-21 15:23 . 2010-12-20 23:20 27648 c:\windows\ie8\jsproxy.dll
+ 2011-02-21 15:23 . 2001-08-23 09:00 92672 c:\windows\ie8\inseng.dll
+ 2011-02-21 15:23 . 2001-08-23 09:00 36352 c:\windows\ie8\imgutil.dll
+ 2011-02-21 15:23 . 2001-08-23 09:00 55296 c:\windows\ie8\iesetup.dll
+ 2011-02-21 15:23 . 2010-12-20 23:20 44544 c:\windows\ie8\iernonce.dll
+ 2011-02-21 15:23 . 2010-12-20 23:20 78336 c:\windows\ie8\ieencode.dll
+ 2011-02-21 15:23 . 2010-12-20 12:47 70656 c:\windows\ie8\ie4uinit.exe
+ 2011-02-21 15:23 . 2010-12-20 23:20 63488 c:\windows\ie8\icardie.dll
+ 2011-02-21 15:23 . 2001-08-23 09:00 60416 c:\windows\ie8\hmmapi.dll
+ 2011-02-21 15:23 . 2010-12-20 23:20 17408 c:\windows\ie8\corpol.dll
+ 2011-02-21 15:23 . 2001-08-23 09:00 71680 c:\windows\ie8\admparse.dll
+ 2011-02-21 15:27 . 2009-03-08 03:35 2048 c:\windows\ie8updates\KB2447568-IE8\iecompat.dll
- 2001-08-23 09:00 . 2001-08-23 09:00 121856 c:\windows\system32\xmllite.dll
+ 2001-08-23 09:00 . 2009-01-07 17:21 121856 c:\windows\system32\xmllite.dll
+ 2001-08-23 09:00 . 2009-03-08 03:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2001-08-23 09:00 . 2009-03-08 03:34 236544 c:\windows\system32\webcheck.dll
+ 2001-08-23 09:00 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll
+ 2001-08-23 09:00 . 2009-03-08 03:34 105984 c:\windows\system32\url.dll
- 2001-08-23 09:00 . 2010-12-20 23:20 105984 c:\windows\system32\url.dll
+ 2001-08-23 09:00 . 2010-12-20 23:59 206848 c:\windows\system32\occache.dll
+ 2001-08-23 09:00 . 2010-12-20 23:59 611840 c:\windows\system32\mstime.dll
+ 2001-08-23 09:00 . 2009-03-08 03:34 193536 c:\windows\system32\msrating.dll
- 2001-08-23 09:00 . 2001-08-23 09:00 156160 c:\windows\system32\msls31.dll
+ 2001-08-23 09:00 . 2009-03-08 03:22 156160 c:\windows\system32\msls31.dll
+ 2001-08-23 09:00 . 2010-12-20 23:59 602112 c:\windows\system32\msfeeds.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 265720 c:\windows\system32\msdbg2.dll
+ 2001-08-23 09:00 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
+ 2001-08-23 09:00 . 2009-03-08 03:22 164352 c:\windows\system32\ieui.dll
+ 2001-08-23 09:00 . 2010-12-20 23:59 184320 c:\windows\system32\iepeers.dll
+ 2001-08-23 09:00 . 2010-12-20 23:59 387584 c:\windows\system32\iedkcs32.dll
+ 2001-08-23 09:00 . 2009-03-08 03:11 445952 c:\windows\system32\ieapfltr.dll
+ 2001-08-23 09:00 . 2009-03-08 03:32 163840 c:\windows\system32\ieakui.dll
+ 2001-08-23 09:00 . 2009-03-08 03:33 229376 c:\windows\system32\ieaksie.dll
+ 2001-08-23 09:00 . 2009-03-08 03:33 125952 c:\windows\system32\ieakeng.dll
+ 2001-08-23 09:00 . 2010-12-20 12:55 173568 c:\windows\system32\ie4uinit.exe
+ 2001-08-23 09:00 . 2009-03-08 03:31 216064 c:\windows\system32\dxtrans.dll
+ 2001-08-23 09:00 . 2009-03-08 03:31 348160 c:\windows\system32\dxtmsft.dll
+ 2001-08-23 09:00 . 2010-12-20 23:59 916480 c:\windows\system32\dllcache\wininet.dll
+ 2001-08-23 09:00 . 2009-03-08 03:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2010-12-19 20:26 . 2009-03-08 03:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2001-08-23 09:00 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2001-08-23 09:00 . 2009-03-08 03:34 105984 c:\windows\system32\dllcache\url.dll
- 2001-08-23 09:00 . 2010-12-20 23:20 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2001-08-23 09:00 . 2010-12-20 23:59 206848 c:\windows\system32\dllcache\occache.dll
+ 2001-08-23 09:00 . 2010-12-20 23:59 611840 c:\windows\system32\dllcache\mstime.dll
+ 2001-08-23 09:00 . 2009-03-08 03:34 193536 c:\windows\system32\dllcache\msrating.dll
- 2001-08-23 09:00 . 2001-08-23 09:00 156160 c:\windows\system32\dllcache\msls31.dll
+ 2001-08-23 09:00 . 2009-03-08 03:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2010-12-22 23:31 . 2010-12-20 23:59 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2001-08-23 09:00 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
+ 2010-12-19 20:26 . 2009-03-08 13:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2001-08-23 09:00 . 2010-12-20 23:59 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2001-08-23 09:00 . 2010-12-20 23:59 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2010-12-22 23:31 . 2009-03-08 03:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2001-08-23 09:00 . 2009-03-08 03:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2001-08-23 09:00 . 2009-03-08 03:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2001-08-23 09:00 . 2009-03-08 03:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2001-08-23 09:00 . 2010-12-20 12:55 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2001-08-23 09:00 . 2009-03-08 03:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2001-08-23 09:00 . 2009-03-08 03:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2001-08-23 09:00 . 2009-03-08 03:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2001-08-23 09:00 . 2009-03-08 03:32 128512 c:\windows\system32\advpack.dll
+ 2011-02-21 15:45 . 2011-02-21 15:45 814080 c:\windows\Installer\9cdbe.msi
+ 2011-02-21 15:26 . 2009-03-08 03:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2011-02-21 15:26 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2011-02-21 15:26 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2011-02-21 15:26 . 2009-03-08 03:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2011-02-21 15:26 . 2009-03-08 03:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2011-02-21 15:26 . 2009-03-08 03:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2011-02-21 15:26 . 2009-03-08 03:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2011-02-21 15:26 . 2009-03-08 03:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2011-02-21 15:26 . 2009-03-08 03:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2011-02-21 15:26 . 2009-03-08 13:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2011-02-21 15:26 . 2009-03-08 03:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2011-02-21 15:40 . 2009-03-08 03:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2011-02-21 15:40 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2011-02-21 15:40 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2011-02-21 15:40 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2011-02-21 15:40 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2011-02-21 15:40 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2011-02-21 15:40 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2011-02-21 15:40 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2011-02-21 15:40 . 2009-03-08 03:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2011-02-21 15:27 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2482017-IE8\wininet.dll
+ 2011-02-21 15:27 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll
+ 2011-02-21 15:27 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe
+ 2011-02-21 15:27 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2482017-IE8\occache.dll
+ 2011-02-21 15:27 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll
+ 2011-02-21 15:27 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll
+ 2011-02-21 15:27 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll
+ 2011-02-21 15:27 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll
+ 2011-02-21 15:27 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll
+ 2011-02-21 15:27 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll
+ 2011-02-21 15:27 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe
+ 2011-02-21 15:27 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2447568-IE8\spuninst\updspapi.dll
+ 2011-02-21 15:27 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2447568-IE8\spuninst\spuninst.exe
+ 2011-02-21 15:23 . 2010-12-20 23:20 841216 c:\windows\ie8\wininet.dll
+ 2011-02-21 15:23 . 2001-08-23 09:00 206336 c:\windows\ie8\winfxdocobj.exe
+ 2011-02-21 15:23 . 2010-12-20 23:20 233472 c:\windows\ie8\webcheck.dll
+ 2011-02-21 15:23 . 2001-08-23 09:00 765952 c:\windows\ie8\vgx.dll
+ 2011-02-21 15:23 . 2010-03-09 11:06 430080 c:\windows\ie8\vbscript.dll
+ 2011-02-21 15:23 . 2010-12-20 23:20 105984 c:\windows\ie8\url.dll
+ 2011-02-21 15:24 . 2009-01-07 17:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2011-02-21 15:24 . 2009-01-07 17:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2011-02-21 15:23 . 2010-12-20 23:20 102912 c:\windows\ie8\occache.dll
+ 2011-02-21 15:23 . 2010-12-20 23:20 671232 c:\windows\ie8\mstime.dll
+ 2011-02-21 15:23 . 2010-12-20 23:20 193024 c:\windows\ie8\msrating.dll
+ 2011-02-21 15:23 . 2001-08-23 09:00 156160 c:\windows\ie8\msls31.dll
+ 2011-02-21 15:23 . 2010-12-20 23:20 478208 c:\windows\ie8\mshtmled.dll
+ 2011-02-21 15:23 . 2010-12-20 23:20 468480 c:\windows\ie8\msfeeds.dll
+ 2011-02-21 15:23 . 2009-08-13 15:02 512000 c:\windows\ie8\jscript.dll
+ 2011-02-21 15:23 . 2010-12-20 10:49 634648 c:\windows\ie8\iexplore.exe
+ 2011-02-21 15:23 . 2001-08-23 09:00 180736 c:\windows\ie8\ieui.dll
+ 2011-02-21 15:23 . 2010-12-20 23:20 268288 c:\windows\ie8\iertutil.dll
+ 2011-02-21 15:23 . 2001-08-23 09:00 287744 c:\windows\ie8\ieproxy.dll
+ 2011-02-21 15:23 . 2010-12-20 23:20 193024 c:\windows\ie8\iepeers.dll
+ 2011-02-21 15:23 . 2010-12-20 23:20 388608 c:\windows\ie8\iedkcs32.dll
+ 2011-02-21 15:23 . 2010-12-20 23:20 380928 c:\windows\ie8\ieapfltr.dll
+ 2011-02-21 15:23 . 2010-12-20 10:48 161792 c:\windows\ie8\ieakui.dll
+ 2011-02-21 15:23 . 2010-12-20 23:20 230400 c:\windows\ie8\ieaksie.dll
+ 2011-02-21 15:23 . 2010-12-20 23:20 153088 c:\windows\ie8\ieakeng.dll
+ 2011-02-21 15:23 . 2010-12-20 23:20 214528 c:\windows\ie8\dxtrans.dll
+ 2011-02-21 15:23 . 2010-12-20 23:20 347136 c:\windows\ie8\dxtmsft.dll
+ 2011-02-21 15:23 . 2010-12-20 23:20 124928 c:\windows\ie8\advpack.dll
+ 2001-08-23 09:00 . 2010-12-20 23:59 1210880 c:\windows\system32\urlmon.dll
+ 2001-08-23 09:00 . 2010-12-20 23:59 5961216 c:\windows\system32\mshtml.dll
+ 2001-08-23 09:00 . 2010-12-20 23:59 1991680 c:\windows\system32\iertutil.dll
+ 2001-08-23 09:00 . 2009-02-06 20:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2001-08-23 09:00 . 2010-12-20 23:59 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2001-08-23 09:00 . 2010-12-20 23:59 5961216 c:\windows\system32\dllcache\mshtml.dll
+ 2010-12-22 23:31 . 2010-12-20 23:59 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2010-12-22 23:31 . 2009-02-06 20:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
+ 2011-02-21 15:26 . 2009-03-08 03:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2011-02-21 15:26 . 2009-03-08 03:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2011-02-21 15:26 . 2009-03-08 03:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2011-02-21 15:27 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2482017-IE8\urlmon.dll
+ 2011-02-21 15:27 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
+ 2011-02-21 15:27 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2482017-IE8\iertutil.dll
+ 2011-02-21 15:23 . 2010-12-20 23:20 1171968 c:\windows\ie8\urlmon.dll
+ 2011-02-21 15:23 . 2010-12-20 23:20 3609088 c:\windows\ie8\mshtml.dll
+ 2011-02-21 15:23 . 2010-12-20 23:20 6080000 c:\windows\ie8\ieframe.dll
+ 2011-02-21 15:23 . 2010-07-05 20:32 2452872 c:\windows\ie8\ieapfltr.dat
+ 2001-08-23 09:00 . 2010-12-21 04:29 11080704 c:\windows\system32\ieframe.dll
+ 2010-12-22 23:31 . 2010-12-21 04:29 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2011-02-21 15:26 . 2009-03-08 03:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2011-02-21 15:27 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2482017-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\Freecorder\tbFree.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6CC9344-BC12-4EA7-9E37-46D61866C771}]
2010-12-24 17:00 126464 ------w- c:\program files\SM\SubsHelperBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\documents and settings\Pc\Application Data\LangSoft\OETRN.EXE" [2011-01-23 26624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2001-08-23 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [13.2.2011 22:41 207792]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [13.2.2011 22:45 112592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6.2.2009 14:23 727720]
R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [1.1.2011 11:04 47616]
R2 MSSQL$VIDA;SQL Server (VIDA);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10.12.2010 18:29 29262680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [13.2.2011 22:41 359624]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [23.8.2001 10:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2011-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xportovat do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{755B05A7-0770-4185-B5F6-E75A2CA527E2} - {755B05A7-0770-4185-B5F6-E75A2CA527E2} - c:\program files\SM\SubsHelper.dll
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WebIE.dll
Trusted Zone: localhost
FF - ProfilePath - c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\hgrajoii.default\
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-22 15:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2840)
c:\windows\system32\WININET.dll
c:\documents and settings\Pc\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\documents and settings\Pc\Application Data\LangSoft\TrnOEH.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2011-02-22 15:46:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-22 14:46
ComboFix2.txt 2011-02-20 22:38

Pre-Run: 3 637 182 464 bytes free
Post-Run: 3 641 655 296 bytes free

- - End Of File - - C37011D14AF0F723CC20542D597920E2


--------------------------------------------------------------------------------------
v jednu chvilu mi ten program napisal : System file is infected!!!........... C:/WINDOWS/system32/nc.....dll - vybodkovane som nestihol opisat :|

Re: Problem s vyrom

Napsal: 22 úno 2011 19:29
od Rudy
Log vypadá OK. Ještě otestujte online na www.virustotal.com tento soubor: c:\windows\Lduvia.exe .

Re: Problem s vyrom

Napsal: 22 úno 2011 23:17
od Eikom
na tej stranke mi to vobec neslo skontrolovat, skusal som to 3 x po hodine...ale pred chvilkou mi ESET presne tento subor nasiel ako napadnutie a dal ho do karanteny... ozaj a chcel som sa spitat, vcera mi vyplo aj preklad MUI a vobec neviem ako to napravit, zozral mi ho vir? :roll:

Re: Problem s vyrom

Napsal: 23 úno 2011 19:31
od Rudy
Zkuste to na www.virusscan.jotti.org. To je také kontrolní stránka.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz