VIRY.CZ

Dobrý deň,

Prosím o pomoc pri odinštalovaní programu Mobiola Webcamera for S60 3,0, program počítač nedokáže odnštalovať, pretože uninstall.exe používa iný program. Nerozumiem tomu, pretože neviem ktorý iný program by ho mohol používať, tak sa obraciam o pomoc u vás (Skúšal som odinštalovať tradične, cez pridať/odstrániť programy aj CCleaner).

Ďalej by som tiež poprosil o kontrolu, antivírus neukazuje žiadnu detekciu vírusu, ale mám tu 4 "hidden objects", a neviem posúdiť či sú pre mňa nejakým rizikom

Prikladám log s RSIT a Aviry:

Logfile of random's system information tool 1.08 (written by random/random)
Run by ivan at 2011-03-21 12:00:20
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 60 GB (46%) free of 131 GB
Total RAM: 2046 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:00:27, on 21.3.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Online Armor\oaui.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Winamp\winamp.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mobiola Web Camera for S60\webcam.exe
C:\Program Files\Mobiola Web Camera for S60\webcam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mobiola Web Camera for S60\webcam.exe
C:\Program Files\Mobiola Web Camera for S60\webcam.exe
C:\Documents and Settings\ivan\Desktop\RSIT.exe
C:\Program Files\trend micro\ivan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Služba Google Update (gupdate1c99ca5d283c91e) (gupdate1c99ca5d283c91e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Online Armor\OAcat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Online Armor\oasrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 10254 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab6eebdc09bce.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-02-19 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-31 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-02-19 1262888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-07 16862208]
"NSLauncher"=C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe [2007-11-06 3096576]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-11-04 281768]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-02 98304]
"UpdatePDRShortCut"=C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"@OnlineArmor GUI"=C:\Program Files\Online Armor\oaui.exe [2010-08-27 2356848]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-03 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\Online Armor\oaevent.dll [2010-08-27 353992]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x43010000
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\MY DOCUMENTS\My Games\Dead Space\Dead Space.exe"="D:\MY DOCUMENTS\My Games\Dead Space\Dead Space.exe:*:Disabled:Dead Space ™"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\ivan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\ivan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\utorrent-lite\utorrent.exe"="C:\Program Files\utorrent-lite\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\FlatOut2\FlatOut2.exe"="C:\Program Files\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"D:\MY DOCUMENTS\z netu\Bulanci_1.82-0.exe"="D:\MY DOCUMENTS\z netu\Bulanci_1.82-0.exe:*:Enabled:Bulanci_1.82-0"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Dragon Age\bin_ship\daorigins.exe"="C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
"C:\Program Files\Dragon Age\DAOriginsLauncher.exe"="C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe"="C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Documents and Settings\ivan\Desktop\utorrent-portable\utorrent.exe"="C:\Documents and Settings\ivan\Desktop\utorrent-portable\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe"="C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe"

======List of files/folders created in the last 1 months======

2011-03-18 17:01:19 ----A---- C:\WINDOWS\system32\BTCamVideoSource.dll
2011-03-18 17:01:00 ----D---- C:\Program Files\Mobiola Web Camera for S60
2011-03-18 16:50:58 ----D---- C:\Program Files\Mobiola Web Camera for BlackBerry
2011-03-16 22:36:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2011-03-09 23:39:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2011-03-09 23:37:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2011-02-26 13:03:05 ----D---- C:\Program Files\Common Files\Skype

======List of files/folders modified in the last 1 months======

2011-03-21 12:00:22 ----D---- C:\Program Files\trend micro
2011-03-21 11:56:53 ----AD---- C:\Documents and Settings\All Users\Application Data\Temp
2011-03-21 10:53:29 ----D---- C:\WINDOWS\Prefetch
2011-03-21 10:41:02 ----D---- C:\WINDOWS\temp
2011-03-21 10:07:08 ----D---- C:\WINDOWS\Registration
2011-03-21 10:06:34 ----RD---- C:\Program Files
2011-03-21 09:59:42 ----A---- C:\WINDOWS\wincmd.ini
2011-03-21 09:58:19 ----A---- C:\WINDOWS\NeroDigital.ini
2011-03-21 09:21:03 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-21 00:08:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-21 00:08:19 ----D---- C:\Documents and Settings\ivan\Application Data\ICQ
2011-03-19 13:14:56 ----D---- C:\WINDOWS
2011-03-19 13:12:14 ----SHD---- C:\WINDOWS\Installer
2011-03-19 13:12:14 ----D---- C:\Config.Msi
2011-03-19 13:12:13 ----D---- C:\WINDOWS\WinSxS
2011-03-19 13:11:54 ----D---- C:\WINDOWS\system32
2011-03-19 10:20:32 ----D---- C:\Documents and Settings\ivan\Application Data\uTorrent
2011-03-18 16:51:21 ----HD---- C:\WINDOWS\inf
2011-03-18 15:49:51 ----D---- C:\Program Files\Microsoft Silverlight
2011-03-17 21:16:50 ----D---- C:\Documents and Settings\ivan\Application Data\Skype
2011-03-17 17:01:49 ----D---- C:\Documents and Settings\ivan\Application Data\skypePM
2011-03-16 22:36:02 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-03-16 16:13:28 ----HD---- C:\WINDOWS\$hf_mig$
2011-03-09 23:39:11 ----A---- C:\WINDOWS\imsins.BAK
2011-03-09 23:37:37 ----D---- C:\WINDOWS\Debug
2011-03-09 23:37:35 ----A---- C:\WINDOWS\system32\MRT.exe
2011-03-09 23:37:31 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2011-03-06 13:08:26 ----D---- C:\WINDOWS\system32\drivers
2011-03-05 08:46:13 ----D---- C:\Program Files\Mozilla Firefox
2011-02-26 19:58:43 ----HD---- C:\Moje dokumenty
2011-02-26 13:03:24 ----RD---- C:\Program Files\Skype
2011-02-26 13:03:05 ----D---- C:\Program Files\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2007-03-08 43528]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2008-11-23 97248]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-11-09 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-03-16 137656]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []
R1 oahlpXX;Online Armor helper driver; \??\C:\WINDOWS\system32\drivers\oahlp32.sys []
R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []
R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-11-23 61960]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-03 4605952]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-07 4739072]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-16 115840]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 a2q2awu7;a2q2awu7; C:\WINDOWS\system32\drivers\a2q2awu7.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ivan\LOCALS~1\Temp\catchme.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-15 25280]
S3 k600bus;Sony Ericsson 600i driver (WDM); C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 87456]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 77072]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM); C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS); C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM); C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 90800]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S4 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-12-16 51120]
S4 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-12-16 16496]
S4 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-12-16 21744]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-03-16 269480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-11-04 135336]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-03 602112]
R2 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2008-05-13 80392]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-31 153376]
R2 OAcat;Online Armor Helper Service; C:\Program Files\Online Armor\OAcat.exe [2010-08-27 380272]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2009-04-17 247152]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-11-23 570880]
R2 SvcOnlineArmor;Online Armor; C:\Program Files\Online Armor\oasrv.exe [2010-08-27 3638240]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-07-14 593920]
S2 gupdate1c99ca5d283c91e;Služba Google Update (gupdate1c99ca5d283c91e); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-04 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-10-20 630272]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-11-23 306432]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 Prime95 Service;Prime95 Service; C:\Program Files\Prime95\prime95.exe []

Avira AntiVir Personal
Report file date: 21. marca 2011 10:07

Scanning for 2502953 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : B-3DFA3368B9EC4

Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 7. 3. 2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 9. 12. 2010 10:36:01
AVSCAN.DLL : 10.0.3.0 46440 Bytes 20. 4. 2010 20:12:12
LUKE.DLL : 10.0.3.2 104296 Bytes 9. 12. 2010 10:36:01
LUKERES.DLL : 10.0.0.1 12648 Bytes 10. 2. 2010 21:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6. 11. 2009 14:14:48
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14. 12. 2010 15:17:09
VBASE002.VDF : 7.11.3.0 1950720 Bytes 9. 2. 2011 16:12:54
VBASE003.VDF : 7.11.3.1 2048 Bytes 9. 2. 2011 16:12:54
VBASE004.VDF : 7.11.3.2 2048 Bytes 9. 2. 2011 16:12:55
VBASE005.VDF : 7.11.3.3 2048 Bytes 9. 2. 2011 16:12:55
VBASE006.VDF : 7.11.3.4 2048 Bytes 9. 2. 2011 16:12:55
VBASE007.VDF : 7.11.3.5 2048 Bytes 9. 2. 2011 16:12:55
VBASE008.VDF : 7.11.3.6 2048 Bytes 9. 2. 2011 16:12:55
VBASE009.VDF : 7.11.3.7 2048 Bytes 9. 2. 2011 16:12:55
VBASE010.VDF : 7.11.3.8 2048 Bytes 9. 2. 2011 16:12:55
VBASE011.VDF : 7.11.3.9 2048 Bytes 9. 2. 2011 16:12:55
VBASE012.VDF : 7.11.3.10 2048 Bytes 9. 2. 2011 16:12:56
VBASE013.VDF : 7.11.3.59 157184 Bytes 14. 2. 2011 12:35:50
VBASE014.VDF : 7.11.3.97 120320 Bytes 16. 2. 2011 17:01:41
VBASE015.VDF : 7.11.3.148 128000 Bytes 19. 2. 2011 18:07:18
VBASE016.VDF : 7.11.3.183 140288 Bytes 22. 2. 2011 16:48:14
VBASE017.VDF : 7.11.3.216 124416 Bytes 24. 2. 2011 10:06:49
VBASE018.VDF : 7.11.3.251 159232 Bytes 28. 2. 2011 20:36:02
VBASE019.VDF : 7.11.4.33 148992 Bytes 2. 3. 2011 14:34:15
VBASE020.VDF : 7.11.4.73 150016 Bytes 6. 3. 2011 19:05:45
VBASE021.VDF : 7.11.4.108 122880 Bytes 8. 3. 2011 19:05:47
VBASE022.VDF : 7.11.4.150 133120 Bytes 10. 3. 2011 21:04:11
VBASE023.VDF : 7.11.4.183 122368 Bytes 14. 3. 2011 16:02:16
VBASE024.VDF : 7.11.4.228 123392 Bytes 16. 3. 2011 09:35:42
VBASE025.VDF : 7.11.4.229 2048 Bytes 16. 3. 2011 09:35:42
VBASE026.VDF : 7.11.4.230 2048 Bytes 16. 3. 2011 09:35:42
VBASE027.VDF : 7.11.4.231 2048 Bytes 16. 3. 2011 09:35:42
VBASE028.VDF : 7.11.4.232 2048 Bytes 16. 3. 2011 09:35:42
VBASE029.VDF : 7.11.4.233 2048 Bytes 16. 3. 2011 09:35:42
VBASE030.VDF : 7.11.4.234 2048 Bytes 16. 3. 2011 09:35:42
VBASE031.VDF : 7.11.5.1 87040 Bytes 18. 3. 2011 09:35:42
Engineversion : 8.2.4.188
AEVDF.DLL : 8.1.2.1 106868 Bytes 1. 8. 2010 17:54:26
AESCRIPT.DLL : 8.1.3.57 1261947 Bytes 20. 3. 2011 09:35:51
AESCN.DLL : 8.1.7.2 127349 Bytes 23. 11. 2010 14:15:52
AESBX.DLL : 8.1.3.2 254324 Bytes 23. 11. 2010 14:15:54
AERDL.DLL : 8.1.9.8 639346 Bytes 16. 3. 2011 16:02:28
AEPACK.DLL : 8.2.4.12 520567 Bytes 16. 3. 2011 16:02:26
AEOFFICE.DLL : 8.1.1.17 205177 Bytes 9. 3. 2011 19:06:00
AEHEUR.DLL : 8.1.2.87 3371383 Bytes 20. 3. 2011 09:35:49
AEHELP.DLL : 8.1.16.1 246134 Bytes 4. 2. 2011 10:26:13
AEGEN.DLL : 8.1.5.3 397684 Bytes 20. 3. 2011 09:35:43
AEEMU.DLL : 8.1.3.0 393589 Bytes 23. 11. 2010 14:15:44
AECORE.DLL : 8.1.19.2 196983 Bytes 23. 1. 2011 09:25:21
AEBB.DLL : 8.1.1.0 53618 Bytes 24. 4. 2010 16:08:01
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14. 1. 2010 10:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 14. 1. 2010 10:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 18. 2. 2010 14:47:40
AVREG.DLL : 10.0.3.2 53096 Bytes 4. 11. 2010 12:56:55
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 9. 12. 2010 10:36:01
AVARKT.DLL : 10.0.22.6 231784 Bytes 9. 12. 2010 10:35:59
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26. 1. 2010 07:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28. 1. 2010 10:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16. 3. 2010 13:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 19. 2. 2010 12:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28. 1. 2010 11:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 4. 11. 2010 12:56:55

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, F:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: 21. marca 2011 10:07

Starting search for hidden objects.
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\parseautoexec
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-1004336348-492894223-725345543-1004\Software\SecuROM\License information\datasecu
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-1004336348-492894223-725345543-1004\Software\SecuROM\License information\rkeysecu
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet004\Control\Session Manager\pendingfilerenameoperations
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'msdtc.exe' - '39' Module(s) have been scanned
Scan process 'dllhost.exe' - '57' Module(s) have been scanned
Scan process 'dllhost.exe' - '44' Module(s) have been scanned
Scan process 'vssvc.exe' - '43' Module(s) have been scanned
Scan process 'avscan.exe' - '65' Module(s) have been scanned
Scan process 'avcenter.exe' - '68' Module(s) have been scanned
Scan process 'CCleaner.exe' - '33' Module(s) have been scanned
Scan process 'plugin-container.exe' - '64' Module(s) have been scanned
Scan process 'firefox.exe' - '108' Module(s) have been scanned
Scan process 'winamp.exe' - '135' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '48' Module(s) have been scanned
Scan process 'alg.exe' - '32' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '37' Module(s) have been scanned
Scan process 'ccc.exe' - '182' Module(s) have been scanned
Scan process 'OAhlp.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'sp_rsser.exe' - '23' Module(s) have been scanned
Scan process 'RichVideo.exe' - '19' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '17' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '47' Module(s) have been scanned
Scan process 'jqs.exe' - '32' Module(s) have been scanned
Scan process 'ctfmon.exe' - '33' Module(s) have been scanned
Scan process 'GSvr.exe' - '13' Module(s) have been scanned
Scan process 'MOM.exe' - '63' Module(s) have been scanned
Scan process 'msmsgs.exe' - '43' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '47' Module(s) have been scanned
Scan process 'ApplicationUpdater.exe' - '19' Module(s) have been scanned
Scan process 'oaui.exe' - '50' Module(s) have been scanned
Scan process 'avgnt.exe' - '55' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '32' Module(s) have been scanned
Scan process 'apdproxy.exe' - '46' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '45' Module(s) have been scanned
Scan process 'avshadow.exe' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'avguard.exe' - '53' Module(s) have been scanned
Scan process 'sched.exe' - '44' Module(s) have been scanned
Scan process 'spoolsv.exe' - '63' Module(s) have been scanned
Scan process 'Explorer.EXE' - '127' Module(s) have been scanned
Scan process 'oasrv.exe' - '63' Module(s) have been scanned
Scan process 'OAcat.exe' - '28' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '46' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '160' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '26' Module(s) have been scanned
Scan process 'lsass.exe' - '57' Module(s) have been scanned
Scan process 'services.exe' - '26' Module(s) have been scanned
Scan process 'winlogon.exe' - '72' Module(s) have been scanned
Scan process 'csrss.exe' - '15' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '563' files ).

Starting the file scan:

Begin scan in 'C:\'
Begin scan in 'D:\' <zaloha>
Begin scan in 'F:\'

End of the scan: 21. marca 2011 11:50
Used time: 1:43:26 Hour(s)

The scan has been done completely.

18286 Scanned directories
958700 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
958700 Files not concerned
11408 Archives were scanned
0 Warnings
0 Notes
528335 Objects were scanned with rootkit scan
4 Hidden objects were found

Ďakujem

Zdravím, spusť Správce úloh - Ctrl+Alt+Del a všechny procesy od té webky ukonči.

Měly by to být - webcam.exe a pak zkus znovu odinstalaci.

Tohle fixni v HJT :

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

HJT najdeš zde :

C:\Program Files\trend micro\ivan.exe

Fix znamená že spustíš HJT Obrázek

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.

Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :

NBService

NMIndexingService

Cyberlink RichVideo Service

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.

Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !!!

Mbam běží, pak vložím log, ale ta Mobiola Webcam nejde stejně odinstalovat, i když jí zruším proces, spuštením odinstalátora se v procesech znovu objeví, a tím pádem to opět nejde.

V tom services.msc jsem se snažil postupovat podle nábodu, ale zastavovat jsem to zastavoval přes pravý klik, kde byla rovnou možnost Zastavit, jelikož mě se to zjevně zobrazuje trochu jinak jako vám, tahle možnost byla hned na první kartě, ale dle všeho to udělalo to samé. I když NBService byl stejně zastaven už předtím. U typu spuštění jsem měl možnosti Automaticky/Manuálne/Odpojit, takže jsem zvolil odpojit, zakázat tam není. Udělal jsem správně?

Malwarebytes' Anti-Malware 1.44
Verzia databázy: 3677
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

22.3.2011 22:01:12
mbam-log-2011-03-22 (22-01-09).txt

Typ kontroly: Úplná (C:\|D:\|F:\|)
Objektov kontrolovaných: 354340
Uplynutý cas: 1 hour(s), 16 minute(s), 4 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 1
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 1
Infikovaných súborov: 4

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> No action taken.

Infikovaných súborov:
D:\New instal\motherboard_driver_lan_realtek_8111.exe (Spyware.OnlineGames) -> No action taken.
D:\New instal\motherboard_driver_chipset_intel._p4x_sereis.exe (Spyware.OnlineGames) -> No action taken.
C:\Program Files\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) -> No action taken.
C:\Program Files\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) -> No action taken.

To co Mbam našel nech smazat.

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

V případě nejasností je ZDE obrázkový návod.

ComboFix 11-03-22.09 - ivan 23.03.2011 15:19:53.8.4 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2046.1538 [GMT 1:00]
Running from: c:\documents and settings\ivan\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-23 to 2011-03-23 )))))))))))))))))))))))))))))))
.
.
2011-03-19 12:14 . 2011-03-19 12:14 1409 ----a-w- c:\windows\QTFont.for
2011-03-18 16:01 . 2007-09-20 12:04 114688 ----a-w- c:\windows\system32\BTCamVideoSource.dll
2011-03-18 16:01 . 2011-03-18 17:10 -------- d-----w- c:\program files\Mobiola Web Camera for S60
2011-03-18 15:50 . 2011-03-18 15:57 -------- d-----w- c:\program files\Mobiola Web Camera for BlackBerry
2011-02-26 12:03 . 2011-02-26 12:03 -------- d-----w- c:\program files\Common Files\Skype
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-23 14:14 . 2008-11-21 19:17 16608 ----a-w- c:\windows\gdrv.sys
2011-03-16 16:02 . 2009-04-30 18:01 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-09 13:53 . 2006-02-28 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2008-11-21 19:02 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-11-21 19:02 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-02-28 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-02-28 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2006-02-28 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-10-31 21:40 . 2011-01-23 20:24 245760 ----a-w- c:\program files\Uninstall Ask Toolbar.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-11-06 3096576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2010-08-27 2356848]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Online Armor\oaevent.dll" [2010-08-27 353992]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Google Update"="c:\documents and settings\ivan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OSSelectorReinstall"=c:\program files\Common Files\Acronis\AcronisDiskDirector\oss_reinstall.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\utorrent-lite\\utorrent.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\MY DOCUMENTS\\z netu\\Bulanci_1.82-0.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [3.9.2010 11:11 201168]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [3.9.2010 11:11 38856]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [3.9.2010 11:11 25000]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [3.9.2010 11:11 29272]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [23.11.2008 7:45 141312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30.4.2009 19:01 135336]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 0:51 380928]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [21.11.2008 20:18 80392]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [3.9.2010 11:11 380272]
R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [3.9.2010 11:11 3638240]
S2 gupdate1c99ca5d283c91e;Služba Google Update (gupdate1c99ca5d283c91e);c:\program files\Google\Update\GoogleUpdate.exe [4.3.2009 9:47 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [1.3.2010 22:51 16512]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [16.11.2009 14:34 25832]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [11.5.2005 13:12 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\drivers\k600mdfl.sys [11.5.2005 13:12 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\drivers\k600mdm.sys [11.5.2005 13:12 87456]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [11.5.2005 13:12 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\k600obex.sys [11.5.2005 13:12 77072]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [3.12.2010 21:40 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [3.12.2010 21:40 8320]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [28.11.2008 12:05 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [28.11.2008 12:05 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [28.11.2008 12:05 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [28.11.2008 12:05 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [28.11.2008 12:06 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [28.11.2008 12:05 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [28.11.2008 12:05 90800]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.11.2008 10:36 691696]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cab6eebdc09bce.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 08:47]
.
2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 08:47]
.
.
------- Supplementary Scan -------
.
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ivan\Application Data\Mozilla\Firefox\Profiles\kyqg5x4k.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 2
FF - Ext: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-23 15:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1004336348-492894223-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:28,cc,44,d1,e2,b1,79,84,b4,83,51,df,62,19,50,9c,27,8b,61,09,17,
df,24,d3,c2,39,40,90,6b,4d,5d,07,69,c0,88,db,f9,53,6a,89,e9,e5,60,51,a7,d5,\
"rkeysecu"=hex:ab,5d,79,3c,9f,a1,8b,aa,a5,dc,31,f4,59,4a,87,4f
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2011-03-23 15:29:41
ComboFix-quarantined-files.txt 2011-03-23 14:29
ComboFix2.txt 2010-07-29 20:37
.
Pre-Run: 63 127 752 704 bytes free
Post-Run: 63 287 775 232 bytes free
.
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - E38BE00547C9E50376F43A64F8827B5D

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

File::
c:\program files\Uninstall Ask Toolbar.dll  

Folder::
c:\program files\Mobiola Web Camera for S60
c:\program files\Mobiola Web Camera for BlackBerry

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:

Obrázek

Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

ComboFix 11-03-23.03 - ivan 23.03.2011 20:46:44.9.4 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2046.1480 [GMT 1:00]
Running from: c:\documents and settings\ivan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ivan\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
FILE ::
"c:\program files\Uninstall Ask Toolbar.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mobiola Web Camera for BlackBerry
c:\program files\Mobiola Web Camera for BlackBerry\effects_dll.dll
c:\program files\Mobiola Web Camera for BlackBerry\webcam.exe
c:\program files\Mobiola Web Camera for S60
c:\program files\Mobiola Web Camera for S60\BACKUP\effects_dll.dll
c:\program files\Mobiola Web Camera for S60\bbs.pediy.com.url
c:\program files\Mobiola Web Camera for S60\effects_dll.dll
c:\program files\Mobiola Web Camera for S60\nokia.it168.com.url
c:\program files\Mobiola Web Camera for S60\Readme.txt
c:\program files\Mobiola Web Camera for S60\unins000.dat
c:\program files\Mobiola Web Camera for S60\unins000.exe
c:\program files\Mobiola Web Camera for S60\webcam.exe
c:\program files\Mobiola Web Camera for S60\webcam_s60_v_3_0.sis
c:\program files\Mobiola Web Camera for S60\WebCameraHelp.chm
c:\program files\Uninstall Ask Toolbar.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-02-23 to 2011-03-23 )))))))))))))))))))))))))))))))
.
.
2011-03-23 14:49 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-03-23 14:49 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-03-23 14:49 . 2006-10-18 19:05 232448 ----a-w- c:\windows\system32\mp3fhg.acm
2011-03-23 14:49 . 2011-02-28 08:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-03-23 14:49 . 2010-12-07 18:40 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2011-03-23 14:49 . 2010-12-07 18:22 810496 ----a-w- c:\windows\system32\xvidcore.dll
2011-03-23 14:49 . 2011-03-23 14:50 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-03-18 16:01 . 2007-09-20 12:04 114688 ----a-w- c:\windows\system32\BTCamVideoSource.dll
2011-02-26 12:03 . 2011-02-26 12:03 -------- d-----w- c:\program files\Common Files\Skype
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-23 14:14 . 2008-11-21 19:17 16608 ----a-w- c:\windows\gdrv.sys
2011-03-16 16:02 . 2009-04-30 18:01 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-09 13:53 . 2006-02-28 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2008-11-21 19:02 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-11-21 19:02 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-02-28 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-02-28 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2006-02-28 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-11-06 3096576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2010-08-27 2356848]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Online Armor\oaevent.dll" [2010-08-27 353992]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Google Update"="c:\documents and settings\ivan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OSSelectorReinstall"=c:\program files\Common Files\Acronis\AcronisDiskDirector\oss_reinstall.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\utorrent-lite\\utorrent.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\MY DOCUMENTS\\z netu\\Bulanci_1.82-0.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [3.9.2010 11:11 201168]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [3.9.2010 11:11 38856]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [3.9.2010 11:11 25000]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [3.9.2010 11:11 29272]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [23.11.2008 7:45 141312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30.4.2009 19:01 135336]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 0:51 380928]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [21.11.2008 20:18 80392]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [3.9.2010 11:11 380272]
R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [3.9.2010 11:11 3638240]
S2 gupdate1c99ca5d283c91e;Služba Google Update (gupdate1c99ca5d283c91e);c:\program files\Google\Update\GoogleUpdate.exe [4.3.2009 9:47 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [1.3.2010 22:51 16512]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [16.11.2009 14:34 25832]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [11.5.2005 13:12 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\drivers\k600mdfl.sys [11.5.2005 13:12 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\drivers\k600mdm.sys [11.5.2005 13:12 87456]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [11.5.2005 13:12 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\k600obex.sys [11.5.2005 13:12 77072]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [3.12.2010 21:40 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [3.12.2010 21:40 8320]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [28.11.2008 12:05 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [28.11.2008 12:05 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [28.11.2008 12:05 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [28.11.2008 12:05 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [28.11.2008 12:06 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [28.11.2008 12:05 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [28.11.2008 12:05 90800]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.11.2008 10:36 691696]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cab6eebdc09bce.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 08:47]
.
2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 08:47]
.
.
------- Supplementary Scan -------
.
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ivan\Application Data\Mozilla\Firefox\Profiles\kyqg5x4k.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 2
FF - Ext: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Mobiola Web Camera for S60_is1 - c:\program files\Mobiola Web Camera for S60\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-23 20:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
? [17936]
? [18384]
? [20308]
? [17240]
? [16604]
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1004336348-492894223-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:28,cc,44,d1,e2,b1,79,84,b4,83,51,df,62,19,50,9c,27,8b,61,09,17,
df,24,d3,c2,39,40,90,6b,4d,5d,07,69,c0,88,db,f9,53,6a,89,e9,e5,60,51,a7,d5,\
"rkeysecu"=hex:ab,5d,79,3c,9f,a1,8b,aa,a5,dc,31,f4,59,4a,87,4f
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2011-03-23 20:56:28
ComboFix-quarantined-files.txt 2011-03-23 19:56
ComboFix2.txt 2011-03-23 14:29
ComboFix3.txt 2010-07-29 20:37
.
Pre-Run: 63 316 406 272 bytes free
Post-Run: 14 adresárov, 63 287 492 608 voľných bajtov
.
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 0F8792945EA1894A189C8D02AC0BC5A3

Vďaka, vidím že Mobiola je konečne v ťahu, je tam vidieť ešte niečo škodné, či už môžem spokojnejšie spávať?

Nic špatného už tam není, tak že můžeš klidně spát.

Už jen přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.

Ďakujem pekne

Není zač.

VIRY.CZ

cannot uninstall

cannot uninstall

Re: cannot uninstall

Re: cannot uninstall

Re: cannot uninstall

Re: cannot uninstall

Re: cannot uninstall

Re: cannot uninstall

Re: cannot uninstall

Re: cannot uninstall

Re: cannot uninstall

Re: cannot uninstall

Re: cannot uninstall