VIRY.CZ

Zdravim, prosim o kontrolu logu z rsit. PC je nestabilne, na net sa takmer nepripoji, po instalacii antiviru ho nieco znefunkcni, blokuje ccleaner a podobne utility. PC nabieha pomaly a vypina sa tiez len s tazkostami. Vdaka!

Logfile of random's system information tool 1.09 (written by random/random)
Run by hp at 2011-07-27 14:13:12
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 5 GB (27%) free of 20 GB
Total RAM: 1022 MB (32% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-602162358-1801674531-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-602162358-1801674531-1004UA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{672FC5B8-05CB-4071-9E1F-E5F2F7917A6D}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\hp\Application Data\Mozilla\Firefox\Profiles\3v50y3u9.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://search.conduit.com/?ctid=CT22337 ... hSource=13"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, dvscontextmenuy@dvdvideosoft.com:1.0, engine@conduit.com:3.3.3.2, fdm_ffext@freedownloadmanager.org:1.3.4, {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.3.3.2, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, jqs@sun.com:1.0, 1vffxtbr@SmileyCentral_1v.com:1.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://www.google.com/search?ie=UTF-8&o ... &gfns=1&q="

"Seekmo@Seekmo.com"=C:\Program Files\Seekmo\bin\10.3.85.0\firefox\extensions
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"1vffxtbr@SmileyCentral_1v.com"=C:\Program Files\SmileyCentral_1v\bar\2.bin
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@SmileyCentral_1v.com/Plugin]
"Description"=SmileyCentral Plugin
"Path"=C:\Program Files\SmileyCentral_1v\bar\2.bin\NP1vStub.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=D:\Programy\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
AskHPRFF.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
npclntax.xpt
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npclntax_SeekmoSA.dll
npdeployJava1.dll
npnul32.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\hp\Application Data\Mozilla\Firefox\Profiles\3v50y3u9.default\extensions\
engine@conduit.com
toolbar@ask.com
{1392b8d2-5c05-419f-a8f6-b9f15a596612}
{20a82645-c095-46ed-80e3-08825760534b}

C:\Documents and Settings\hp\Application Data\Mozilla\Firefox\Profiles\3v50y3u9.default\searchplugins\
askcom.xml
conduit.xml
SmileyCentral_1v.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
Freecorder Toolbar - C:\Program Files\Freecorder\prxtbFre0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{258C9770-1713-4021-8D7E-1F184A2BD754}]
ShoppingReport2 - C:\Program Files\ShoppingReport2\Bin\2.7.27\ShoppingReport.dll [2010-11-08 1142576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-02-19 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}]
Seekmo - C:\Program Files\Seekmo\bin\10.3.85.0\HostIE.dll [2009-05-27 554256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-03 305328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [2011-06-07 1007160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-14 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-06-14 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-02-19 1262888]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - Seekmo - C:\Program Files\Seekmo\bin\10.3.85.0\HostIE.dll [2009-05-27 554256]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]
{1392b8d2-5c05-419f-a8f6-b9f15a596612} - Freecorder Toolbar - C:\Program Files\Freecorder\prxtbFre0.dll [2011-01-17 175912]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-03 305328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-11-16 577536]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016]
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe []
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-03-09 37888]
"SeekmoOE"=C:\Program Files\Seekmo\bin\10.3.85.0\OEAddOn.exe [2009-05-27 91408]
"SeekmoSA"=C:\Program Files\Seekmo\bin\10.3.85.0\SeekmoSA.exe [2009-05-27 782096]
"MP10_EnsureFileVer"=C:\WINDOWS\inf\unregmp2.exe [2008-04-14 208896]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2009-04-17 54576]
"Adobe Reader Speed Launcher"=D:\Programy\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"Freecorder FLV Service"=C:\Program Files\Freecorder\FLVSrvc.exe [2010-06-26 167936]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"TaskTray"= []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
""= []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2011-05-17 395144]
"wxpdrv"=C:\WINDOWS\services32.exe [2011-07-21 1178112]
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-12-0\svchost.exe [2011-07-21 1178112]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"2628647.exe"=C:\DOCUME~1\hp\LOCALS~1\Temp\2628647.exe [2011-07-21 232960]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-07-26 261632]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-07-26 256000]
"9329877.exe"=C:\WINDOWS\TEMP\9329877.exe [2011-07-21 232960]
"systemup"=C:\WINDOWS\systemup.exe [2011-07-21 118784]
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-07-26 235520]
"37434676-loader2.exe"=C:\WINDOWS\TEMP\37434676-loader2.exe [2011-07-21 245760]
"5981184.exe"=C:\WINDOWS\TEMP\5981184.exe [2011-07-26 256000]
"4046655.exe"=C:\WINDOWS\TEMP\4046655.exe [2011-07-26 495616]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ares"=C:\Program Files\Ares\Ares.exe [2009-02-03 1004544]
"Software Informer"=C:\Program Files\Software Informer\softinfo.exe [2009-09-17 1933381]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]
"Google Update"=C:\Documents and Settings\hp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-07 136176]
"fsm"= []
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2009-04-17 95536]
"NBCore"=C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe [2008-09-24 1561896]
"MediaGet2"=C:\Documents and Settings\hp\Local Settings\Application Data\MediaGet2\mediaget.exe [2011-07-18 8040680]
"TomTomHOME.exe"=C:\Documents and Settings\hp\Desktop\tomtom GPS\TomTom HOME 2\TomTomHOMERunner.exe [2011-03-09 247728]

C:\Documents and Settings\hp\Start Menu\Programs\Startup
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-17 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Free Download Manager\fdmwi.exe"="C:\Program Files\Free Download Manager\fdmwi.exe:*:Enabled:fdmwi"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2"
"C:\Documents and Settings\hp\Local Settings\Application Data\MediaGet2\mediaget.exe"="C:\Documents and Settings\hp\Local Settings\Application Data\MediaGet2\mediaget.exe:*:Enabled:MediaGet torrent client"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\hp\My Documents\Downloads\Flash-Player.exe"="C:\Documents and Settings\hp\My Documents\Downloads\Flash-Player.exe:*:Enabled:C:\Documents and Settings\hp\My Documents\Downloads\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\services32.exe"="C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe"
"C:\WINDOWS\update.tray-12-0\svchost.exe"="C:\WINDOWS\update.tray-12-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-12-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
"C:\WINDOWS\update.2\4041.exe"="C:\WINDOWS\update.2\4041.exe:*:Enabled:C:\WINDOWS\update.2\4041.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-07-27 14:13:12 ----D---- C:\rsit
2011-07-27 14:13:12 ----D---- C:\Program Files\trend micro
2011-07-27 13:26:55 ----D---- C:\Program Files\AVAST Software
2011-07-27 13:26:55 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software
2011-07-27 13:25:43 ----D---- C:\nahaved
2011-07-27 13:08:10 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2011-07-26 14:30:33 ----D---- C:\Documents and Settings\hp\Application Data\ShoppingReport2
2011-07-26 14:30:32 ----D---- C:\Program Files\ShoppingReport2
2011-07-21 18:04:32 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-21 18:04:07 ----A---- C:\WINDOWS\l1rezerv.exe
2011-07-21 18:04:02 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-21 18:03:58 ----A---- C:\WINDOWS\systemup.exe
2011-07-21 18:03:37 ----HD---- C:\WINDOWS\update.2
2011-07-21 18:02:49 ----D---- C:\WINDOWS\ufa
2011-07-21 18:02:49 ----D---- C:\WINDOWS\rpcminer
2011-07-21 18:02:49 ----D---- C:\WINDOWS\phoenix
2011-07-21 18:02:31 ----A---- C:\WINDOWS\unrar.exe
2011-07-21 18:02:00 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-21 18:01:32 ----HD---- C:\WINDOWS\update.5.0
2011-07-21 10:14:31 ----A---- C:\WINDOWS\iplist.txt
2011-07-21 10:14:05 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-07-21 10:13:50 ----A---- C:\WINDOWS\sysdriver32.exe
2011-07-21 10:13:19 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-21 10:13:09 ----D---- C:\WINDOWS\av_ico
2011-07-21 10:11:29 ----HD---- C:\WINDOWS\update.1
2011-07-21 10:10:47 ----HD---- C:\WINDOWS\update.tray-12-0-lnk
2011-07-21 10:10:47 ----HD---- C:\WINDOWS\update.tray-12-0
2011-07-21 09:59:36 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-21 09:59:36 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-21 09:59:32 ----A---- C:\WINDOWS\services32.exe
2011-07-14 09:28:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-14 09:23:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-06-29 21:58:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$

======List of files/folders modified in the last 1 month======

2011-07-27 14:13:12 ----RD---- C:\Program Files
2011-07-27 14:09:47 ----D---- C:\Documents and Settings\hp\Application Data\Winamp
2011-07-27 14:09:45 ----D---- C:\Documents and Settings\hp\Application Data\Free Download Manager
2011-07-27 14:09:41 ----D---- C:\WINDOWS\Temp
2011-07-27 14:09:41 ----D---- C:\WINDOWS\Debug
2011-07-27 14:09:41 ----D---- C:\WINDOWS
2011-07-27 14:09:40 ----D---- C:\WINDOWS\Prefetch
2011-07-27 14:07:03 ----D---- C:\WINDOWS\system32\drivers
2011-07-27 14:07:03 ----D---- C:\WINDOWS\system32
2011-07-27 14:05:44 ----D---- C:\Documents and Settings\hp\Application Data\LimeWire
2011-07-27 14:03:41 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-07-27 14:02:12 ----D---- C:\Documents and Settings\hp\Application Data\Software Informer
2011-07-27 13:35:08 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-27 13:30:05 ----D---- C:\Program Files\CCleaner
2011-07-27 13:27:17 ----SHD---- C:\WINDOWS\Installer
2011-07-27 13:27:17 ----SHD---- C:\Config.Msi
2011-07-27 13:27:16 ----D---- C:\WINDOWS\WinSxS
2011-07-27 13:08:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-27 13:07:35 ----HD---- C:\WINDOWS\inf
2011-07-26 18:20:55 ----D---- C:\Documents and Settings\All Users\Application Data\SeekmoSA
2011-07-26 14:30:24 ----D---- C:\Documents and Settings\hp\Application Data\PriceGong
2011-07-26 14:30:22 ----D---- C:\Documents and Settings\hp\Application Data\ShoppingReport
2011-07-25 22:18:24 ----D---- C:\Program Files\LimeWire
2011-07-21 18:53:08 ----SHD---- C:\System Volume Information
2011-07-21 18:53:08 ----D---- C:\WINDOWS\system32\Restore
2011-07-21 18:13:19 ----RSD---- C:\WINDOWS\assembly
2011-07-21 18:04:03 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-21 10:12:28 ----D---- C:\WINDOWS\system32\drivers\Avg
2011-07-21 10:11:40 ----A---- C:\boot.ini
2011-07-14 09:23:43 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-13 12:39:31 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-12 16:15:51 ----D---- C:\Documents and Settings\hp\Application Data\Skype
2011-07-09 13:22:10 ----HD---- C:\$AVG8.VAULT$
2011-07-04 13:01:21 ----D---- C:\Program Files\Ask.com
2011-07-04 13:01:19 ----SD---- C:\WINDOWS\Tasks

Zdravím,

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Kontrolor" -> Úplná kontrola -> Prohledat
po ukončení -> Zobrazit výsledky -> zkontrolovat zda je vše označeno -> Odstranit označené
vyběhne log, ve kterém budou záznamy tohoto typu:
Infikované adresáře:
C:\Program Files\xxxxxx -> Quarantined and deleted successfully.
ten bych rád viděl

Po nainstalovani mbam a nacitani aktualizacii mi uz nedovoli spustit kontrolu, pretoze PC vytuhne uplne a po restarte sa mbam neda spustit, i ked v systray je ikona aktivna a hlasi najdenu infekciu. Mam to spustit v nudzovom rezime??

/edit:
Aj v nudzovom rezime nieco zhodi mbam a uz sa neda spustit znovu.

Stáhni RogueKiller - http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
spusť ho postupně s volbami "2"; "3"; "4"; "5" a logy sem zkopíruj

Nejak som sa pozabudol a volbu c.4 som opakoval 2x, takze logov je 6, dufam, ze to nevadi.

RogueKiller V5.2.8 [07/23/2011] by Tigzy

contact at http://www.sur-la-toile.com

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html



Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: hp [Admin rights]

Mode: Remove -- Date : 07/27/2011 17:56:12



Bad processes: 13

[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED

[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED

[SUSP PATH] TomTomHOMEService.exe -- c:\documents and settings\hp\desktop\tomtom gps\tomtom home 2\tomtomhomeservice.exe -> KILLED

[SUSP PATH] FLVSrvLib.dll -- C:\Documents and Settings\hp\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> UNLOADED

[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED

[SVCHOST] svchost.exe -- c:\windows\update.tray-12-0\svchost.exe -> KILLED

[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED

[SUSP PATH] sysdriver32_.exe -- c:\windows\sysdriver32_.exe -> KILLED

[SUSP PATH] systemup.exe -- c:\windows\systemup.exe -> KILLED

[SUSP PATH] l1rezerv.exe -- c:\windows\l1rezerv.exe -> KILLED

[SUSP PATH] mediaget.exe -- c:\documents and settings\hp\local settings\application data\mediaget2\mediaget.exe -> KILLED

[SUSP PATH] TomTomHOMERunner.exe -- c:\documents and settings\hp\desktop\tomtom gps\tomtom home 2\tomtomhomerunner.exe -> KILLED

[SUSP PATH] FLVSrvLib.dll -- C:\Documents and Settings\hp\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> UNLOADED



Registry Entries: 17

[SUSP PATH] HKCU\[...]\Run : MediaGet2 (C:\Documents and Settings\hp\Local Settings\Application Data\MediaGet2\mediaget.exe --minimized) -> DELETED

[SUSP PATH] HKCU\[...]\Run : TomTomHOME.exe ("C:\Documents and Settings\hp\Desktop\tomtom GPS\TomTom HOME 2\TomTomHOMERunner.exe") -> DELETED

[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\WINDOWS\services32.exe) -> DELETED

[SUSP PATH] HKLM\[...]\Run : 2628647.exe ("C:\DOCUME~1\hp\LOCALS~1\Temp\2628647.exe") -> DELETED

[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\WINDOWS\sysdriver32.exe" rezerv) -> DELETED

[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\WINDOWS\sysdriver32_.exe" rezerv) -> DELETED

[SUSP PATH] HKLM\[...]\Run : 9329877.exe ("C:\WINDOWS\TEMP\9329877.exe") -> DELETED

[SUSP PATH] HKLM\[...]\Run : systemup ("C:\WINDOWS\systemup.exe" stand) -> DELETED

[SUSP PATH] HKLM\[...]\Run : l1rezerv.exe ("C:\WINDOWS\l1rezerv.exe") -> DELETED

[SUSP PATH] HKLM\[...]\Run : 37434676-loader2.exe ("C:\WINDOWS\TEMP\37434676-loader2.exe") -> DELETED

[SUSP PATH] HKLM\[...]\Run : 5981184.exe ("C:\WINDOWS\TEMP\5981184.exe") -> DELETED

[SUSP PATH] HKLM\[...]\Run : 3817604.exe ("C:\WINDOWS\TEMP\3817604.exe") -> DELETED

[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)

[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)

[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)

[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)



HOSTS File:

127.0.0.1 localhost

127.0.0.1 vkontakte.ru

127.0.0.1 http://www.vkontakte.ru

127.0.0.1 login.vk.com

127.0.0.1 vk.com

127.0.0.1 http://www.vk.com

127.0.0.1 odnoklassniki.ru

127.0.0.1 http://www.odnoklassniki.ru

127.0.0.1 facebook.com

127.0.0.1 http://www.facebook.com

127.0.0.1 af-za.facebook.com

127.0.0.1 az-az.facebook.com

127.0.0.1 id-id.facebook.com

127.0.0.1 ms-my.facebook.com

127.0.0.1 bs-ba.facebook.com

127.0.0.1 ca-es.facebook.com

127.0.0.1 cs-cz.facebook.com

127.0.0.1 cy-gb.facebook.com

127.0.0.1 da-dk.facebook.com

127.0.0.1 de-de.facebook.com

[...]





Finished : << RKreport[1].txt >>

RKreport[1].txt

RogueKiller V5.2.8 [07/23/2011] by Tigzy

contact at http://www.sur-la-toile.com

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html



Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: hp [Admin rights]

Mode: HOSTSFix -- Date : 07/27/2011 17:56:59



Bad processes: 1

[SUSP PATH] FLVSrvLib.dll -- C:\Documents and Settings\hp\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> UNLOADED



HOSTS File:

127.0.0.1 localhost

127.0.0.1 vkontakte.ru

127.0.0.1 http://www.vkontakte.ru

127.0.0.1 login.vk.com

127.0.0.1 vk.com

127.0.0.1 http://www.vk.com

127.0.0.1 odnoklassniki.ru

127.0.0.1 http://www.odnoklassniki.ru

127.0.0.1 facebook.com

127.0.0.1 http://www.facebook.com

127.0.0.1 af-za.facebook.com

127.0.0.1 az-az.facebook.com

127.0.0.1 id-id.facebook.com

127.0.0.1 ms-my.facebook.com

127.0.0.1 bs-ba.facebook.com

127.0.0.1 ca-es.facebook.com

127.0.0.1 cs-cz.facebook.com

127.0.0.1 cy-gb.facebook.com

127.0.0.1 da-dk.facebook.com

127.0.0.1 de-de.facebook.com

[...]





Resetted HOSTS:

127.0.0.1 localhost



Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

RogueKiller V5.2.8 [07/23/2011] by Tigzy

contact at http://www.sur-la-toile.com

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html



Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: hp [Admin rights]

Mode: ProxyFix -- Date : 07/27/2011 17:57:21



Bad processes: 1

[SUSP PATH] FLVSrvLib.dll -- C:\Documents and Settings\hp\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> UNLOADED



Registry Entries: 0



Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

RogueKiller V5.2.8 [07/23/2011] by Tigzy

contact at http://www.sur-la-toile.com

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html



Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: hp [Admin rights]

Mode: DNSFix -- Date : 07/27/2011 17:58:13



Bad processes: 1

[SUSP PATH] FLVSrvLib.dll -- C:\Documents and Settings\hp\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> UNLOADED



Registry Entries: 0



Finished : << RKreport[4].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

RogueKiller V5.2.8 [07/23/2011] by Tigzy

contact at http://www.sur-la-toile.com

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html



Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: hp [Admin rights]

Mode: DNSFix -- Date : 07/27/2011 17:58:54



Bad processes: 1

[SUSP PATH] FLVSrvLib.dll -- C:\Documents and Settings\hp\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> UNLOADED



Registry Entries: 0



Finished : << RKreport[5].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

RogueKiller V5.2.8 [07/23/2011] by Tigzy

contact at http://www.sur-la-toile.com

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html



Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: hp [Admin rights]

Mode: ProxyFix -- Date : 07/27/2011 17:59:35



Bad processes: 1

[SUSP PATH] FLVSrvLib.dll -- C:\Documents and Settings\hp\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> UNLOADED



Registry Entries: 0



Finished : << RKreport[6].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;

RKreport[6].txt

Tak znovu zkusíme MBAM

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Kontrolor" -> Úplná kontrola -> Prohledat
po ukončení -> Zobrazit výsledky -> zkontrolovat zda je vše označeno -> Odstranit označené
vyběhne log, ve kterém budou záznamy tohoto typu:
Infikované adresáře:
C:\Program Files\xxxxxx -> Quarantined and deleted successfully.
ten bych rád viděl

V případě nefunkčnosti dáme rovnou ComboFix

Stáhni si ComboFix
a ulož ho na plochu.
návod na použití: http://www.bleepingcomputer.com/combofi ... t-combofix
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

mbam sa opat zrutil, tak davam log z combofix, ma ale vyssi pocet znakov, tak ako prilohu.

ComboFix 11-07-27.02 - hp 27.07.2011 18:46:40.1.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1022.388 [GMT 2:00]
Running from: c:\documents and settings\hp\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\hp\LOCALS~1\Temp\jna8148513385715258071.tmp
c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\All Users\Application Data\SeekmoSA
c:\documents and settings\All Users\Application Data\SeekmoSA\SeekmoSA.dat
c:\documents and settings\All Users\Application Data\SeekmoSA\SeekmoSA_kyf.dat
c:\documents and settings\All Users\Application Data\SeekmoSA\SeekmoSAAbout.mht
c:\documents and settings\All Users\Application Data\SeekmoSA\SeekmoSAau.dat
c:\documents and settings\All Users\Application Data\SeekmoSA\SeekmoSAEula.mht
c:\documents and settings\All Users\Start Menu\Programs\Seekmo
c:\documents and settings\All Users\Start Menu\Programs\Seekmo\Reset Cursor.lnk
c:\documents and settings\All Users\Start Menu\Programs\Seekmo\Seekmo Customer Support Center.lnk
c:\documents and settings\All Users\Start Menu\Programs\Seekmo\Seekmo Uninstall Instructions.lnk
c:\documents and settings\All Users\Start Menu\Programs\Seekmo\Weather.lnk
c:\documents and settings\hp\Application Data\PriceGong
c:\documents and settings\hp\Application Data\PriceGong\Data\1.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\a.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\b.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\c.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\d.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\e.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\f.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\g.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\h.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\i.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\J.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\k.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\l.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\m.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\n.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\o.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\p.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\q.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\r.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\s.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\t.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\u.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\v.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\w.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\x.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\y.xml
c:\documents and settings\hp\Application Data\PriceGong\Data\z.xml
c:\documents and settings\hp\Application Data\Seekmo
c:\documents and settings\hp\Application Data\Seekmo\eskin\FileManager.txt
c:\documents and settings\hp\Application Data\Seekmo\v3.0\HostOI\static\1\030104_emte10_prv.gif
..........atd.
c:\documents and settings\hp\Application Data\ShoppingReport
c:\documents and settings\hp\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\hp\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\hp\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\hp\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\hp\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\hp\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\hp\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\hp\Application Data\ShoppingReport2
c:\documents and settings\hp\Application Data\ShoppingReport2\cs\Config.xml
c:\documents and settings\hp\Application Data\WeatherDPA
c:\documents and settings\hp\Application Data\WeatherDPA\Weather\WeatherStartup.xml
c:\documents and settings\hp\Local Settings\Temp\jna8148513385715258071.tmp
c:\documents and settings\hp\WINDOWS
c:\program files\Mozilla Firefox\components\npclntax.xpt
c:\program files\seekmo
c:\program files\seekmo\bin\10.3.85.0\arrow.ico
c:\program files\seekmo\bin\10.3.85.0\CntntCntr.dll
c:\program files\seekmo\bin\10.3.85.0\copyright.txt
c:\program files\seekmo\bin\10.3.85.0\CoreSrv.dll
c:\program files\seekmo\bin\10.3.85.0\firefox\extensions\components\npclntax.xpt
c:\program files\seekmo\bin\10.3.85.0\firefox\extensions\chrome.manifest
c:\program files\seekmo\bin\10.3.85.0\firefox\extensions\install.rdf
c:\program files\seekmo\bin\10.3.85.0\firefox\extensions\plugins\npclntax_SeekmoSA.dll
c:\program files\seekmo\bin\10.3.85.0\HostOE.dll
c:\program files\seekmo\bin\10.3.85.0\HostOL.dll
c:\program files\seekmo\bin\10.3.85.0\link.ico
c:\program files\seekmo\bin\10.3.85.0\OEAddOn.exe
c:\program files\seekmo\bin\10.3.85.0\SeekmoSA.exe
c:\program files\seekmo\bin\10.3.85.0\SeekmoSAAX.dll
c:\program files\seekmo\bin\10.3.85.0\SeekmoSADF.exe
c:\program files\seekmo\bin\10.3.85.0\SeekmoSAHook.dll
c:\program files\seekmo\bin\10.3.85.0\Srv.exe
c:\program files\seekmo\bin\10.3.85.0\Toolbar.dll
c:\program files\seekmo\bin\10.3.85.0\Wallpaper.dll
c:\program files\seekmo\bin\10.3.85.0\WeSkin.dll
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
c:\program files\ShoppingReport2
c:\program files\ShoppingReport2\Uninst.exe
c:\windows\$NtUninstallKB43345$\1700949257
c:\windows\$NtUninstallKB43345$\4050102217\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB43345$\4050102217\click.tlb
c:\windows\$NtUninstallKB43345$\4050102217\L\jinbcufo
c:\windows\$NtUninstallKB43345$\4050102217\loader.tlb
c:\windows\$NtUninstallKB43345$\4050102217\U\$00000001
c:\windows\$NtUninstallKB43345$\4050102217\U\@00000001
c:\windows\$NtUninstallKB43345$\4050102217\U\@000000c0
c:\windows\$NtUninstallKB43345$\4050102217\U\@000000cb
c:\windows\$NtUninstallKB43345$\4050102217\U\@000000cf
c:\windows\$NtUninstallKB43345$\4050102217\U\@80000000
c:\windows\$NtUninstallKB43345$\4050102217\U\@800000c0
c:\windows\$NtUninstallKB43345$\4050102217\U\@800000cb
c:\windows\$NtUninstallKB43345$\4050102217\U\@800000cf
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\iun6002.exe
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.2\4041.exe
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
E:\Uninstall.exe
c:\windows\$NtUninstallKB43345$ . . . . Failed to delete
.
Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\wuauclt.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
.
.
((((((((((((((((((((((((( Files Created from 2011-06-27 to 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-27 16:18 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-27 16:18 . 2011-07-27 16:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-27 16:18 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-27 13:12 . 2011-07-27 13:12 -------- d-----w- c:\documents and settings\hp\Application Data\Malwarebytes
2011-07-27 13:12 . 2011-07-27 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-27 13:08 . 2008-04-14 03:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-07-27 13:08 . 2008-04-14 03:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-07-27 12:13 . 2011-07-27 12:13 -------- d-----w- C:\rsit
2011-07-27 12:13 . 2011-07-27 12:13 -------- d-----w- c:\program files\trend micro
2011-07-27 11:26 . 2011-07-27 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-07-27 11:26 . 2011-07-27 11:26 -------- d-----w- c:\program files\AVAST Software
2011-07-27 11:25 . 2011-07-27 16:21 -------- d-----w- C:\nahaved
2011-07-27 11:08 . 2008-04-13 22:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-07-27 11:08 . 2008-04-13 22:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-07-21 16:02 . 2011-07-21 16:02 -------- d-----w- c:\windows\ufa
2011-07-21 16:02 . 2011-07-21 16:02 -------- d-----w- c:\windows\rpcminer
2011-07-21 16:02 . 2011-07-21 16:02 -------- d-----w- c:\windows\phoenix
2011-07-21 16:02 . 2011-07-21 16:02 246272 ----a-w- c:\windows\unrar.exe
2011-07-21 08:13 . 2011-07-21 08:13 -------- d-----w- c:\windows\av_ico
2011-07-21 08:10 . 2011-07-21 08:10 -------- d--h--w- c:\windows\update.tray-12-0
2011-07-21 08:10 . 2011-07-21 08:10 -------- d--h--w- c:\windows\update.tray-12-0-lnk
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-27 17:01 . 2011-07-27 17:02 256000 ----a-w- c:\windows\sysdriver32_.exe
2011-07-27 17:01 . 2011-07-27 17:01 256000 ----a-w- c:\windows\sysdriver32.exe
2011-06-17 09:33 . 2011-06-17 09:33 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-06-02 14:02 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 02:52 . 2010-07-27 19:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2009-06-05 09:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2009-03-29 10:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Freecorder\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 11:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-09-17 1933381]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"NBCore"="c:\program files\Common Files\Nero\Nero BackItUp 4\NBCore.exe" [2008-09-24 1561896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-16 577536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576]
"Adobe Reader Speed Launcher"="d:\programy\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"tray_ico0"="c:\windows\update.tray-12-0\svchost.exe" [2011-07-21 1178112]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"3903471.exe"="c:\docume~1\hp\LOCALS~1\Temp\3903471.exe" [2011-07-27 256000]
"sysdriver32.exe"="c:\windows\sysdriver32.exe" [2011-07-27 256000]
"sysdriver32_.exe"="c:\windows\sysdriver32_.exe" [2011-07-27 256000]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\hp\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-5-22 139776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 07:59 11952 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Free Download Manager\\fdmwi.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Documents and Settings\\hp\\Local Settings\\Application Data\\MediaGet2\\mediaget.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\update.tray-12-0\\svchost.exe"=
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29.3.2009 13:07 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29.3.2009 13:07 108552]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [31.3.2009 20:17 222456]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [27.7.2011 18:18 366640]
R2 srvsysdriver32;srvsysdriver32;c:\windows\sysdriver32.exe srv --> c:\windows\sysdriver32.exe srv [?]
R2 TomTomHOMEService;TomTomHOMEService;c:\documents and settings\hp\Desktop\tomtom GPS\TomTom HOME 2\TomTomHOMEService.exe [9.3.2011 14:30 92592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27.7.2011 18:18 22712]
S2 gupdate1c9cc21438e296;Služba Google Update (gupdate1c9cc21438e296);c:\program files\Google\Update\GoogleUpdate.exe [3.5.2009 20:57 133104]
S3 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S3 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3.5.2009 20:57 133104]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [29.3.2009 12:37 238976]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SRVSYSDRIVER32
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 18:57]
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-03 18:57]
.
2011-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-602162358-1801674531-1004Core.job
- c:\documents and settings\hp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-03 20:34]
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-602162358-1801674531-1004UA.job
- c:\documents and settings\hp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-03 20:34]
.
2011-07-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-05-17 11:29]
.
2011-07-27 c:\windows\Tasks\User_Feed_Synchronization-{672FC5B8-05CB-4071-9E1F-E5F2F7917A6D}.job
- c:\windows\system32\msfeedssync.exe [2009-10-11 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2233703
IE: &Download All using 4shared Desktop - c:\documents and settings\hp\Desktop\yyy\4shared Desktop\down_all.htm
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Prevziať pomocou FDM - file://c:\program files\Free Download Manager\dllink.htm
IE: Prevziať video pomocou FDM - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Prevziať vybrané pomocou FDM - file://c:\program files\Free Download Manager\dlselected.htm
IE: Prevziať všetko pomocou FDM - file://c:\program files\Free Download Manager\dlall.htm
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{418A284A-43B7-434D-A68F-EBB383C59B0D}: NameServer = 195.146.128.60,195.146.132.59
FF - ProfilePath - c:\documents and settings\hp\Application Data\Mozilla\Firefox\Profiles\3v50y3u9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - 4shared Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2233703&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: SmileyCentral: 1vffxtbr@SmileyCentral_1v.com - c:\program files\SmileyCentral_1v\bar\2.bin
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-fsm - (no file)
HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
HKLM-Run-TaskTray - (no file)
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
SafeBoot-wxpdrivers
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-27 19:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-790525478-602162358-1801674531-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2011-07-27 19:06:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-27 17:06
.
Pre-Run: 5 497 757 696 bytes free
Post-Run: 5 535 293 440 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=AlwaysOff /fastdetect
.
- - End Of File - - F59D9B8F143946644C258EA8360CCD12

Pokud nemáš ComboFix na ploše, přesuň jej tam.
Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

ComboFix se spustí - počkej na log a vlož ho sem.

CFscript

ComboFix 11-07-27.02 - hp 27.07.2011 20:02:30.2.1 - x86

Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1022.392 [GMT 2:00]

Running from: c:\documents and settings\hp\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\hp\Desktop\CFscript.txt

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

FILE ::

"c:\windows\sysdriver32.exe"

"c:\windows\sysdriver32_.exe"

"c:\windows\Tasks\AppleSoftwareUpdate.job"

"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"

"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"

"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-602162358-1801674531-1004Core.job"

"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-602162358-1801674531-1004UA.job"

"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"

"c:\windows\unrar.exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\hp\LOCALS~1\Temp\1216225.exe

c:\docume~1\hp\LOCALS~1\Temp\684518.exe

c:\windows\av_ico

c:\windows\btc_client_iplist.txt

c:\windows\front_ip_list.txt

c:\windows\geoiplist

c:\windows\geoiplist.rar

c:\windows\iecheck_iplist.txt

c:\windows\info1

c:\windows\iplist.txt

c:\windows\l1rezerv.exe

c:\windows\phoenix

c:\windows\phoenix\kernels\phatk\__init__.py

c:\windows\phoenix\kernels\phatk\__init__.pyc

c:\windows\phoenix\kernels\phatk\BFIPatcher.py

c:\windows\phoenix\kernels\phatk\kernel.cl

c:\windows\phoenix\kernels\poclbm\__init__.py

c:\windows\phoenix\kernels\poclbm\__init__.pyc

c:\windows\phoenix\kernels\poclbm\BFIPatcher.py

c:\windows\phoenix\kernels\poclbm\kernel.cl

c:\windows\phoenix\phoenix.exe

c:\windows\proc_list1.log

c:\windows\rpcminer

c:\windows\rpcminer\bitcoinminercuda_10.cubin

c:\windows\rpcminer\bitcoinminercuda_11.cubin

c:\windows\rpcminer\bitcoinminercuda_20.cubin

c:\windows\rpcminer\bitcoinmineropencl.cl

c:\windows\rpcminer\cudart32_32_16.dll

c:\windows\rpcminer\curllib.dll

c:\windows\rpcminer\libeay32.dll

c:\windows\rpcminer\libsasl.dll

c:\windows\rpcminer\openldap.dll

c:\windows\rpcminer\rpcminer-4way.exe

c:\windows\rpcminer\rpcminer-cpu.exe

c:\windows\rpcminer\rpcminer-cuda.exe

c:\windows\rpcminer\rpcminer-opencl.exe

c:\windows\rpcminer\ssleay32.dll

c:\windows\sysdriver32.exe

c:\windows\sysdriver32_.exe

c:\windows\system32\drivers\etc\HSTS~1

c:\windows\Tasks\AppleSoftwareUpdate.job

c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-602162358-1801674531-1004Core.job

c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-602162358-1801674531-1004UA.job

c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

c:\windows\TEMP\1286351.exe

c:\windows\TEMP\2228449.exe

c:\windows\ufa

c:\windows\ufa\ufa.exe

c:\windows\unrar.exe

c:\windows\update.2

c:\windows\update.2\svchost.exe

c:\windows\update.5.0

c:\windows\update.5.0\svchost.exe

c:\windows\update.tray-12-0-lnk

c:\windows\update.tray-12-0-lnk\svchost.exe

c:\windows\update.tray-12-0

c:\windows\update.tray-12-0\svchost.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_GUPDATE1C9CC21438E296

-------\Legacy_GUPDATEM

-------\Legacy_SRVBTCCLIENT

-------\Legacy_SRVIECHECK

-------\Legacy_SRVSYSDRIVER32

-------\Service_gupdate1c9cc21438e296

-------\Service_gupdatem

-------\Service_srvbtcclient

-------\Service_srviecheck

.

.

((((((((((((((((((((((((( Files Created from 2011-06-27 to 2011-07-27 )))))))))))))))))))))))))))))))

.

.

2011-07-27 16:18 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-27 16:18 . 2011-07-27 16:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-27 16:18 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-27 13:12 . 2011-07-27 13:12 -------- d-----w- c:\documents and settings\hp\Application Data\Malwarebytes

2011-07-27 13:12 . 2011-07-27 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-07-27 13:08 . 2008-04-14 03:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2011-07-27 13:08 . 2008-04-14 03:41 21504 ----a-w- c:\windows\system32\hidserv.dll

2011-07-27 12:13 . 2011-07-27 12:13 -------- d-----w- C:\rsit

2011-07-27 12:13 . 2011-07-27 12:13 -------- d-----w- c:\program files\trend micro

2011-07-27 11:26 . 2011-07-27 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-07-27 11:26 . 2011-07-27 11:26 -------- d-----w- c:\program files\AVAST Software

2011-07-27 11:25 . 2011-07-27 16:21 -------- d-----w- C:\nahaved

2011-07-27 11:08 . 2008-04-13 22:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2011-07-27 11:08 . 2008-04-13 22:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-17 09:33 . 2011-06-17 09:33 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-06-02 14:02 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-05-04 02:52 . 2010-07-27 19:17 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-04 00:25 . 2009-06-05 09:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-05-02 15:31 . 2009-03-29 10:12 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2008-04-14 12:00 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-07-27_17.00.51 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-07-27 18:07 . 2011-07-27 18:07 16384 c:\windows\temp\Perflib_Perfdata_670.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]

"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

.

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

2011-01-17 14:54 175912 ----a-w- c:\program files\Freecorder\prxtbFre0.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2011-05-17 11:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]

"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]

"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]

"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-09-17 1933381]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]

"NBCore"="c:\program files\Common Files\Nero\Nero BackItUp 4\NBCore.exe" [2008-09-24 1561896]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2006-11-16 577536]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]

"nwiz"="nwiz.exe" [2006-08-11 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]

"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]

"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]

"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576]

"Adobe Reader Speed Launcher"="d:\programy\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\hp\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-5-22 139776]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableSecureUIAPaths"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-17 07:59 11952 ----a-w- c:\windows\system32\avgrsstx.dll

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Free Download Manager\\fdmwi.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=

"c:\\Documents and Settings\\hp\\Local Settings\\Application Data\\MediaGet2\\mediaget.exe"=

"c:\\Program Files\\Ares\\Ares.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29.3.2009 13:07 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29.3.2009 13:07 108552]

R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [31.3.2009 20:17 222456]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [27.7.2011 18:18 366640]

R2 TomTomHOMEService;TomTomHOMEService;c:\documents and settings\hp\Desktop\tomtom GPS\TomTom HOME 2\TomTomHOMEService.exe [9.3.2011 14:30 92592]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27.7.2011 18:18 22712]

S3 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]

S3 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [29.3.2009 12:37 238976]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-27 c:\windows\Tasks\User_Feed_Synchronization-{672FC5B8-05CB-4071-9E1F-E5F2F7917A6D}.job

- c:\windows\system32\msfeedssync.exe [2009-10-11 02:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2233703

IE: &Download All using 4shared Desktop - c:\documents and settings\hp\Desktop\yyy\4shared Desktop\down_all.htm

IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: E&xportova do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: Prevzia pomocou FDM - file://c:\program files\Free Download Manager\dllink.htm

IE: Prevzia video pomocou FDM - file://c:\program files\Free Download Manager\dlfvideo.htm

IE: Prevzia vybrané pomocou FDM - file://c:\program files\Free Download Manager\dlselected.htm

IE: Prevzia všetko pomocou FDM - file://c:\program files\Free Download Manager\dlall.htm

IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm

IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{418A284A-43B7-434D-A68F-EBB383C59B0D}: NameServer = 195.146.128.60,195.146.132.59

FF - ProfilePath - c:\documents and settings\hp\Application Data\Mozilla\Firefox\Profiles\3v50y3u9.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - 4shared Web Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2233703&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: SmileyCentral: 1vffxtbr@SmileyCentral_1v.com - c:\program files\SmileyCentral_1v\bar\2.bin

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-27 20:07

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-790525478-602162358-1801674531-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2908)

c:\windows\system32\WININET.dll

c:\documents and settings\hp\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\windows\system32\nvsvc32.exe

c:\windows\SOUNDMAN.EXE

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\rundll32.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-07-27 20:11:01 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-27 18:10

ComboFix2.txt 2011-07-27 17:06

.

Pre-Run: 5 764 042 752 bytes free

Post-Run: 5 751 345 152 voŸných bajtov

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=AlwaysOff /fastdetect

.

- - End Of File - - F0426556BF41C33B80190F963D0BAEF6

Vyzerá to dobre

Urobíme kontrolu MBAM

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Kontrolor" -> Rychlá kontrola -> Prohledat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Verzia databázy: 7305

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28.7.2011 5:57:46
mbam-log-2011-07-28 (05-57-33).txt

Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 147571
Uplynutý čas: 1 min, 59 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 7
Infikované registračné hodnoty: 1
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 6

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_CLASSES_ROOT\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDDBB5EE-BB64-4bfc-9DBE-E7C85941335B} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\SeekmoAX.ClientDetector (Adware.Seekmo) -> No action taken.
HKEY_CLASSES_ROOT\SeekmoAX.ClientDetector.1 (Adware.Seekmo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> No action taken.

Infikované registračné hodnoty:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\Seekmo@Seekmo.com (Adware.SeekMo) -> Value: Seekmo@Seekmo.com -> No action taken.

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
c:\documents and settings\hp\my documents\downloads\mediapluginsetup (1).exe (Spyware.GamePlayLabs) -> No action taken.
c:\documents and settings\hp\my documents\downloads\mediapluginsetup (2).exe (Spyware.GamePlayLabs) -> No action taken.
c:\documents and settings\hp\my documents\downloads\mediapluginsetup (3).exe (Spyware.GamePlayLabs) -> No action taken.
c:\documents and settings\hp\my documents\downloads\mediapluginsetup (4).exe (Spyware.GamePlayLabs) -> No action taken.
c:\documents and settings\hp\my documents\downloads\mediapluginsetup.exe (Spyware.GamePlayLabs) -> No action taken.
c:\program files\mozilla firefox\plugins\npclntax_seekmosa.dll (Adware.SeekMo) -> No action taken.

Malwarebytes' Anti-Malware 1.51.1.1800
http://www.malwarebytes.org

Verzia databázy: 7305

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28.7.2011 7:46:53
mbam-log-2011-07-28 (07-46-53).txt

Typ kontroly: Úplná kontrola (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objektov kontrolovaných: 207239
Uplynutý čas: 21 min, 52 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 8
Infikované registračné hodnoty: 1
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 41

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_CLASSES_ROOT\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDDBB5EE-BB64-4bfc-9DBE-E7C85941335B} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Adware.SeekMo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SeekmoAX.ClientDetector (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SeekmoAX.ClientDetector.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.

Infikované registračné hodnoty:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\Seekmo@Seekmo.com (Adware.SeekMo) -> Value: Seekmo@Seekmo.com -> Quarantined and deleted successfully.

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
c:\documents and settings\hp\Desktop\rk_quarantine\2628647.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\hp\Desktop\rk_quarantine\37434676-loader2.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\hp\Desktop\rk_quarantine\5981184.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\hp\Desktop\rk_quarantine\9329877.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\hp\Desktop\rk_quarantine\l1rezerv.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\hp\Desktop\rk_quarantine\services32.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\hp\Desktop\rk_quarantine\sysdriver32_.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\hp\Desktop\skušobna\smileycentral.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\documents and settings\hp\my documents\downloads\mediapluginsetup (1).exe (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
c:\documents and settings\hp\my documents\downloads\mediapluginsetup (2).exe (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
c:\documents and settings\hp\my documents\downloads\mediapluginsetup (3).exe (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
c:\documents and settings\hp\my documents\downloads\mediapluginsetup (4).exe (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
c:\documents and settings\hp\my documents\downloads\mediapluginsetup.exe (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npclntax_seekmosa.dll (Adware.SeekMo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\Seekmo\bin\10.3.85.0\cntntcntr.dll.vir (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\Seekmo\bin\10.3.85.0\coresrv.dll.vir (Adware.SeekMo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\Seekmo\bin\10.3.85.0\hostoe.dll.vir (Adware.SeekMo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\Seekmo\bin\10.3.85.0\hostol.dll.vir (Adware.SeekMo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\Seekmo\bin\10.3.85.0\oeaddon.exe.vir (Adware.SeekMo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\Seekmo\bin\10.3.85.0\seekmosa.exe.vir (Adware.SeekMo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\Seekmo\bin\10.3.85.0\seekmosaax.dll.vir (Adware.SeekMo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\Seekmo\bin\10.3.85.0\seekmosadf.exe.vir (Adware.SeekMo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\Seekmo\bin\10.3.85.0\seekmosahook.dll.vir (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\Seekmo\bin\10.3.85.0\srv.exe.vir (Adware.SeekMo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\Seekmo\bin\10.3.85.0\toolbar.dll.vir (Adware.SeekMo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\Seekmo\bin\10.3.85.0\wallpaper.dll.vir (Adware.SeekMo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\Seekmo\bin\10.3.85.0\weskin.dll.vir (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\Seekmo\bin\10.3.85.0\firefox\extensions\plugins\npclntax_seekmosa.dll.vir (Adware.SeekMo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\shoppingreport\Bin\2.5.0\shoppingreport.dll.vir (Adware.Shopper) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\l1rezerv.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\services32.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\update.tray-12-0\svchost.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\update.tray-12-0-lnk\svchost.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Software\Setup.exe (Adware.SeekMo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d9d42a9a-69cc-4754-888f-f83eb8ab14f2}\RP657\A0224402.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d9d42a9a-69cc-4754-888f-f83eb8ab14f2}\RP657\A0224417.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d9d42a9a-69cc-4754-888f-f83eb8ab14f2}\RP657\A0224418.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d9d42a9a-69cc-4754-888f-f83eb8ab14f2}\RP657\A0224423.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{d9d42a9a-69cc-4754-888f-f83eb8ab14f2}\RP657\A0224424.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
d:\Instal\ACDSE\ACDSee3\TNT-AC~1.EXE (Trojan.Agent.CK) -> Quarantined and deleted successfully.
e:\install-jozsi\ACDSE\ACDSee3\TNT-AC~1.EXE (Trojan.Agent.CK) -> Quarantined and deleted successfully.

Jak je na tom PC? - ještě nějaké problémy?