Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosim o preventivnu kontrolu pc

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
stifler123
Návštěvník
Návštěvník
Příspěvky: 17
Registrován: 10 led 2010 13:53

Prosim o preventivnu kontrolu pc

#1 Příspěvek od stifler123 »

Prosím o preventívnu kontrolu pc, pretože dnes som si stiahol escan MWAV anti-virus anti-spyware portable. A dal som si to na USB. Chcel vyskúšať či funguje tak som to zapol a dal scanovať pc. Našlo mi cca 117 vírusov + nejaké chyby v registry. Mám Smart security 3 ale ten mi nič nenašiel ani pred ani po scanovaní. MWAV som sťahoval z oficiálnej stránky escan-u. Asi po cca 10 minútach scanoví pc s MWAV som zrušil scanovanie a reštartoval pc. Potom mi daemon tools začal hlásiť:
" Initialization error 0. This programm requires at least Windows 2000 with SPTD 1.28 or higher. Kernel debugger must be deactivated. " A v Tento počítač sa mi objavil nejaký ďaľší vymeniteľný disk. viz. príloha . A centrum zabezpečenia mi hlási, že nemám povolené automatické aktulizácie aj keď som ich mal.

LOG:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Peter at 2010-01-10 13:47:03
Systém Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 23 GB (23%) free of 100 GB
Total RAM: 2047 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:12, on 10.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Peter\My Documents\My Videos\RSIT.exe
C:\Program Files\trend micro\Peter.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource ... =CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [mwavscan_autoscan] "C:\DOCUME~1\Peter\LOCALS~1\Temp\mexe.com" /s /AUTORUNBOOT
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 6410 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-117609710-839522115-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-117609710-839522115-1004UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2009-06-29 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-18 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2009-11-20 2166296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2009-11-20 2166296]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"=C:\WINDOWS\system32\winsys2.exe [2006-04-29 208896]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-10 16126464]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-10-24 1451264]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-18 149280]
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2006-02-28 158208]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]
"mwavscan_autoscan"=C:\DOCUME~1\Peter\LOCALS~1\Temp\mexe.com [2009-11-06 2329160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2006-09-14 157592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-25 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]
C:\Program Files\TechSmith\Jing\Jing.exe [2009-06-30 2893064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NiwradSoft Welcome]
C:\WINDOWS\NiwradSoft Shell Pack\Tools\NS Welcome.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\system32\oodtray.exe [2009-04-08 2553088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-02-20 356352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speed Typing]
C:\Program Files\Invention Pilot\Speed Typing\STyping.exe [2002-12-12 101376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2009-12-17 1217808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueTransparency]
C:\DOCUME~1\Peter\LOCALS~1\Temp\Rar$EX00.860\TrueTransparency\TrueTransparency.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2009-09-04 288560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2009-07-20 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Peter^Start Menu^Programs^Startup^Cashfiesta.lnk]
C:\PROGRA~1\CASHFI~1\FIESTA~1\CASHFI~1.EXE [2009-09-23 828928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Peter^Start Menu^Programs^Startup^Logitech . Registrácia výrobku.lnk]
C:\PROGRA~1\COMMON~1\Logishrd\eReg\SetPoint\eReg.exe [2008-11-07 517384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Peter^Start Menu^Programs^Startup^Xfire.lnk]
C:\PROGRA~1\Xfire\Xfire.exe [2009-11-30 3181456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 72208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Disabled:Flashget"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Disabled:Xfire"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Program Files\Valve\hltv.exe"="C:\Program Files\Valve\hltv.exe:*:Disabled:HLTV Launcher"
"C:\Program Files\Valve\hlds.exe"="C:\Program Files\Valve\hlds.exe:*:Disabled:HLDS Launcher"
"I:\Stronghold 2\Stronghold2.exe"="I:\Stronghold 2\Stronghold2.exe:*:Disabled:Stronghold2"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Disabled:BitComet.exe"
"C:\Program Files\Goiceasoft Studios\Counter Strike 1.8 Goiceasoft\cstrike.exe"="C:\Program Files\Goiceasoft Studios\Counter Strike 1.8 Goiceasoft\cstrike.exe:*:Disabled:CS 1.8 Goiceasoft"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Disabled:GameSpy Arcade"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Program Files\Goiceasoft Studios\Counter Strike 1.8 Goiceasoft\hl.exe"="C:\Program Files\Goiceasoft Studios\Counter Strike 1.8 Goiceasoft\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"D:\Warcraft III\Warcraft III.exe"="D:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\Programy\Warcraft III\Warcraft III.exe"="D:\Programy\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Vietcong2\vietcong2.exe"="C:\Vietcong2\vietcong2.exe:*:Disabled:vietcong2"
"C:\Program Files\GoFTP\GoFTP.exe"="C:\Program Files\GoFTP\GoFTP.exe:*:Disabled:GoFTP"
"C:\Program Files\Ascaron Entertainment\Sacred Underworld\sacred.exe"="C:\Program Files\Ascaron Entertainment\Sacred Underworld\sacred.exe:*:Disabled:Sacred"
"C:\Program Files\Ascaron Entertainment\Sacred Underworld\gameserver.exe"="C:\Program Files\Ascaron Entertainment\Sacred Underworld\gameserver.exe:*:Disabled:Sacred Gameserver"
"C:\xampp\apache\bin\httpd.exe"="C:\xampp\apache\bin\httpd.exe:*:Disabled:Apache HTTP Server"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\Documents and Settings\Peter\My Documents\Downloads\left 4 dead\left4dead.exe"="C:\Documents and Settings\Peter\My Documents\Downloads\left 4 dead\left4dead.exe:*:Disabled:left4dead"
"C:\Documents and Settings\Peter\My Documents\left 4 dead\left4dead.exe"="C:\Documents and Settings\Peter\My Documents\left 4 dead\left4dead.exe:*:Disabled:left4dead"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Disabled:FlashFXP v3"
"C:\Program Files\FlashGet Network\FlashGet universal\flashget.exe"="C:\Program Files\FlashGet Network\FlashGet universal\flashget.exe:*:Disabled:flashget"
"J:\left4dead.exe"="J:\left4dead.exe:*:Disabled:left4dead"
"D:\Programy\Left4dead\left4dead.exe"="D:\Programy\Left4dead\left4dead.exe:*:Disabled:left4dead"
"C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe"="C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Disabled:Jedi Academy MultiPlayer"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent"
"D:\Programy\Activision\Call-of-duty4\iw3mp.exe"="D:\Programy\Activision\Call-of-duty4\iw3mp.exe:*:Disabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Documents and Settings\Peter\Local Settings\Temp\Rar$EX00.359\server\srct_server.exe"="C:\Documents and Settings\Peter\Local Settings\Temp\Rar$EX00.359\server\srct_server.exe:*:Disabled:srct_server"
"C:\Program Files\Eric's TelNet98\Telnet98.exe"="C:\Program Files\Eric's TelNet98\Telnet98.exe:*:Disabled:Eric's TelNet98"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe"="C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe:*:Disabled:Rise of Nations"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\Peter\Local Settings\Temp\Rar$EX03.203\PSNG.11\Portable Symantec Norton Ghost 11.0.0.1502\GhostSrv.exe"="C:\Documents and Settings\Peter\Local Settings\Temp\Rar$EX03.203\PSNG.11\Portable Symantec Norton Ghost 11.0.0.1502\GhostSrv.exe:*:Enabled:GhostCastServer Network Access"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

======File associations======

.txt - open - notepad.exe %1

======List of files/folders created in the last 1 months======

2010-01-10 13:47:04 ----D---- C:\Program Files\trend micro
2010-01-10 13:47:03 ----D---- C:\rsit
2010-01-10 13:42:04 ----AD---- C:\WINDOWS\rundll16.exe
2010-01-10 13:42:04 ----AD---- C:\WINDOWS\logo1_.exe
2010-01-10 09:51:14 ----AD---- C:\WINDOWS\VDLL.DLL
2010-01-10 09:51:14 ----AD---- C:\WINDOWS\system32\runouce.exe
2010-01-10 09:51:14 ----AD---- C:\WINDOWS\RUNDL132.EXE
2010-01-10 09:51:14 ----AD---- C:\WINDOWS\logo_1.exe
2010-01-09 22:48:05 ----A---- C:\WINDOWS\system32\msvcr80.dll
2010-01-09 22:48:04 ----A---- C:\WINDOWS\system32\msvcp80.dll
2010-01-09 22:48:03 ----A---- C:\WINDOWS\system32\eEmpty.exe
2010-01-09 22:48:01 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2010-01-09 22:48:01 ----A---- C:\WINDOWS\system32\T.COM
2010-01-09 22:48:01 ----A---- C:\WINDOWS\REGEDIT.COM
2010-01-09 22:48:01 ----A---- C:\WINDOWS\R.COM
2010-01-09 22:47:57 ----D---- C:\Program Files\Common Files\MicroWorld
2010-01-09 22:47:54 ----D---- C:\Documents and Settings\All Users\Application Data\MicroWorld
2010-01-09 21:58:15 ----D---- C:\WINDOWS\NU_DATA
2010-01-09 20:18:04 ----D---- C:\Program Files\Data0.Net Software
2010-01-09 11:16:10 ----D---- C:\Documents and Settings\Peter\Application Data\MSNInstaller
2010-01-07 10:48:50 ----D---- C:\Documents and Settings\Peter\Application Data\Sibelius Software
2010-01-07 10:47:56 ----D---- C:\Program Files\Sibelius Software
2010-01-06 12:25:11 ----D---- C:\Documents and Settings\Peter\Application Data\Eric's TelNet98
2010-01-06 12:21:10 ----D---- C:\Program Files\Eric's TelNet98
2010-01-06 12:20:44 ----D---- C:\Documents and Settings\Peter\Application Data\Help
2010-01-03 12:10:12 ----D---- C:\Program Files\Disney
2009-12-28 15:05:06 ----D---- C:\WINDOWS\Lhsp
2009-12-28 15:04:55 ----D---- C:\WINDOWS\speech
2009-12-22 16:29:08 ----D---- C:\Python26
2009-12-19 17:01:38 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-12-19 17:01:37 ----D---- C:\WINDOWS\system32\LogFiles
2009-12-19 17:01:37 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-12-15 09:41:55 ----SHD---- C:\WINDOWS\ftpcache
2009-12-15 09:41:44 ----A---- C:\WINDOWS\game.ini
2009-12-11 22:19:32 ----D---- C:\Program Files\LucasArts
2009-12-11 10:45:08 ----A---- C:\WINDOWS\system32\kcpp.dll

======List of files/folders modified in the last 1 months======

2010-01-10 13:47:04 ----RD---- C:\Program Files
2010-01-10 13:47:04 ----D---- C:\WINDOWS\Temp
2010-01-10 13:43:30 ----D---- C:\WINDOWS
2010-01-10 13:43:09 ----D---- C:\Program Files\Mozilla Firefox
2010-01-10 13:42:06 ----D---- C:\WINDOWS\system32
2010-01-10 13:27:26 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-10 13:20:18 ----RASH---- C:\boot.ini
2010-01-10 13:20:18 ----A---- C:\WINDOWS\win.ini
2010-01-10 13:20:18 ----A---- C:\WINDOWS\system.ini
2010-01-10 13:17:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-10 12:11:14 ----A---- C:\WINDOWS\wincmd.ini
2010-01-10 11:47:04 ----D---- C:\WINDOWS\system32\drivers
2010-01-10 09:42:46 ----SD---- C:\Documents and Settings\Peter\Application Data\Microsoft
2010-01-09 22:47:57 ----D---- C:\Program Files\Common Files
2010-01-09 22:35:09 ----D---- C:\WINDOWS\Prefetch
2010-01-09 20:07:28 ----HD---- C:\WINDOWS\inf
2010-01-09 17:08:04 ----D---- C:\Documents and Settings\Peter\Application Data\vlc
2010-01-09 15:52:12 ----RSD---- C:\WINDOWS\Fonts
2010-01-09 11:15:50 ----D---- C:\Program Files\MSN
2010-01-08 22:09:53 ----D---- C:\Documents and Settings\Peter\Application Data\Skype
2010-01-08 14:27:57 ----D---- C:\Program Files\Flock
2010-01-08 11:03:00 ----D---- C:\Documents and Settings\Peter\Application Data\skypePM
2010-01-07 13:41:07 ----SHD---- C:\WINDOWS\Installer
2010-01-07 13:40:42 ----SHD---- C:\Config.Msi
2010-01-06 17:05:29 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-03 19:55:56 ----D---- C:\Documents and Settings\Peter\Application Data\uTorrent
2010-01-03 19:05:51 ----D---- C:\Program Files\Steam
2010-01-02 14:05:54 ----D---- C:\Program Files\Garena
2010-01-01 16:10:36 ----SHD---- C:\RECYCLER
2009-12-29 15:21:22 ----D---- C:\Documents and Settings\Peter\Application Data\Adobe
2009-12-23 20:30:45 ----D---- C:\Program Files\Valve
2009-12-15 19:34:47 ----D---- C:\WINDOWS\system32\DirectX
2009-12-15 19:34:34 ----RSD---- C:\WINDOWS\assembly
2009-12-15 19:31:02 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-12 18:21:29 ----D---- C:\Program Files\Opera
2009-12-11 22:19:20 ----D---- C:\Program Files\Common Files\InstallShield

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ACEDRV05;ACEDRV05; \??\C:\WINDOWS\system32\drivers\ACEDRV05.sys []
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-10-24 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-10-24 54280]
R1 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-02-28 36096]
R1 prodrv03;Star Force copy protection driver v3; C:\WINDOWS\System32\drivers\prodrv03.sys [2009-08-12 115968]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-05-13 79488]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-10-24 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-10-24 73224]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2009-06-17 10384]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-10-24 31240]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2009-06-17 20240]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2009-06-17 63248]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2009-06-17 79248]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 SiSGbeXP;SiS191/SiS190 Ethernet Device NDIS 5.1 Driver; C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys [2006-12-20 41600]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-28 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-02-28 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-02-28 26496]
S3 esihdrv;esihdrv; \??\C:\DOCUME~1\Peter\LOCALS~1\Temp\esihdrv.sys []
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM); C:\WINDOWS\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS); C:\WINDOWS\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM); C:\WINDOWS\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-10-24 468224]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-18 153376]
S2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2009-04-08 1377536]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-12-19 66872]
S2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-12-19 103736]
S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-06-29 241734]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-10-24 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-31 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------
Přílohy
vir.jpg
(508.18 KiB) Staženo 463 x

Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Prosim o preventivnu kontrolu pc

#2 Příspěvek od Unlimited_Killer »

Pustíme tam ComboFix.

~~~

Vložte sem log z ComboFix.

Stáhněte a uložte na Plochu ComboFix, poté ho spusťte s administrátorským oprávněním.
Ještě před spuštěním vypněte rezidentní štít antiviru, či antispywaru.
Po spuštění se Vám zobrazí licenční podmínky, klikněte na 'Ano'. Budete také dotázán na instalaci konzole pro zotavení, klikněte na 'Ano'.
Celý sken bude trvat tak 5-10 minut, v závislosti na tom, kolika soubory se bude CF prodírat. Váš PC bude pravděpodobně restartován, tak se toho neděste. Než úplně skončí sken, nic nedělejte, hlavně neklikejte do spuštěného okna s ComboFixem.
Po skončení skenu na Vás vypadne log, který vkopírujete sem.
inactive

stifler123
Návštěvník
Návštěvník
Příspěvky: 17
Registrován: 10 led 2010 13:53

Re: Prosim o preventivnu kontrolu pc

#3 Příspěvek od stifler123 »

Dobrý deň, tu Vám zasielam log z combofixu.

ComboFix 10-01-04.01 - Peter 10.01.2010 16:34:38.1.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.2.1250.421.1033.18.2047.1517 [GMT 1:00]
Running from: c:\documents and settings\Peter\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Peter\Application Data\BITS
c:\documents and settings\Peter\Application Data\BITS\BITS.ini
c:\documents and settings\Peter\Application Data\BITS\UPnP.ini
c:\documents and settings\Peter\Local Settings\Temporary Internet Files\udRemove.exe
c:\documents and settings\Peter\My Documents\cc_20100110_123231.reg
c:\documents and settings\Peter\My Documents\cc_20100110_132619.reg
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\windows\regedit.com
c:\windows\system32\SYSInfo.ocx
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 )))))))))))))))))))))))))))))))
.

2010-01-10 12:47 . 2010-01-10 12:47 -------- d-----w- c:\program files\trend micro
2010-01-10 12:47 . 2010-01-10 12:47 -------- d-----w- C:\rsit
2010-01-10 08:51 . 2010-01-10 08:51 5612800 ----a-w- c:\windows\REGBK00.ZIP
2010-01-10 08:51 . 2010-01-10 08:51 -------- d---a-w- c:\windows\VDLL.DLL
2010-01-10 08:51 . 2010-01-10 08:51 -------- d---a-w- c:\windows\system32\runouce.exe
2010-01-10 08:51 . 2010-01-10 08:51 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-01-10 08:51 . 2010-01-10 08:51 -------- d---a-w- c:\windows\logo_1.exe
2010-01-09 21:48 . 2010-01-09 21:48 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-01-09 21:48 . 2010-01-09 21:48 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-01-09 21:48 . 2010-01-09 21:48 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-01-09 21:48 . 2006-02-28 12:00 146432 ----a-w- c:\windows\R.COM
2010-01-09 21:48 . 2006-02-28 12:00 135680 ----a-w- c:\windows\system32\T.COM
2010-01-09 21:47 . 2010-01-09 21:47 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-01-09 21:47 . 2010-01-09 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MicroWorld
2010-01-09 21:21 . 2010-01-09 21:31 256032 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-09 21:21 . 2010-01-09 21:30 14880 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-01-09 20:58 . 2010-01-09 20:58 -------- d-----w- c:\windows\NU_DATA
2010-01-09 19:18 . 2010-01-09 19:18 -------- d-----w- c:\program files\Data0.Net Software
2010-01-09 10:16 . 2010-01-09 10:16 846312 ----a-w- c:\documents and settings\Peter\Application Data\MSNInstaller\msnauins.exe
2010-01-09 10:16 . 2010-01-09 10:16 -------- d-----w- c:\documents and settings\Peter\Application Data\MSNInstaller
2010-01-07 09:48 . 2010-01-07 09:48 -------- d-----w- c:\documents and settings\Peter\Application Data\Sibelius Software
2010-01-07 09:47 . 2010-01-07 12:40 -------- d-----w- c:\program files\Sibelius Software
2010-01-06 11:25 . 2010-01-06 11:46 -------- d-----w- c:\documents and settings\Peter\Application Data\Eric's TelNet98
2010-01-06 11:21 . 2010-01-06 11:21 -------- d-----w- c:\program files\Eric's TelNet98
2010-01-06 11:20 . 2010-01-06 11:20 -------- d-----w- c:\documents and settings\Peter\Local Settings\Application Data\Help
2010-01-03 11:10 . 2010-01-03 11:10 -------- d-----w- c:\program files\Disney
2010-01-01 15:17 . 2010-01-01 15:17 -------- d-----w- c:\documents and settings\Oco\dwhelper
2010-01-01 11:30 . 2010-01-01 11:30 -------- d-----w- c:\documents and settings\Oco\Local Settings\Application Data\Netscape
2010-01-01 11:30 . 2010-01-01 11:30 -------- d-----w- c:\documents and settings\Oco\Application Data\Netscape
2010-01-01 09:37 . 2010-01-01 09:39 -------- d-----w- c:\documents and settings\Oco\Application Data\Winamp
2010-01-01 09:14 . 2010-01-01 09:14 -------- d-s---w- c:\documents and settings\Oco\UserData
2010-01-01 09:11 . 2010-01-01 09:11 -------- d-----w- c:\documents and settings\Oco\Local Settings\Application Data\Conduit
2010-01-01 09:11 . 2010-01-01 09:11 -------- d-----w- c:\documents and settings\Oco\Local Settings\Application Data\BS_Player
2009-12-28 14:05 . 2009-12-28 14:15 -------- d-----w- c:\windows\Lhsp
2009-12-28 14:04 . 2009-12-28 14:05 -------- d-----w- c:\windows\speech
2009-12-23 14:56 . 2009-12-23 14:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\BS_Player
2009-12-22 15:29 . 2009-12-22 15:29 -------- d-----w- C:\Python26
2009-12-19 16:01 . 2009-12-19 16:01 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-19 16:01 . 2009-12-19 16:01 22328 ----a-w- c:\documents and settings\Peter\Application Data\PnkBstrK.sys
2009-12-19 16:01 . 2009-12-19 16:01 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-19 16:01 . 2009-12-19 16:01 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-19 16:01 . 2009-12-19 16:01 -------- d-----w- c:\windows\system32\LogFiles
2009-12-15 08:41 . 2009-12-15 08:41 -------- d-sh--w- c:\windows\ftpcache
2009-12-11 21:19 . 2009-12-11 21:19 -------- d-----w- c:\program files\LucasArts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 11:25 . 2009-08-13 07:33 69200 ----a-w- c:\documents and settings\Peter\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-09 21:21 . 2010-01-09 21:21 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-01-09 21:21 . 2010-01-09 21:21 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-09 16:08 . 2009-08-27 17:57 -------- d-----w- c:\documents and settings\Peter\Application Data\vlc
2010-01-08 21:09 . 2009-09-02 13:20 -------- d-----w- c:\documents and settings\Peter\Application Data\Skype
2010-01-08 13:27 . 2009-10-17 09:31 -------- d-----w- c:\program files\Flock
2010-01-08 10:03 . 2009-09-02 13:20 -------- d-----w- c:\documents and settings\Peter\Application Data\skypePM
2010-01-03 18:55 . 2009-09-04 15:06 -------- d-----w- c:\documents and settings\Peter\Application Data\uTorrent
2010-01-03 18:05 . 2009-11-28 17:19 -------- d-----w- c:\program files\Steam
2010-01-02 13:05 . 2009-11-07 11:12 -------- d-----w- c:\program files\Garena
2009-12-23 19:30 . 2009-08-12 06:36 -------- d-----w- c:\program files\Valve
2009-12-15 18:31 . 2009-08-10 16:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-12 17:21 . 2009-08-12 16:57 -------- d-----w- c:\program files\Opera
2009-12-11 21:19 . 2009-08-10 16:18 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-11 09:45 . 2009-12-11 09:45 774144 ----a-w- c:\windows\system32\kcpp.dll
2009-12-05 19:23 . 2009-08-14 17:15 -------- d-----w- c:\program files\Xfire
2009-12-05 18:42 . 2009-08-14 17:15 -------- d-----w- c:\documents and settings\Peter\Application Data\Xfire
2009-12-04 15:39 . 2009-12-04 15:39 -------- d-----w- c:\documents and settings\Peter\Application Data\VitySoft
2009-12-01 10:08 . 2009-11-20 17:34 -------- d-----w- c:\program files\Electronic Arts
2009-12-01 10:06 . 2009-12-01 10:06 -------- d-----w- c:\documents and settings\Peter\Application Data\ImgBurn
2009-12-01 10:06 . 2009-12-01 10:06 -------- d-----w- c:\program files\ImgBurn
2009-11-30 20:30 . 2009-11-30 20:30 -------- d-----w- c:\program files\Sunbelt Software
2009-11-30 19:33 . 2009-11-30 19:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-28 17:48 . 2009-11-14 10:17 -------- d-----w- c:\program files\7-Zip
2009-11-27 16:55 . 2009-08-16 17:35 -------- d-----w- c:\program files\Winamp
2009-11-26 21:19 . 2009-11-20 18:22 -------- d-----w- c:\program files\SpeedFan
2009-11-26 13:07 . 2009-11-26 13:07 -------- d-----w- c:\program files\HD Tune Pro
2009-11-25 16:37 . 2009-11-25 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Musicnotes
2009-11-24 16:30 . 2009-11-20 17:05 -------- d-----w- c:\documents and settings\Peter\Application Data\BSplayer
2009-11-23 19:17 . 2009-11-23 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-11-23 17:08 . 2009-11-23 17:08 6524 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-11-22 10:56 . 2009-11-20 18:47 -------- d-----w- c:\documents and settings\Peter\Application Data\My Battle for Middle-earth(tm) II Files
2009-11-21 18:10 . 2009-11-21 11:33 -------- d-----w- c:\program files\HWiNFO32
2009-11-20 17:06 . 2009-11-20 17:05 -------- d-----w- c:\program files\BS_Player
2009-11-20 17:05 . 2009-11-20 17:05 -------- d-----w- c:\program files\Conduit
2009-11-20 17:05 . 2009-08-27 12:28 -------- d-----w- c:\program files\Webteh
2009-11-20 08:36 . 2009-08-13 15:29 -------- d-----w- c:\documents and settings\Peter\Application Data\BitTorrent
2009-11-20 08:36 . 2009-08-13 15:29 -------- d-----w- c:\program files\BitTorrent
2009-11-20 08:30 . 2009-11-20 08:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2009-11-20 08:26 . 2009-09-04 15:07 -------- d-----w- c:\program files\uTorrent
2009-11-19 19:47 . 2009-11-19 19:47 -------- d-----w- c:\program files\PremiumSoft
2009-11-18 15:34 . 2009-11-18 15:34 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-11-17 19:11 . 2009-11-17 19:11 -------- d-----w- c:\program files\FlashFXP
2009-11-17 19:09 . 2009-11-17 19:04 -------- d-----w- c:\program files\GoFTP
2009-11-17 11:58 . 2009-11-17 11:58 97792 ----a-w- c:\windows\system32\drivers\ACEDRV05.sys
2009-11-17 11:46 . 2009-11-17 11:46 -------- d-----w- c:\program files\Ascaron Entertainment
2009-11-16 07:32 . 2009-08-14 17:06 -------- d-----w- c:\documents and settings\Peter\Application Data\ESTsoft
2009-11-16 07:32 . 2009-08-14 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ESTsoft
2009-11-14 21:57 . 2009-11-14 21:57 -------- d-----w- c:\program files\ESTsoft
2009-11-12 20:20 . 2009-10-18 11:42 -------- d-----w- c:\program files\SwiftKit
2009-11-12 20:17 . 2009-10-18 11:25 38 ----a-w- c:\documents and settings\Peter\jagex_runescape_preferences.dat
2009-11-12 20:04 . 2009-10-18 11:26 63 ----a-w- c:\documents and settings\Peter\jagex_runescape_preferences2.dat
2009-10-26 07:24 . 2009-10-26 07:24 2149888 ----a-w- c:\windows\system32\python26.dll
2009-10-25 08:53 . 2009-10-25 08:53 10 ----a-w- c:\documents and settings\Peter\uid.dat
2009-10-18 11:22 . 2009-10-18 11:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-18 11:21 . 2009-10-18 11:21 152576 ----a-w- c:\documents and settings\Peter\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-11-20 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-11-20 17:07 2166296 ----a-w- c:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-11-20 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-11-20 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-18 149280]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Peter^Start Menu^Programs^Startup^Cashfiesta.lnk]
path=c:\documents and settings\Peter\Start Menu\Programs\Startup\Cashfiesta.lnk
backup=c:\windows\pss\Cashfiesta.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Peter^Start Menu^Programs^Startup^Logitech . Registrácia výrobku.lnk]
path=c:\documents and settings\Peter\Start Menu\Programs\Startup\Logitech . Registrácia výrobku.lnk
backup=c:\windows\pss\Logitech . Registrácia výrobku.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Peter^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Peter\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-09-14 20:09 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-25 20:17 135664 ----atw- c:\documents and settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]
2009-06-30 09:37 2893064 ----a-w- c:\program files\TechSmith\Jing\Jing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2009-04-07 23:39 2553088 ----a-w- c:\windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2008-02-20 15:19 356352 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speed Typing]
2002-12-12 18:18 101376 ----a-w- c:\program files\Invention Pilot\Speed Typing\STyping.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-12-17 19:21 1217808 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-09-04 15:07 288560 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Valve\\hltv.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Goiceasoft Studios\\Counter Strike 1.8 Goiceasoft\\cstrike.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Goiceasoft Studios\\Counter Strike 1.8 Goiceasoft\\hl.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"d:\\Warcraft III\\Warcraft III.exe"=
"c:\\Vietcong2\\vietcong2.exe"=
"c:\\Program Files\\Ascaron Entertainment\\Sacred Underworld\\sacred.exe"=
"c:\\Program Files\\Ascaron Entertainment\\Sacred Underworld\\gameserver.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"d:\\Programy\\Left4dead\\left4dead.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Programy\\Activision\\Call-of-duty4\\iw3mp.exe"=
"c:\\Program Files\\Eric's TelNet98\\Telnet98.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20580:TCP"= 20580:TCP:*:Disabled:BitComet 20580 TCP
"20580:UDP"= 20580:UDP:*:Disabled:BitComet 20580 UDP

R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [21.11.2009 12:33 19064]
R1 prodrv03;Star Force copy protection driver v3;c:\windows\system32\drivers\prodrv03.sys [12.8.2009 18:35 115968]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [24.10.2008 19:51 468224]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 12:27 1074568]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [11.8.2009 15:28 10384]
S3 esihdrv;esihdrv;\??\c:\docume~1\Peter\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\Peter\LOCALS~1\Temp\esihdrv.sys [?]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [8.9.2009 20:26 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [8.9.2009 20:26 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [8.9.2009 20:26 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [8.9.2009 20:26 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [8.9.2009 20:26 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [8.9.2009 20:26 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [8.9.2009 20:26 110120]
.
Contents of the 'Scheduled Tasks' folder

2010-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2010-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-117609710-839522115-1004Core.job
- c:\documents and settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-25 20:17]

2010-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-117609710-839522115-1004UA.job
- c:\documents and settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-25 20:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT1750559
uDefault_Search_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
FF - ProfilePath - c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\kjexd1t2.default\
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://google.sk
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Peter\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-NiwradSoft Welcome - c:\windows\NiwradSoft Shell Pack\Tools\NS Welcome.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-TrueTransparency - c:\docume~1\Peter\LOCALS~1\Temp\Rar$EX00.860\TrueTransparency\TrueTransparency.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 16:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"="BUSINESS EDITION"
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:0000041b
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{1EB8437B-5AE0-40CC-BEB8-4C3BF3E4635D}"
"ProductName"="ESET Smart Security"
"ProductType"="essbe"
"ProductVersion"="3.0.684.0"
"UniqueId"="000330A64A804ADE"
"ScannerBuild"=dword:00001583
"ScannerVersionId"=dword:00001105
"ScannerVersion"="Open window for status."
"FixId"=dword:00000005
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2010-01-10 16:41:36
ComboFix-quarantined-files.txt 2010-01-10 15:41

Pre-Run: 23 953 510 400 bytes free
Post-Run: 26 695 409 664 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=9 Default=9 Failed=8 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - B2989EB7E968018FF61DAB85C6F85EF4

stifler123
Návštěvník
Návštěvník
Příspěvky: 17
Registrován: 10 led 2010 13:53

Re: Prosim o preventivnu kontrolu pc

#4 Příspěvek od stifler123 »

Ďalší postreh, nejde mi zvuk. Skúsil som odinštalovať a zase nainštalovať no nič. Vedel by mi niekto poradiť?

Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Prosim o preventivnu kontrolu pc

#5 Příspěvek od Unlimited_Killer »

Jdu tu havěť odmazat, je tam toho požehnaně, třeba s tím ten zvuk souvisí, ale nejdříve poprosím o nový ComboFix, jestli se tam nedostalo něco dalšího.
inactive

stifler123
Návštěvník
Návštěvník
Příspěvky: 17
Registrován: 10 led 2010 13:53

Re: Prosim o preventivnu kontrolu pc

#6 Příspěvek od stifler123 »

ComboFix 10-01-04.01 - Peter 10.01.2010 21:13:58.2.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.2.1250.421.1033.18.2047.1551 [GMT 1:00]
Running from: c:\documents and settings\Peter\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 )))))))))))))))))))))))))))))))
.

2010-01-10 20:13 . 2010-01-10 20:13 -------- d-----w- C:\32788R22FWJFW
2010-01-10 19:40 . 2010-01-10 19:40 -------- d-----w- c:\program files\Winamp Detect
2010-01-10 19:40 . 2010-01-10 19:41 -------- d-----w- c:\documents and settings\Peter\Application Data\Winamp
2010-01-10 19:29 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-01-10 19:29 . 2009-01-07 18:14 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-01-10 19:29 . 2010-01-10 19:30 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-01-10 12:47 . 2010-01-10 12:47 -------- d-----w- c:\program files\trend micro
2010-01-10 12:47 . 2010-01-10 12:47 -------- d-----w- C:\rsit
2010-01-10 08:51 . 2010-01-10 08:51 5612800 ----a-w- c:\windows\REGBK00.ZIP
2010-01-10 08:51 . 2010-01-10 08:51 -------- d---a-w- c:\windows\VDLL.DLL
2010-01-10 08:51 . 2010-01-10 08:51 -------- d---a-w- c:\windows\system32\runouce.exe
2010-01-10 08:51 . 2010-01-10 08:51 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-01-10 08:51 . 2010-01-10 08:51 -------- d---a-w- c:\windows\logo_1.exe
2010-01-09 21:48 . 2010-01-09 21:48 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-01-09 21:48 . 2010-01-09 21:48 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-01-09 21:48 . 2010-01-09 21:48 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-01-09 21:48 . 2006-02-28 12:00 146432 ----a-w- c:\windows\R.COM
2010-01-09 21:48 . 2006-02-28 12:00 135680 ----a-w- c:\windows\system32\T.COM
2010-01-09 21:47 . 2010-01-09 21:47 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-01-09 21:47 . 2010-01-09 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MicroWorld
2010-01-09 21:21 . 2010-01-09 21:31 256032 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-09 21:21 . 2010-01-09 21:30 14880 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-01-09 20:58 . 2010-01-09 20:58 -------- d-----w- c:\windows\NU_DATA
2010-01-09 19:18 . 2010-01-09 19:18 -------- d-----w- c:\program files\Data0.Net Software
2010-01-09 10:16 . 2010-01-09 10:16 846312 ----a-w- c:\documents and settings\Peter\Application Data\MSNInstaller\msnauins.exe
2010-01-09 10:16 . 2010-01-09 10:16 -------- d-----w- c:\documents and settings\Peter\Application Data\MSNInstaller
2010-01-07 09:48 . 2010-01-07 09:48 -------- d-----w- c:\documents and settings\Peter\Application Data\Sibelius Software
2010-01-07 09:47 . 2010-01-07 12:40 -------- d-----w- c:\program files\Sibelius Software
2010-01-06 11:25 . 2010-01-06 11:46 -------- d-----w- c:\documents and settings\Peter\Application Data\Eric's TelNet98
2010-01-06 11:21 . 2010-01-06 11:21 -------- d-----w- c:\program files\Eric's TelNet98
2010-01-06 11:20 . 2010-01-06 11:20 -------- d-----w- c:\documents and settings\Peter\Local Settings\Application Data\Help
2010-01-03 11:10 . 2010-01-03 11:10 -------- d-----w- c:\program files\Disney
2010-01-01 15:17 . 2010-01-01 15:17 -------- d-----w- c:\documents and settings\Oco\dwhelper
2010-01-01 11:30 . 2010-01-01 11:30 -------- d-----w- c:\documents and settings\Oco\Local Settings\Application Data\Netscape
2010-01-01 11:30 . 2010-01-01 11:30 -------- d-----w- c:\documents and settings\Oco\Application Data\Netscape
2010-01-01 09:37 . 2010-01-01 09:39 -------- d-----w- c:\documents and settings\Oco\Application Data\Winamp
2010-01-01 09:14 . 2010-01-01 09:14 -------- d-s---w- c:\documents and settings\Oco\UserData
2010-01-01 09:11 . 2010-01-01 09:11 -------- d-----w- c:\documents and settings\Oco\Local Settings\Application Data\Conduit
2010-01-01 09:11 . 2010-01-01 09:11 -------- d-----w- c:\documents and settings\Oco\Local Settings\Application Data\BS_Player
2009-12-28 14:05 . 2009-12-28 14:15 -------- d-----w- c:\windows\Lhsp
2009-12-28 14:04 . 2009-12-28 14:05 -------- d-----w- c:\windows\speech
2009-12-23 14:56 . 2009-12-23 14:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\BS_Player
2009-12-22 15:29 . 2009-12-22 15:29 -------- d-----w- C:\Python26
2009-12-19 16:01 . 2009-12-19 16:01 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-19 16:01 . 2009-12-19 16:01 22328 ----a-w- c:\documents and settings\Peter\Application Data\PnkBstrK.sys
2009-12-19 16:01 . 2009-12-19 16:01 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-19 16:01 . 2009-12-19 16:01 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-19 16:01 . 2009-12-19 16:01 -------- d-----w- c:\windows\system32\LogFiles
2009-12-15 08:41 . 2009-12-15 08:41 -------- d-sh--w- c:\windows\ftpcache
2009-12-11 21:19 . 2009-12-11 21:19 -------- d-----w- c:\program files\LucasArts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 19:42 . 2009-08-16 17:35 -------- d-----w- c:\program files\Winamp
2010-01-10 19:28 . 2009-08-26 07:36 -------- d-----w- c:\documents and settings\Peter\Application Data\DivX
2010-01-10 11:25 . 2009-08-13 07:33 69200 ----a-w- c:\documents and settings\Peter\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-09 21:21 . 2010-01-09 21:21 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-01-09 21:21 . 2010-01-09 21:21 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-09 16:08 . 2009-08-27 17:57 -------- d-----w- c:\documents and settings\Peter\Application Data\vlc
2010-01-08 21:09 . 2009-09-02 13:20 -------- d-----w- c:\documents and settings\Peter\Application Data\Skype
2010-01-08 13:27 . 2009-10-17 09:31 -------- d-----w- c:\program files\Flock
2010-01-08 10:03 . 2009-09-02 13:20 -------- d-----w- c:\documents and settings\Peter\Application Data\skypePM
2010-01-03 18:55 . 2009-09-04 15:06 -------- d-----w- c:\documents and settings\Peter\Application Data\uTorrent
2010-01-03 18:05 . 2009-11-28 17:19 -------- d-----w- c:\program files\Steam
2010-01-02 13:05 . 2009-11-07 11:12 -------- d-----w- c:\program files\Garena
2009-12-23 19:30 . 2009-08-12 06:36 -------- d-----w- c:\program files\Valve
2009-12-15 18:31 . 2009-08-10 16:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-12 17:21 . 2009-08-12 16:57 -------- d-----w- c:\program files\Opera
2009-12-11 21:19 . 2009-08-10 16:18 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-11 09:45 . 2009-12-11 09:45 774144 ----a-w- c:\windows\system32\kcpp.dll
2009-12-05 19:23 . 2009-08-14 17:15 -------- d-----w- c:\program files\Xfire
2009-12-05 18:42 . 2009-08-14 17:15 -------- d-----w- c:\documents and settings\Peter\Application Data\Xfire
2009-12-04 15:39 . 2009-12-04 15:39 -------- d-----w- c:\documents and settings\Peter\Application Data\VitySoft
2009-12-01 10:08 . 2009-11-20 17:34 -------- d-----w- c:\program files\Electronic Arts
2009-12-01 10:06 . 2009-12-01 10:06 -------- d-----w- c:\documents and settings\Peter\Application Data\ImgBurn
2009-12-01 10:06 . 2009-12-01 10:06 -------- d-----w- c:\program files\ImgBurn
2009-11-30 20:30 . 2009-11-30 20:30 -------- d-----w- c:\program files\Sunbelt Software
2009-11-30 19:33 . 2009-11-30 19:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-28 17:48 . 2009-11-14 10:17 -------- d-----w- c:\program files\7-Zip
2009-11-26 21:19 . 2009-11-20 18:22 -------- d-----w- c:\program files\SpeedFan
2009-11-26 13:07 . 2009-11-26 13:07 -------- d-----w- c:\program files\HD Tune Pro
2009-11-25 16:37 . 2009-11-25 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Musicnotes
2009-11-24 16:30 . 2009-11-20 17:05 -------- d-----w- c:\documents and settings\Peter\Application Data\BSplayer
2009-11-23 19:17 . 2009-11-23 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-11-23 17:08 . 2009-11-23 17:08 6524 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-11-22 10:56 . 2009-11-20 18:47 -------- d-----w- c:\documents and settings\Peter\Application Data\My Battle for Middle-earth(tm) II Files
2009-11-21 18:10 . 2009-11-21 11:33 -------- d-----w- c:\program files\HWiNFO32
2009-11-20 17:06 . 2009-11-20 17:05 -------- d-----w- c:\program files\BS_Player
2009-11-20 17:05 . 2009-11-20 17:05 -------- d-----w- c:\program files\Conduit
2009-11-20 17:05 . 2009-08-27 12:28 -------- d-----w- c:\program files\Webteh
2009-11-20 08:36 . 2009-08-13 15:29 -------- d-----w- c:\documents and settings\Peter\Application Data\BitTorrent
2009-11-20 08:36 . 2009-08-13 15:29 -------- d-----w- c:\program files\BitTorrent
2009-11-20 08:30 . 2009-11-20 08:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2009-11-20 08:26 . 2009-09-04 15:07 -------- d-----w- c:\program files\uTorrent
2009-11-19 19:47 . 2009-11-19 19:47 -------- d-----w- c:\program files\PremiumSoft
2009-11-18 15:34 . 2009-11-18 15:34 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-11-17 19:11 . 2009-11-17 19:11 -------- d-----w- c:\program files\FlashFXP
2009-11-17 19:09 . 2009-11-17 19:04 -------- d-----w- c:\program files\GoFTP
2009-11-17 11:58 . 2009-11-17 11:58 97792 ----a-w- c:\windows\system32\drivers\ACEDRV05.sys
2009-11-17 11:46 . 2009-11-17 11:46 -------- d-----w- c:\program files\Ascaron Entertainment
2009-11-16 07:32 . 2009-08-14 17:06 -------- d-----w- c:\documents and settings\Peter\Application Data\ESTsoft
2009-11-16 07:32 . 2009-08-14 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ESTsoft
2009-11-14 21:57 . 2009-11-14 21:57 -------- d-----w- c:\program files\ESTsoft
2009-11-12 20:20 . 2009-10-18 11:42 -------- d-----w- c:\program files\SwiftKit
2009-11-12 20:17 . 2009-10-18 11:25 38 ----a-w- c:\documents and settings\Peter\jagex_runescape_preferences.dat
2009-11-12 20:04 . 2009-10-18 11:26 63 ----a-w- c:\documents and settings\Peter\jagex_runescape_preferences2.dat
2009-10-26 07:24 . 2009-10-26 07:24 2149888 ----a-w- c:\windows\system32\python26.dll
2009-10-25 08:53 . 2009-10-25 08:53 10 ----a-w- c:\documents and settings\Peter\uid.dat
2009-10-18 11:22 . 2009-10-18 11:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-18 11:21 . 2009-10-18 11:21 152576 ----a-w- c:\documents and settings\Peter\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-10_15.40.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-10 19:53 . 2010-01-10 19:53 16384 c:\windows\Temp\Perflib_Perfdata_3cc.dat
+ 2010-01-10 19:30 . 2004-05-18 18:16 39936 c:\windows\system32\huffyuv.dll
+ 2010-01-10 19:30 . 2009-05-01 21:02 90112 c:\windows\system32\dpl100.dll
+ 2010-01-10 19:30 . 1998-05-12 18:36 5632 c:\windows\system32\pndx5032.dll
- 2009-08-13 15:23 . 1998-05-12 18:36 5632 c:\windows\system32\pndx5032.dll
+ 2010-01-10 19:30 . 1998-03-26 02:57 6656 c:\windows\system32\pndx5016.dll
- 2009-08-13 15:23 . 1998-03-26 02:57 6656 c:\windows\system32\pndx5016.dll
+ 2010-01-10 19:30 . 2004-01-25 16:18 217088 c:\windows\system32\yv12vfw.dll
- 2009-08-13 15:22 . 2004-01-25 16:18 217088 c:\windows\system32\yv12vfw.dll
+ 2010-01-10 19:30 . 2009-05-29 21:37 205824 c:\windows\system32\xvidvfw.dll
+ 2010-01-10 19:30 . 2009-05-29 21:31 881664 c:\windows\system32\xvidcore.dll
+ 2010-01-10 19:30 . 2006-04-02 12:47 630784 c:\windows\system32\vp7vfw.dll
+ 2010-01-10 19:30 . 2004-12-10 08:03 438272 c:\windows\system32\vp6vfw.dll
+ 2010-01-10 19:30 . 2008-09-16 19:23 168448 c:\windows\system32\unrar.dll
- 2009-08-13 15:23 . 2008-09-10 18:56 185920 c:\windows\system32\rmoc3260.dll
+ 2010-01-10 19:30 . 2008-09-10 18:56 185920 c:\windows\system32\rmoc3260.dll
- 2009-08-13 15:23 . 2001-06-22 23:31 278528 c:\windows\system32\pncrt.dll
+ 2010-01-10 19:30 . 2001-06-22 23:31 278528 c:\windows\system32\pncrt.dll
+ 2010-01-10 19:30 . 1997-04-07 17:19 391680 c:\windows\system32\I263_32.drv
+ 2010-01-10 19:30 . 2009-05-01 21:02 685056 c:\windows\system32\divx.dll
+ 2010-01-10 19:30 . 2009-07-29 06:35 2378752 c:\windows\system32\x264vfw.dll
- 2009-08-13 15:22 . 2008-11-06 16:37 3596288 c:\windows\system32\qt-dx331.dll
+ 2010-01-10 19:30 . 2008-11-06 16:37 3596288 c:\windows\system32\qt-dx331.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-11-20 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-11-20 17:07 2166296 ----a-w- c:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-11-20 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-11-20 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-18 149280]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-21 39424]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Peter^Start Menu^Programs^Startup^Cashfiesta.lnk]
path=c:\documents and settings\Peter\Start Menu\Programs\Startup\Cashfiesta.lnk
backup=c:\windows\pss\Cashfiesta.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Peter^Start Menu^Programs^Startup^Logitech . Registrácia výrobku.lnk]
path=c:\documents and settings\Peter\Start Menu\Programs\Startup\Logitech . Registrácia výrobku.lnk
backup=c:\windows\pss\Logitech . Registrácia výrobku.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Peter^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Peter\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-09-14 20:09 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-25 20:17 135664 ----atw- c:\documents and settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]
2009-06-30 09:37 2893064 ----a-w- c:\program files\TechSmith\Jing\Jing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2009-04-07 23:39 2553088 ----a-w- c:\windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2008-02-20 15:19 356352 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speed Typing]
2002-12-12 18:18 101376 ----a-w- c:\program files\Invention Pilot\Speed Typing\STyping.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-12-17 19:21 1217808 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-09-04 15:07 288560 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-12-21 05:45 39424 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Valve\\hltv.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Goiceasoft Studios\\Counter Strike 1.8 Goiceasoft\\cstrike.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Goiceasoft Studios\\Counter Strike 1.8 Goiceasoft\\hl.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"d:\\Warcraft III\\Warcraft III.exe"=
"c:\\Vietcong2\\vietcong2.exe"=
"c:\\Program Files\\Ascaron Entertainment\\Sacred Underworld\\sacred.exe"=
"c:\\Program Files\\Ascaron Entertainment\\Sacred Underworld\\gameserver.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"d:\\Programy\\Left4dead\\left4dead.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Programy\\Activision\\Call-of-duty4\\iw3mp.exe"=
"c:\\Program Files\\Eric's TelNet98\\Telnet98.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20580:TCP"= 20580:TCP:*:Disabled:BitComet 20580 TCP
"20580:UDP"= 20580:UDP:*:Disabled:BitComet 20580 UDP

R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [21.11.2009 12:33 19064]
R1 prodrv03;Star Force copy protection driver v3;c:\windows\system32\drivers\prodrv03.sys [12.8.2009 18:35 115968]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [24.10.2008 19:51 468224]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 12:27 1074568]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [11.8.2009 15:28 10384]
S3 esihdrv;esihdrv;\??\c:\docume~1\Peter\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\Peter\LOCALS~1\Temp\esihdrv.sys [?]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [8.9.2009 20:26 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [8.9.2009 20:26 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [8.9.2009 20:26 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [8.9.2009 20:26 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [8.9.2009 20:26 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [8.9.2009 20:26 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [8.9.2009 20:26 110120]
.
Contents of the 'Scheduled Tasks' folder

2010-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2010-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-117609710-839522115-1004Core.job
- c:\documents and settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-25 20:17]

2010-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-117609710-839522115-1004UA.job
- c:\documents and settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-25 20:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT1750559
uDefault_Search_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
FF - ProfilePath - c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\kjexd1t2.default\
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://google.sk
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Peter\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"="BUSINESS EDITION"
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:0000041b
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{1EB8437B-5AE0-40CC-BEB8-4C3BF3E4635D}"
"ProductName"="ESET Smart Security"
"ProductType"="essbe"
"ProductVersion"="3.0.684.0"
"UniqueId"="000330A64A804ADE"
"ScannerBuild"=dword:00001583
"ScannerVersionId"=dword:00001105
"ScannerVersion"="Open window for status."
"FixId"=dword:00000005
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1072)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(1828)
c:\windows\system32\msi.dll
.
Completion time: 2010-01-10 21:20:20
ComboFix-quarantined-files.txt 2010-01-10 20:20
ComboFix2.txt 2010-01-10 15:41

Pre-Run: 26 606 604 288 bytes free
Post-Run: 26 572 300 288 bytes free

Current=9 Default=9 Failed=8 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - B459C58BB28CE5866223B58F386C2DF6

Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Prosim o preventivnu kontrolu pc

#7 Příspěvek od Unlimited_Killer »

Jdeme na to.
Máte tam dva antiviry - ESET Smart Security 3.0 a Kaspersky Anti-Virus - takže jeden odinstalujte!

~~~

Znáte složky:

Kód: Vybrat vše

c:\windows\Lhsp
c:\windows\speech
C:\Python26
?
Jestli ne, co je v nich?

~~~

Otestujte na VirusTotal soubory:

Kód: Vybrat vše

c:\windows\REGBK00.ZIP
Jednoduše tam vkopírujete cesty, co jsem napsal do code, když Vám to napíše, že soubor byl testován, dejte otestovat znovu. Poté jsem vložíte linky (odkazy) na jednotlivé testy.

~~~

Otevřete si Poznámkový blok a zkopírujte do něj

Kód: Vybrat vše

KillAll::

Collect::
c:\windows\logo_1.exe
c:\windows\RUNDL132.EXE
c:\windows\system32\runouce.exe
c:\windows\VDLL.DLL
c:\docume~1\Peter\LOCALS~1\Temp\esihdrv.sys

File::
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-117609710-839522115-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-117609710-839522115-1004UA.job

Folder::
C:\32788R22FWJFW
C:\Program Files\AskSearch
C:\PROGRA~1\CASHFI~1

Extra::
DDS::
uStart Page = hxxp://search.conduit.com/?SearchSource ... =CT1750559
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip

Registry::
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://seznam.cz"
[HKLM\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{C94E154B-1459-4A47-966B-4B843BEFC7DB}"=-
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"=-
"Adobe Reader Speed Launcher"=-
"SunJavaUpdateSched"=-
"UserFaultCheck"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NiwradSoft Welcome]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueTransparency]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Peter^Start Menu^Programs^Startup^Cashfiesta.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Peter^Start Menu^Programs^Startup^Logitech . Registrácia výrobku.lnk]

Driver::
JavaQuickStarterService
esihdrv
uložte to na Plochu jako CFScript.txt Pak jej myší přetáhněte nad ComboFix (!musí být na Ploše!) a pusťte.

Obrázek

ComboFix vykoná příkazy ze skriptu, PC může být opět restartován.
Po skončení mi sem dejte log, který na Vás po dočistění vybafne.

~~~

Spusťte přejmenované HiJackThis - C:\Program Files\Trend Micro\HijackThis\jmeno_usera.exe
Klikněte na 'Do a system scan only'.
U níže uvedených položek udělejte fajfku do čtverečku a poté klikněte na 'Fix Checked'.
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
Pokud by tam nějaká položka nebyla, vynechte ji.

~~~

Stáhněte MBAM a postupujte podle popisu. Zatím nic nemažte, MBAM má občas falešné detekce.
Potom mi sem vložte log.
inactive

stifler123
Návštěvník
Návštěvník
Příspěvky: 17
Registrován: 10 led 2010 13:53

Re: Prosim o preventivnu kontrolu pc

#8 Příspěvek od stifler123 »

No, tak už sa ani nedostanem do môjho účtu. Keď má nabehnúť vybranie medi účtami tak vypíše iba winlogon.exe error a potom, že je ešte poškodená nejaká dll. Skúsil som safe mode no ani tam sa nedostanem opäť mi vypíše error vo winlogon.exe . Dnes keď som zapol pc tak mi vybehol chkdsk a vymazalo mi to veľa súborov a indexov. Ale neprihlásilo ma. Max teraz spustím recovery console. Prosím Vás pomôžte mi nechcem formátovať disk, mám tam veľa súborov a programov. Teraz píšem z notebooku.

Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Prosim o preventivnu kontrolu pc

#9 Příspěvek od Unlimited_Killer »

Nefunguje ani Nouzový Režim?
inactive

stifler123
Návštěvník
Návštěvník
Příspěvky: 17
Registrován: 10 led 2010 13:53

Re: Prosim o preventivnu kontrolu pc

#10 Příspěvek od stifler123 »

nie funguje len recorvery console

Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Prosim o preventivnu kontrolu pc

#11 Příspěvek od Unlimited_Killer »

0K, poptám se kolegů.
inactive

Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Prosim o preventivnu kontrolu pc

#12 Příspěvek od Unlimited_Killer »

Takže při bootování systému mačkat F8 -> Poté zvolit 'Poslední známá funkční konfigurace'.
inactive

stifler123
Návštěvník
Návštěvník
Příspěvky: 17
Registrován: 10 led 2010 13:53

Re: Prosim o preventivnu kontrolu pc

#13 Příspěvek od stifler123 »

Nic nefunguje okrem recovery console. Ani nudzovy, ani posledna znama konfigurace, ani normalny boot.

Vzdy napise ze winlogon.exe error. chyba kniznica comdlg32.dll

Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Prosim o preventivnu kontrolu pc

#14 Příspěvek od Unlimited_Killer »

Kolega Naughty mi pomohl.

~~~

Vložte do mechaniky inst. CD.

~~~

Jděte do Recovery Console (konzole pro zotavení).
V RC

Expand d:\i386\comdlg32.dl_ c:\Windows\System32\comdlg32.dll {odentrujes}
exit {odentrujes}

Poznámky:
d - je písmeno jednotky CD/DVD
Při vyzve o přepsaní zmáčkni Y {odentrovat}
Při potvrzeni příkazu exit dojde k restartu
inactive

stifler123
Návštěvník
Návštěvník
Příspěvky: 17
Registrován: 10 led 2010 13:53

Re: Prosim o preventivnu kontrolu pc

#15 Příspěvek od stifler123 »

Urobil som to presne ako ste napísali no nevie nájsť zložku. Vypíše mi to " The system cannot find the file or directory specified."

Odpovědět