samovolne spustanie firefoxu - spyware?

Antivirové programy, firewally, viry, spyware, aktuální hrozby

Moderátor: Moderátoři Živě.cz

Odeslat příspěvekod phoenix 5. 7. 2007 00:57

skuste mi prosimvas pomoct, od vcera vecera sa mi zacal sam od seba spustat firefox a otvaraju sa v nom stranky na nejake online hry, porno, apod. nezmysly....robi to tak cca. 2x za hodinu.
neviem v com moze byt problem, system som presiel SD-search&destroy, ad-awareom a norton antivirom a nenaslo ziadne virusy ani spyware...
neviete niekto poradit co s tym? dik moc.
phoenix
Junior

Odeslat příspěvekod Levlard 5. 7. 2007 07:59

Vlož sem log z HijackThis - http://forum.zive.cz/viewtopic.php?t=51265
Levlard
VIP uživatel
Uživatelský avatar

Odeslat příspěvekod phoenix 5. 7. 2007 21:56

Logfile of HijackThis v1.99.1
Scan saved at 21:55:29, on 5. 7. 2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\system32\isys32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Nokia\Nokia PC Suite 6\OneTouchAccess.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ANDREJ~1\LOCALS~1\Temp\Rar$EX00.187\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [MonAppli] C:\Windows\system32\isys32.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3514555015
O17 - HKLM\System\CCS\Services\Tcpip\..\{C63F93E0-3C0F-4D16-BC6A-F3D6F7F252A6}: NameServer = 194.154.230.80 195.91.78.80
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
phoenix
Junior

Odeslat příspěvekod Levlard 6. 7. 2007 08:15

1) Ukonči ve Správci úloh (CTRL+ALT+DELETE) a smaž z disku:

C:\Windows\system32\isys32.exe

2) Fixni v HijackThis:

O4 - HKLM\..\Run: [MonAppli] C:\Windows\system32\isys32.exe

3) Stáhni si na plochu, ukonči všechna aktivní okna a spusť ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Vlož sem vytvořený log z ComboFixu.
Levlard
VIP uživatel
Uživatelský avatar

Odeslat příspěvekod phoenix 7. 7. 2007 00:16

hm a ten subor isys32.exe, co to je zac?
btw, kym ten combofix scanoval system, padol mi explorer...ale log to spravilo, tu je:

"Andrej Maliç" - 2007-07-07 0:10:00 - ComboFix 07-07-04.4 - Service Pack 2


((((((((((((((((((((((((( Files Created from 2007-06-06 to 2007-07-06 )))))))))))))))))))))))))))))))


2007-07-07 00:09 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-05 22:21 <DIR> d-------- C:\WINDOWS\system32\oodag
2007-07-05 01:18 <DIR> d-------- C:\Program Files\Windows Defender
2007-07-04 23:58 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-04 17:08 <DIR> d-------- C:\DOCUME~1\ANDREJ~1\APPLIC~1\Lavasoft
2007-07-04 14:29 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-04 14:29 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-04 14:29 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-04 14:29 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-04 14:29 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-04 14:29 <DIR> d-------- C:\Program Files\Winamp
2007-07-04 13:48 <DIR> d-------- C:\DOCUME~1\ANDREJ~1\APPLIC~1\DivX
2007-07-04 13:21 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-07-04 13:14 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-07-04 13:12 <DIR> d-------- C:\Program Files\Overbond
2007-07-04 13:10 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-04 13:04 <DIR> d-------- C:\Program Files\OO Software
2007-07-04 12:59 <DIR> d-------- C:\Program Files\DivX
2007-07-04 12:58 <DIR> d-------- C:\Program Files\PowerISO
2007-07-04 12:53 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-07-04 12:49 <DIR> d-------- C:\Downloads
2007-07-04 11:54 <DIR> d-------- C:\DOCUME~1\ANDREJ~1\APPLIC~1\Thunderbird
2007-07-04 11:47 <DIR> d--h----- C:\WINDOWS\PIF
2007-07-04 11:35 <DIR> d-------- C:\Program Files\SymNetDrv
2007-07-04 11:21 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-07-04 11:21 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-07-04 11:21 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-07-04 11:21 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-07-04 11:21 <DIR> d-------- C:\DOCUME~1\ANDREJ~1\APPLIC~1\Symantec
2007-07-04 11:20 <DIR> d-------- C:\Program Files\Symantec
2007-07-04 11:20 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-04 11:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-07-04 04:57 <DIR> d-------- C:\DOCUME~1\ANDREJ~1\APPLIC~1\Joost
2007-07-04 04:56 <DIR> d-------- C:\Program Files\Joost
2007-07-04 04:50 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-07-04 04:49 765,952 --------- C:\WINDOWS\system32\msvcp71d.dll
2007-07-04 04:49 737,280 --------- C:\WINDOWS\system32\msvcp70d.dll
2007-07-04 04:49 57,856 --------- C:\WINDOWS\system32\MASD32.DLL
2007-07-04 04:49 544,768 --------- C:\WINDOWS\system32\msvcr71d.dll
2007-07-04 04:49 536,576 --------- C:\WINDOWS\system32\msvcr70d.dll
2007-07-04 04:49 446,464 --------- C:\WINDOWS\system32\HHActiveX.dll
2007-07-04 04:49 385,100 --------- C:\WINDOWS\system32\MSVCRTD.DLL
2007-07-04 04:49 27,648 --------- C:\WINDOWS\system32\MA32.DLL
2007-07-04 04:49 2,179,072 --------- C:\WINDOWS\system32\mfc71d.dll
2007-07-04 04:49 196,096 --------- C:\WINDOWS\system32\MACD32.DLL
2007-07-04 04:49 138,752 --------- C:\WINDOWS\system32\MASE32.DLL
2007-07-04 04:49 136,192 --------- C:\WINDOWS\system32\MAMC32.DLL
2007-07-04 04:48 626,688 --------- C:\WINDOWS\system32\msvcr80.dll
2007-07-04 04:48 548,864 --------- C:\WINDOWS\system32\msvcp80.dll
2007-07-04 04:48 487,424 --------- C:\WINDOWS\system32\MSVCP70.DLL
2007-07-04 04:48 344,064 --------- C:\WINDOWS\system32\MSVCR70.DLL
2007-07-04 04:48 <DIR> d-------- C:\Program Files\Pinnacle
2007-07-04 04:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
2007-07-04 04:46 <DIR> d-------- C:\DOCUME~1\ANDREJ~1\APPLIC~1\WinRAR
2007-07-04 04:45 <DIR> d-------- C:\DOCUME~1\ANDREJ~1\APPLIC~1\Zoner
2007-07-04 04:43 <DIR> d-------- C:\Program Files\Zoner
2007-07-04 04:41 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-07-04 04:41 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-07-04 04:41 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-07-04 04:41 363,520 --a------ C:\WINDOWS\system32\PsisDecd.dll
2007-07-04 04:41 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-07-04 04:41 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-07-04 04:41 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-07-04 04:41 15,360 --a------ C:\WINDOWS\system32\drivers\MPE.sys
2007-07-04 04:41 11,776 --a------ C:\WINDOWS\system32\drivers\BdaSup.sys
2007-07-04 04:41 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-07-04 04:41 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-07-04 04:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
2007-07-04 04:32 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-07-04 04:32 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-07-04 04:31 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-07-04 04:31 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-07-04 04:31 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-07-04 04:31 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-07-04 04:31 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-07-04 04:31 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-07-04 04:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-07-04 04:28 <DIR> d-------- C:\DOCUME~1\ANDREJ~1\APPLIC~1\Nokia
2007-07-04 04:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-07-04 04:27 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-07-04 04:27 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-04 04:27 <DIR> d-------- C:\Program Files\Nokia
2007-07-04 04:27 <DIR> d-------- C:\Program Files\DIFX
2007-07-04 04:27 <DIR> d-------- C:\DOCUME~1\ANDREJ~1\APPLIC~1\PC Suite
2007-07-04 04:21 <DIR> d-------- C:\Program Files\Google
2007-07-04 04:21 <DIR> d-------- C:\DOCUME~1\ANDREJ~1\APPLIC~1\Google
2007-07-04 04:18 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-07-04 03:58 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2007-07-04 03:56 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-07-04 03:56 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-07-04 03:52 <DIR> dr-h----- C:\MSOCache
2007-07-04 03:49 <DIR> d-------- C:\Program Files\MSBuild
2007-07-04 03:44 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-07-04 03:43 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-07-04 03:42 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-07-04 03:41 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-07-04 03:40 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-07-04 03:40 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-04 03:33 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-07-04 03:30 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-11 17:54:15 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-05-11 04:37:15 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-05-11 04:37:15 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-05-11 04:37:15 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-05-11 04:37:15 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-05-11 00:09:48 1,050,120 ----a-w C:\WINDOWS\system32\oodag.exe
2007-05-11 00:08:54 2,512,392 ----a-w C:\WINDOWS\system32\oodtray.exe
2007-05-11 00:08:24 194,056 ----a-w C:\WINDOWS\system32\oodbs.exe
2007-05-11 00:06:40 202,248 ----a-w C:\WINDOWS\system32\oodtrrs.dll
2007-05-11 00:06:24 10,248 ----a-w C:\WINDOWS\system32\oodbsrs.dll
2007-05-11 00:06:22 15,880 ----a-w C:\WINDOWS\system32\oodagrs.dll
2007-05-11 00:06:22 15,880 ----a-w C:\WINDOWS\system32\oodagmg.dll
2007-05-10 21:19:26 38,160 ----a-w C:\WINDOWS\system32\drivers\oobctm.sys
2007-05-10 21:18:24 15,368 ----a-w C:\WINDOWS\system32\ootmapi.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
2005-01-10 12:20 218736 --a------ C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-15 10:54]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 13:48]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 08:27]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 10:12 C:\WINDOWS\AGRSMMSG.exe]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2005-02-08 15:38]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-07-04 11:35]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2007-04-24 16:59]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"PMCLoader"="C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-02-22 16:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -trayboot

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog


Contents of the 'Scheduled Tasks' folder
2007-07-06 21:54:39 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-07-04 09:31:02 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Andrej Mališ.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-07 00:12:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-07-07 0:13:29

--- E O F ---
phoenix
Junior

Odeslat příspěvekod Levlard 7. 7. 2007 08:54

Logy jsou v pořádku. Ten soubor byl trojský kůň projevující se právě vyskakujícími okny. Přetrvávají problémy?
Levlard
VIP uživatel
Uživatelský avatar

Odeslat příspěvekod phoenix 7. 7. 2007 13:51

zatial je to ok, ale iba teraz som zapol comp... keby boli este nejake problemy tak napisem...dik moc :D
phoenix
Junior

Odeslat příspěvekod Porub33 2. 9. 2009 18:14

Zdravim.Mam taky problem ze mi v poslednej dobe z nicoho nic otvara internetove stranky v mozzile a v explorery,docital som sa tu uz o takom pripade ale neviem ci mam postupovat presne tak isto ako ten dotycny alebo to je u kazdeho inak.Mozete mi prosim vas poradit?
Porub33
Kolemjdoucí

Odeslat příspěvekod Porub33 2. 9. 2009 18:24

a hned aj prikladam log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08:13, on 2.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21073)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Admin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: GamingHarbor Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stb0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SmileyApp] C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbapp.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Shortcut to RKLauncher.exe.lnk = C:\Program Files\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4199032953
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7869 bytes
Porub33
Kolemjdoucí

Odeslat příspěvekod Levlard 2. 9. 2009 19:21

Porub33: Použij ComboFix podle tohoto návodu: viewtopic.php?p=4526610#p4526610 Vytvořený log vlož sem.
Life is short. Live while you can.
Levlard
VIP uživatel
Uživatelský avatar

Odeslat příspěvekod Porub33 2. 9. 2009 19:29

ComboFix 09-09-01.07 - Admin 02.08.2009 19:24.3.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2046.1182 [GMT -7:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 )))))))))))))))))))))))))))))))
.

2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 01:57 . 2009-07-14 00:17 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-08-03 01:57 . 2009-07-14 00:17 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-08-03 01:57 . 2009-08-03 01:57 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-08-03 01:57 . 2009-08-03 01:59 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Google
2009-08-03 01:57 . 2009-08-03 01:58 -------- d-----w- c:\program files\Google
2009-08-03 01:57 . 2009-08-03 01:57 -------- d-----w- c:\program files\DivX
2009-08-03 01:57 . 2009-08-03 01:57 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-28 20:02 . 2008-04-14 19:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-07-28 20:01 . 2008-04-14 14:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-07-26 19:16 . 2009-07-26 19:16 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\id Software
2009-07-26 19:12 . 2009-07-26 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-07-26 19:08 . 2009-07-26 19:15 -------- d-----w- c:\documents and settings\Admin\Application Data\DAEMON Tools Lite
2009-07-22 03:17 . 2009-07-22 03:17 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\PCHealth
2009-07-21 22:09 . 2009-08-02 06:15 640256 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-21 06:45 . 2009-07-21 06:45 -------- d-----w- C:\d38bccdb1003cf2c1989a454
2009-07-21 06:41 . 2009-07-21 06:41 -------- d-----w- C:\2fc4b18bb1dd9272ad62fad511eb232c
2009-07-21 06:41 . 2009-07-21 18:01 -------- d-----w- c:\windows\SxsCaPendDel
2009-07-17 19:01 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll
2009-07-17 18:42 . 2009-07-18 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-14 06:43 . 2009-07-14 06:43 286208 ------w- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-14 06:43 . 2009-07-14 06:43 10841088 ------w- c:\windows\system32\dllcache\wmp.dll
2009-07-14 00:15 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-07-14 00:15 . 2009-07-14 00:15 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-07-14 00:15 . 2009-07-14 00:15 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-07-14 00:15 . 2009-07-14 00:15 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-07-14 00:15 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\DivX.dll
2009-07-13 00:04 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 18:00 . 2009-02-06 20:32 -------- d-----w- c:\documents and settings\Admin\Application Data\Spyware Terminator
2009-08-01 07:07 . 2009-05-17 22:19 10 ----a-w- c:\windows\popcinfo.dat
2009-07-28 21:40 . 2009-02-06 22:09 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-28 21:40 . 2009-02-06 22:08 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-26 22:45 . 2009-02-06 20:40 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-26 19:12 . 2009-02-06 20:40 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-26 19:08 . 2009-02-06 20:37 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-26 19:04 . 2009-02-06 20:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-21 18:01 . 2009-02-06 20:22 44632 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2008-04-14 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 00:17 . 2009-02-06 20:46 129784 ------w- c:\windows\system32\pxafs.dll
2009-07-06 21:25 . 2009-05-08 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Test Drive Unlimited
2009-07-06 21:07 . 2009-02-06 20:44 -------- d-----w- c:\documents and settings\Admin\Application Data\LimeWire
2009-06-30 23:37 . 2009-06-28 15:15 -------- d-----w- c:\documents and settings\Admin\Application Data\Skype
2009-06-30 16:58 . 2009-06-28 15:18 -------- d-----w- c:\documents and settings\Admin\Application Data\skypePM
2009-06-29 16:23 . 2008-06-01 15:04 828928 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:23 . 2008-06-01 15:04 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:23 . 2008-06-01 15:04 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-28 15:18 . 2009-06-28 15:18 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-28 15:15 . 2009-06-28 15:15 -------- d-----w- c:\program files\Common Files\Skype
2009-06-28 15:15 . 2009-06-28 15:15 -------- d-----r- c:\program files\Skype
2009-06-28 15:15 . 2009-06-28 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-25 08:25 . 2008-04-14 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2008-04-14 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2008-04-14 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2008-04-14 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2008-04-14 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-23 17:33 . 2009-02-06 20:32 -------- d-----w- c:\program files\Spyware Terminator
2009-06-20 18:12 . 2009-02-06 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-06-16 14:36 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2008-04-14 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2008-04-14 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 16:19 . 2009-02-06 20:05 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2008-04-14 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2008-04-14 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-07 05:29 . 2009-06-07 05:29 -------- d-----w- c:\program files\System Search Dispatcher
2009-06-07 05:29 . 2009-06-07 05:29 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}
2009-06-07 05:29 . 2009-06-07 05:29 -------- d-----w- c:\program files\DoubleD
2009-06-04 06:39 . 2009-06-04 06:39 -------- d-----w- c:\documents and settings\Admin\Application Data\FUEL
2009-06-03 19:09 . 2008-04-14 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:32 . 2008-04-14 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2009-02-09 21:48 . 2009-02-09 21:48 24 --sh--w- c:\windows\S3687B798.tmp
.

((((((((((((((((((((((((((((( SnapShot@2009-08-03_00.59.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-06 20:46 . 2009-07-14 00:17 88824 c:\windows\system32\vxblock.dll
+ 2009-02-06 20:46 . 2009-07-14 00:17 64760 c:\windows\system32\pxinsa64.exe
- 2009-02-06 20:46 . 2007-03-07 23:51 64760 c:\windows\system32\pxinsa64.exe
- 2009-02-06 20:46 . 2007-03-07 23:51 72440 c:\windows\system32\pxhpinst.exe
+ 2009-02-06 20:46 . 2009-07-14 00:17 72440 c:\windows\system32\pxhpinst.exe
+ 2009-02-06 20:46 . 2009-07-14 00:17 66296 c:\windows\system32\pxcpya64.exe
+ 2009-08-03 02:10 . 2009-08-03 02:10 22528 c:\windows\Installer\1e4709f.msi
+ 2009-02-06 20:46 . 2009-07-14 00:17 379640 c:\windows\system32\pxwave.dll
- 2009-02-06 20:46 . 2007-03-07 23:51 379640 c:\windows\system32\pxwave.dll
+ 2009-02-06 20:46 . 2009-07-14 00:17 187128 c:\windows\system32\pxmas.dll
- 2009-02-06 20:46 . 2007-03-07 23:51 187128 c:\windows\system32\pxmas.dll
+ 2009-02-06 20:46 . 2009-07-14 00:17 518904 c:\windows\system32\pxdrv.dll
+ 2009-02-06 20:46 . 2009-07-14 00:17 551672 c:\windows\system32\px.dll
+ 2009-08-03 01:57 . 2009-08-03 01:57 152576 c:\windows\Installer\1d82f5a.msi
- 2009-02-06 20:46 . 2007-03-07 23:51 1628920 c:\windows\system32\pxsfs.dll
+ 2009-02-06 20:46 . 2009-07-14 00:17 1628920 c:\windows\system32\pxsfs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-23 1271808]
"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-02-07 306088]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-17 139264]
"SmileyApp"="c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbapp.exe" [2009-07-07 606488]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-03 13680640]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-04 987187]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-02-06 1783808]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-03 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-11 1447168]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-03 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-04-10 16861184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-06-29 124928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Shortcut to RKLauncher.exe.lnk - c:\program files\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe [2009-2-6 708608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-21 06:57 176128 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Games\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Games\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\Games\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"d:\\Games\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Games\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Games\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"d:\\Games\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"d:\\Games\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"d:\\Games\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"d:\\Games\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\Games\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"d:\\Games\\Codemasters\\FUEL\\FUEL.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Games\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"d:\\Games\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=

R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [7.2.2009 5:03 2915944]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10.6.2008 18:56 34312]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [6.2.2009 13:32 141312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [10.6.2008 18:53 468224]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [6.2.2009 13:43 222456]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S2 gupdate1ca13ddbfd7f2c2;Služba Google Update (gupdate1ca13ddbfd7f2c2);c:\program files\Google\Update\GoogleUpdate.exe [2.8.2009 18:57 133104]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GUPDATE1CA13DDBFD7F2C2
*Deregistered* - aujasnkj

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Contents of the 'Scheduled Tasks' folder

2009-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 01:57]

2009-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 01:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.theprizeday.com/today.php
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\usa4ag4p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|ht ... t.icq.com/

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-02 19:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-117609710-1214440339-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:01,c3,ce,30,d8,50,70,38,16,d3,28,bb,de,34,15,cc,c9,68,a5,a9,41,5e,4c,
98,0b,85,45,29,59,a1,94,48,70,cf,a1,27,f7,3c,fb,4a,a1,58,f0,d3,15,81,b2,27,\
"??"=hex:41,ec,15,d0,ef,d1,dd,52,1b,77,ab,e6,9f,62,c5,4d

[HKEY_USERS\S-1-5-21-117609710-1214440339-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:f2,5d,7c,11,53,ad,4b,a2,99,8d,9e,7c,f3,a1,93,73,9a,fa,7a,5f,9a,
e8,22,cf,d8,e9,6e,88,1e,b5,4d,2f,30,d7,06,5c,dd,17,f1,4a,93,82,d2,c9,db,88,\
"rkeysecu"=hex:70,e9,de,14,a5,07,8c,2f,21,66,3b,05,39,97,82,de

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'explorer.exe'(3888)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\ieframe.dll
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-03 19:26
ComboFix-quarantined-files.txt 2009-08-03 02:26
ComboFix2.txt 2009-08-03 01:27
ComboFix3.txt 2009-08-03 01:00

Pre-Run: 103 074 217 984 bytes free
Post-Run: 11 adresárov, 103 067 824 128 voľných bajtov

265 --- E O F --- 2009-07-27 01:13
Porub33
Kolemjdoucí

Odeslat příspěvekod Levlard 2. 9. 2009 20:18

Spusť Poznámkový blok přes Start - Programy - Příslušenství a zkopíruj do něj celý tento text:
Kód: Vybrat vše
File::
c:\windows\S3687B798.tmp

Folder::
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}
c:\program files\DoubleD
c:\program files\System Search Dispatcher

DirLook::
C:\2fc4b18bb1dd9272ad62fad511eb232c
C:\d38bccdb1003cf2c1989a454

DDS::
uStart Page = hxxp://www.theprizeday.com/today.php

Firefox::
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\usa4ag4p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://start.icq.com/

Registry::
R3 - URLSearchHook: (no name) -
O3 - Toolbar: GamingHarbor Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} -
O4 - HKCU\..\Run: [SmileyApp]

Zvol možnost Uložit soubor jako, pojmenuj soubor CFScript.txt a zvol Uložit jako typ Všechny soubory. Ulož soubor na plochu.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
    Obrázek
Automaticky se spustí ComboFix, vlož sem log, který vyběhne v závěru čistícího procesu.
Life is short. Live while you can.
Levlard
VIP uživatel
Uživatelský avatar

Odeslat příspěvekod Porub33 2. 9. 2009 20:31

restartoval sa mi pc a ked sa znovu zapol mi spravilo log

ComboFix 09-09-01.07 - Admin 02.08.2009 20:22.4.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2046.1120 [GMT -7:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\S3687B798.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\{1B602410-D983-4947-98FE-EE749073D15E}
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\instance.dat
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\mia.lib
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\{51FC4C90-DF10-4D41-963E-DB3050C1267C}
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\15D3A7BB\3E688669\stbappHelper.exe
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\24618E3F\611F5CA\Microsoft.VC80.MFC.manifest
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\29A73ACD\3E688669\stb0.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\2A3DCDAF\611F5CA\SkinCrafterDll.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\36F1A852\3E688669\MyDll.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\3FA86A06\3E688669\HookAPINT.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\4DAC9037\611F5CA\gdiplus.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\4F73E13A\3E688669\stbapp.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\50EF6DF6\3E688669\Riched20Smiley.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\51B9750F\611F5CA\msvcr80.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\6216A4BD\3E688669\stbYahoo8.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\62404B3E\3E688669\FFToolbar.xml
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\628759C1\3E688669\stbOLEX.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\69E6D3E5\3E688669\stbapp.exe
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\879169BE\611F5CA\mfc80.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\9B242A8C\611F5CA\Microsoft.VC80.CRT.manifest
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\A26F7F7\3E688669\stbOL.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\A53562F1\3E688669\AIMActiveXDLL.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\B3AC8875\3E688669\stbMsn.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\B75FA91E\3E688669\stbsvc.exe
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\BED3DEFB\3E688669\stbasst.exe
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\C3C6C2CD\3E688669\stbIE.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\C41B8701\3E688669\stbAol.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\C90EEF64\3E688669\AxGifAnimator.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\CC8FDF08\3E688669\OEActiveXDLL.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\CE8732D\3E688669\ProductInfo.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\D5797E3B\3E688669\stbYahoo9.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\E87CABEF\38D0D406\home.gamingharbor.com.url
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\EB91CE86\3E688669\stbdl.exe
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mFileBagIDE.dll\bag\AdwareSetup.exe
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mFileBagIDE.dll\bag\cfcpxlog.mx
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mFileBagIDE.dll\bag\FFToolbar.xpi
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mFileBagIDE.dll\bag\HJSetup.exe
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mFileBagIDE.dll\bag\libiconv2.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mFileBagIDE.dll\bag\libintl3.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mFileBagIDE.dll\bag\MsiZap.Exe
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mFileBagIDE.dll\bag\msvcp60.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mFileBagIDE.dll\bag\ProductInfo.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mFileBagIDE.dll\bag\ProductInfo.mx
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mFileBagIDE.dll\bag\setup.exe
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mFileBagIDE.dll\bag\sqlite3.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mFileBagIDE.dll\bag\SSD.exe
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mFileBagIDE.dll\bag\stbpx.exe
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mFileBagIDE.dll\bag\stbreaim.exe
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mFileBagIDE.dll\bag\stbrewlm.exe
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mFileBagIDE.dll\bag\stbrunwlm.exe
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mFileBagIDE.dll\bag\stbsh.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mFileBagIDE.dll\bag\stbterm.exe
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mFileBagIDE.dll\bag\tbcore.mx
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mFileBagIDE.dll\bag\tre4.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mFileBagIDE.dll\mFileBagEXE.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mIDEFunc.dll\mEXEFunc.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mIDEWriteReg.dll\mEXEWriteReg.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\OFFLINE\mMSI.dll\mMSIExec.dll
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\Setup.dat
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\Setup.exe
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\Setup.msi
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\Setup.par
c:\documents and settings\All Users\Application Data\{51FC4C90-DF10-4D41-963E-DB3050C1267C}\Setup.res
c:\program files\DoubleD
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\AIMActiveXDLL.dll
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\AxGifAnimator.dll
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Cache\248d6576afce4ee94af42d7350131106.gif
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Cache\24a70fb875fab686b6b3c217612bc07c.gif
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Cache\default1.dat
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Cache\loading.dat
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Cache\loading.gif
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Cursor.mx
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_DailyVideo.mx
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Game.mx
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Glitter.mx
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Logo.mx
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Option.mx
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Recipe.mx
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Ringtone.mx
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Screensaver.mx
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Search.mx
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Smiley.mx
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Smiley_Config.mx
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Smiley_TellAFriend.mx
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Wallpaper.mx
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\Module_Web.mx
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\pixel.mx
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\ProductInfo.mx
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\profile.mx
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\SearchEngineList.mx
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\tbcore.mx
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\ToolbarLayout.mx
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\UpdateCentre.mx
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\UpdateCentreBk.mx
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\URLDynamic.mx
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Data\URLStatic.mx
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\FFToolbar\components\DDAutoComplete.js
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\FFToolbar\components\ISmileyCore.xpt
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\FFToolbar\components\SmileyCore.dll
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\FFToolbar\components\TBFFHelper.js
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\FFToolbar\components\TBFFHelper.xpt
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\FFToolbar\chrome.manifest
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\FFToolbar\chrome\GamingHarborToolbar.jar
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\FFToolbar\chrome\locale\en-US\global.dtd
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\FFToolbar\install.rdf
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\FFToolbar\searchplugins\gamingharborsearchplugins.xml
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\gdiplus.dll
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\HookAPINT.dll
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\About.mg
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Component_ComboBox.mg
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Cursor.mg
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Cursor.png
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_DailyVideo.mg
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Game.mg
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Glitter.mg
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Glitter.png
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Logo.mg
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Option.mg
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Recipe.mg
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Ringtone.mg
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Screensaver.mg
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Search.mg
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Smiley.mg
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Smiley.png
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Wallpaper.mg
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\Module_Web.mg
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnDefault.png
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnDisplay.bmp
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnDisplay.png
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnDisplay18.bmp
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnDisplay20.bmp
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnGlitters.bmp
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnGlitters.png
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnGlitters18.bmp
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnGlitters20.bmp
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnOption.png
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnSmiley.bmp
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnSmiley.png
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnSmiley18.bmp
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnSmiley20.bmp
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnTellFd.bmp
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnTellFd.png
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnTellFd18.bmp
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnTellFd20.bmp
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnWink.bmp
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnWink.png
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnWink18.bmp
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Icons\TBBtnWink20.bmp
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\mfc80.dll
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Microsoft.VC80.CRT.manifest
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Microsoft.VC80.MFC.manifest
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\msvcr80.dll
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\MyDll.dll
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\OEActiveXDLL.dll
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\ProductInfo.dll
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Riched20Smiley.dll
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\SkinCrafterDll.dll
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Skins\myskin1.skf
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Skins\myskin2.skf
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Skins\myskin3.skf
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Skins\myskin4.skf
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Skins\TellafriendSkin.skf
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Skins\TellafriendSkin_s.skf
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\Skins\ToastSkin.skf
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stb0.dll
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbAol.dll
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbapp.dll
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbapp.exe
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbappHelper.exe
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbasst.exe
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbdl.exe
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbIE.dll
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbMsn.dll
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbOL.dll
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbOLEX.dll
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbsvc.exe
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbYahoo8.dll
c:\program files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbYahoo9.dll
c:\program files\System Search Dispatcher
c:\program files\System Search Dispatcher\1.2.0.750\Data\eacore.mx
c:\program files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx
c:\program files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx
c:\program files\System Search Dispatcher\1.2.0.750\unins000.dat
c:\program files\System Search Dispatcher\1.2.0.750\unins000.exe
c:\windows\S3687B798.tmp . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 )))))))))))))))))))))))))))))))
.

2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 03:25 . 2009-08-03 03:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-08-03 03:25 . 2009-08-03 03:25 -------- d-----w- c:\windows\system32\xircom
2009-08-03 03:25 . 2009-08-03 03:25 -------- d-----w- c:\windows\system32\wbem\snmp
2009-08-03 03:25 . 2009-08-03 03:25 -------- d-----w- c:\program files\microsoft frontpage
2009-08-03 01:57 . 2009-07-14 00:17 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-08-03 01:57 . 2009-07-14 00:17 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-08-03 01:57 . 2009-08-03 01:57 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-08-03 01:57 . 2009-08-03 01:59 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Google
2009-08-03 01:57 . 2009-08-03 01:58 -------- d-----w- c:\program files\Google
2009-08-03 01:57 . 2009-08-03 01:57 -------- d-----w- c:\program files\DivX
2009-08-03 01:57 . 2009-08-03 01:57 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-28 20:02 . 2008-04-14 19:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-07-28 20:01 . 2008-04-14 14:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-07-26 19:16 . 2009-07-26 19:16 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\id Software
2009-07-26 19:12 . 2009-07-26 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-07-26 19:08 . 2009-07-26 19:15 -------- d-----w- c:\documents and settings\Admin\Application Data\DAEMON Tools Lite
2009-07-22 03:17 . 2009-07-22 03:17 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\PCHealth
2009-07-21 22:09 . 2009-08-02 06:15 640256 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-21 06:45 . 2009-07-21 06:45 -------- d-----w- C:\d38bccdb1003cf2c1989a454
2009-07-21 06:41 . 2009-07-21 06:41 -------- d-----w- C:\2fc4b18bb1dd9272ad62fad511eb232c
2009-07-21 06:41 . 2009-07-21 18:01 -------- d-----w- c:\windows\SxsCaPendDel
2009-07-17 19:01 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll
2009-07-17 18:42 . 2009-07-18 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-14 06:43 . 2009-07-14 06:43 286208 ------w- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-14 06:43 . 2009-07-14 06:43 10841088 ------w- c:\windows\system32\dllcache\wmp.dll
2009-07-14 00:15 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-07-14 00:15 . 2009-07-14 00:15 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-07-14 00:15 . 2009-07-14 00:15 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-07-14 00:15 . 2009-07-14 00:15 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-07-14 00:15 . 2009-07-14 00:15 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-07-14 00:15 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\DivX.dll
2009-07-13 00:04 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 03:25 . 2009-08-03 03:25 0 ------w- c:\windows\S3687B798.tmp
2009-08-02 18:00 . 2009-02-06 20:32 -------- d-----w- c:\documents and settings\Admin\Application Data\Spyware Terminator
2009-08-01 07:07 . 2009-05-17 22:19 10 ----a-w- c:\windows\popcinfo.dat
2009-07-28 21:40 . 2009-02-06 22:09 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-28 21:40 . 2009-02-06 22:08 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-26 22:45 . 2009-02-06 20:40 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-26 19:12 . 2009-02-06 20:40 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-26 19:08 . 2009-02-06 20:37 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-26 19:04 . 2009-02-06 20:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-21 18:01 . 2009-02-06 20:22 44632 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2008-04-14 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 00:17 . 2009-02-06 20:46 129784 ------w- c:\windows\system32\pxafs.dll
2009-07-06 21:25 . 2009-05-08 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Test Drive Unlimited
2009-07-06 21:07 . 2009-02-06 20:44 -------- d-----w- c:\documents and settings\Admin\Application Data\LimeWire
2009-06-30 23:37 . 2009-06-28 15:15 -------- d-----w- c:\documents and settings\Admin\Application Data\Skype
2009-06-30 16:58 . 2009-06-28 15:18 -------- d-----w- c:\documents and settings\Admin\Application Data\skypePM
2009-06-29 16:23 . 2008-06-01 15:04 828928 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:23 . 2008-06-01 15:04 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:23 . 2008-06-01 15:04 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-28 15:18 . 2009-06-28 15:18 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-28 15:15 . 2009-06-28 15:15 -------- d-----w- c:\program files\Common Files\Skype
2009-06-28 15:15 . 2009-06-28 15:15 -------- d-----r- c:\program files\Skype
2009-06-28 15:15 . 2009-06-28 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-25 08:25 . 2008-04-14 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2008-04-14 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2008-04-14 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2008-04-14 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2008-04-14 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-23 17:33 . 2009-02-06 20:32 -------- d-----w- c:\program files\Spyware Terminator
2009-06-20 18:12 . 2009-02-06 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-06-16 14:36 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2008-04-14 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2008-04-14 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 16:19 . 2009-02-06 20:05 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2008-04-14 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2008-04-14 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-04 06:39 . 2009-06-04 06:39 -------- d-----w- c:\documents and settings\Admin\Application Data\FUEL
2009-06-03 19:09 . 2008-04-14 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:32 . 2008-04-14 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\2fc4b18bb1dd9272ad62fad511eb232c ----

2009-07-21 06:41 . 2008-06-19 18:03 73 ------w- c:\2fc4b18bb1dd9272ad62fad511eb232c\i386\msxpsinc.gpd
2009-07-21 06:41 . 2008-06-19 05:33 72 ------w- c:\2fc4b18bb1dd9272ad62fad511eb232c\i386\msxpsinc.ppd
2009-07-21 06:41 . 2008-06-19 05:33 72 ------w- c:\2fc4b18bb1dd9272ad62fad511eb232c\amd64\msxpsinc.ppd
2009-07-21 06:41 . 2008-06-19 05:33 2204 ------w- c:\2fc4b18bb1dd9272ad62fad511eb232c\i386\msxpsdrv.inf
2009-07-21 06:41 . 2008-06-19 05:33 2204 ------w- c:\2fc4b18bb1dd9272ad62fad511eb232c\amd64\msxpsdrv.inf
2009-07-21 06:41 . 2008-07-06 12:06 10929 ------w- c:\2fc4b18bb1dd9272ad62fad511eb232c\amd64\msxpsdrv.cat
2009-07-21 06:41 . 2008-07-06 12:06 10929 ------w- c:\2fc4b18bb1dd9272ad62fad511eb232c\i386\msxpsdrv.cat
2009-07-21 06:41 . 2008-07-06 12:06 147456 ------w- c:\2fc4b18bb1dd9272ad62fad511eb232c\amd64\filterpipelineprintproc.dll
2009-07-21 06:41 . 2008-07-06 12:06 89088 ------w- c:\2fc4b18bb1dd9272ad62fad511eb232c\i386\filterpipelineprintproc.dll
2009-07-21 06:41 . 2008-07-06 12:06 765440 ------w- c:\2fc4b18bb1dd9272ad62fad511eb232c\i386\mxdwdrv.dll
2009-07-21 06:41 . 2008-07-06 12:06 1676288 ------w- c:\2fc4b18bb1dd9272ad62fad511eb232c\i386\xpssvcs.dll
2009-07-21 06:41 . 2008-07-06 12:06 748032 ------w- c:\2fc4b18bb1dd9272ad62fad511eb232c\amd64\mxdwdrv.dll
2008-07-07 00:36 . 2008-07-07 00:36 2936832 ------w- c:\2fc4b18bb1dd9272ad62fad511eb232c\amd64\xpssvcs.dll
2008-06-19 18:03 . 2008-06-19 18:03 73 ------w- c:\2fc4b18bb1dd9272ad62fad511eb232c\amd64\msxpsinc.gpd

---- Directory of C:\d38bccdb1003cf2c1989a454 ----

2009-07-21 06:45 . 2009-07-21 06:45 788 ---ha-w- c:\d38bccdb1003cf2c1989a454\$shtdwn$.req
2008-12-13 17:21 . 2008-12-13 17:21 10473472 ----a-w- c:\d38bccdb1003cf2c1989a454\NDP30SP2-KB958483.msp
2008-12-13 17:18 . 2008-12-13 17:18 3541 ----a-w- c:\d38bccdb1003cf2c1989a454\ParameterInfo.xml
2008-12-13 16:56 . 2008-12-13 16:56 328024 ----a-w- c:\d38bccdb1003cf2c1989a454\HotFixInstaller.exe
2008-12-13 16:56 . 2008-12-13 16:56 13144 ----a-w- c:\d38bccdb1003cf2c1989a454\1025\HotFixInstallerUI.dll
2008-12-13 16:56 . 2008-12-13 16:56 12120 ----a-w- c:\d38bccdb1003cf2c1989a454\1028\HotFixInstallerUI.dll
2008-12-13 16:56 . 2008-12-13 16:56 13656 ----a-w- c:\d38bccdb1003cf2c1989a454\1029\HotFixInstallerUI.dll
2008-12-13 16:56 . 2008-12-13 16:56 13656 ----a-w- c:\d38bccdb1003cf2c1989a454\1030\HotFixInstallerUI.dll
2008-12-13 16:56 . 2008-12-13 16:56 14168 ----a-w- c:\d38bccdb1003cf2c1989a454\1031\HotFixInstallerUI.dll
2008-12-13 16:56 . 2008-12-13 16:56 14168 ----a-w- c:\d38bccdb1003cf2c1989a454\1032\HotFixInstallerUI.dll
2008-12-13 16:56 . 2008-12-13 16:56 13656 ----a-w- c:\d38bccdb1003cf2c1989a454\1033\HotFixInstallerUI.dll
2008-12-13 16:56 . 2008-12-13 16:56 13656 ----a-w- c:\d38bccdb1003cf2c1989a454\1035\HotFixInstallerUI.dll
2008-12-13 16:56 . 2008-12-13 16:56 14168 ----a-w- c:\d38bccdb1003cf2c1989a454\1036\HotFixInstallerUI.dll
2008-12-13 16:56 . 2008-12-13 16:56 13144 ----a-w- c:\d38bccdb1003cf2c1989a454\1037\HotFixInstallerUI.dll
2008-12-13 16:56 . 2008-12-13 16:56 13656 ----a-w- c:\d38bccdb1003cf2c1989a454\1038\HotFixInstallerUI.dll
2008-12-13 16:56 . 2008-12-13 16:56 13656 ----a-w- c:\d38bccdb1003cf2c1989a454\1040\HotFixInstallerUI.dll
2008-12-13 16:56 . 2008-12-13 16:56 12632 ----a-w- c:\d38bccdb1003cf2c1989a454\1041\HotFixInstallerUI.dll
2008-12-13 16:56 . 2008-12-13 16:56 12632 ----a-w- c:\d38bccdb1003cf2c1989a454\1042\HotFixInstallerUI.dll
2008-12-13 16:56 . 2008-12-13 16:56 13656 ----a-w- c:\d38bccdb1003cf2c1989a454\1043\HotFixInstallerUI.dll
2008-12-13 16:56 . 2008-12-13 16:56 13656 ----a-w- c:\d38bccdb1003cf2c1989a454\1044\HotFixInstallerUI.dll
2008-12-13 16:56 . 2008-12-13 16:56 14168 ----a-w- c:\d38bccdb1003cf2c1989a454\1045\HotFixInstallerUI.dll
2008-12-13 16:56 . 2008-12-13 16:56 13656 ----a-w- c:\d38bccdb1003cf2c1989a454\1046\HotFixInstallerUI.dll
2008-12-13 16:56 . 2008-12-13 16:56 13656 ----a-w- c:\d38bccdb1003cf2c1989a454\1049\HotFixInstallerUI.dll
2008-12-13 16:56 . 2008-12-13 16:56 13656 ----a-w- c:\d38bccdb1003cf2c1989a454\1053\HotFixInstallerUI.dll
2008-12-13 16:56 . 2008-12-13 16:56 13656 ----a-w- c:\d38bccdb1003cf2c1989a454\1055\HotFixInstallerUI.dll
2008-12-13 16:56 . 2008-12-13 16:56 12120 ----a-w- c:\d38bccdb1003cf2c1989a454\2052\HotFixInstallerUI.dll
2008-12-13 16:56 . 2008-12-13 16:56 13656 ----a-w- c:\d38bccdb1003cf2c1989a454\2070\HotFixInstallerUI.dll
2008-12-13 16:56 . 2008-12-13 16:56 12120 ----a-w- c:\d38bccdb1003cf2c1989a454\3076\HotFixInstallerUI.dll
2008-12-13 16:56 . 2008-12-13 16:56 14168 ----a-w- c:\d38bccdb1003cf2c1989a454\3082\HotFixInstallerUI.dll
2008-12-13 16:53 . 2008-12-13 16:53 15616 ----a-w- c:\d38bccdb1003cf2c1989a454\DHtmlHeader.html
2008-12-13 16:53 . 2008-12-13 16:53 7306 ----a-w- c:\d38bccdb1003cf2c1989a454\header.bmp
2008-12-13 16:53 . 2008-12-13 16:53 110348 ----a-w- c:\d38bccdb1003cf2c1989a454\watermark.bmp
2008-12-13 16:53 . 2008-12-13 16:53 76237 ----a-w- c:\d38bccdb1003cf2c1989a454\1025\eula.rtf
2008-12-13 16:53 . 2008-12-13 16:53 37119 ----a-w- c:\d38bccdb1003cf2c1989a454\1028\eula.rtf
2008-12-13 16:53 . 2008-12-13 16:53 74519 ----a-w- c:\d38bccdb1003cf2c1989a454\1029\eula.rtf
2008-12-13 16:53 . 2008-12-13 16:53 76465 ----a-w- c:\d38bccdb1003cf2c1989a454\1030\eula.rtf
2008-12-13 16:53 . 2008-12-13 16:53 116656 ----a-w- c:\d38bccdb1003cf2c1989a454\1031\eula.rtf
2008-12-13 16:53 . 2008-12-13 16:53 78951 ----a-w- c:\d38bccdb1003cf2c1989a454\1032\eula.rtf
2008-12-13 16:53 . 2008-12-13 16:53 100363 ----a-w- c:\d38bccdb1003cf2c1989a454\1033\eula.rtf
2008-12-13 16:53 . 2008-12-13 16:53 75533 ----a-w- c:\d38bccdb1003cf2c1989a454\1035\eula.rtf
2008-12-13 16:53 . 2008-12-13 16:53 127060 ----a-w- c:\d38bccdb1003cf2c1989a454\1036\eula.rtf
2008-12-13 16:53 . 2008-12-13 16:53 59647 ----a-w- c:\d38bccdb1003cf2c1989a454\1037\eula.rtf
2008-12-13 16:53 . 2008-12-13 16:53 67624 ----a-w- c:\d38bccdb1003cf2c1989a454\1038\eula.rtf
2008-12-13 16:53 . 2008-12-13 16:53 115589 ----a-w- c:\d38bccdb1003cf2c1989a454\1040\eula.rtf
2008-12-13 16:53 . 2008-12-13 16:53 104768 ----a-w- c:\d38bccdb1003cf2c1989a454\1041\eula.rtf
2008-12-13 16:53 . 2008-12-13 16:53 147711 ----a-w- c:\d38bccdb1003cf2c1989a454\1042\eula.rtf
2008-12-13 16:53 . 2008-12-13 16:53 76257 ----a-w- c:\d38bccdb1003cf2c1989a454\1043\eula.rtf
2008-12-13 16:53 . 2008-12-13 16:53 73305 ----a-w- c:\d38bccdb1003cf2c1989a454\1044\eula.rtf
2008-12-13 16:53 . 2008-12-13 16:53 73386 ----a-w- c:\d38bccdb1003cf2c1989a454\1045\eula.rtf
2008-12-13 16:53 . 2008-12-13 16:53 97721 ----a-w- c:\d38bccdb1003cf2c1989a454\1046\eula.rtf
2008-12-13 16:53 . 2008-12-13 16:53 141033 ----a-w- c:\d38bccdb1003cf2c1989a454\1049\eula.rtf
2008-12-13 16:53 . 2008-12-13 16:53 76556 ----a-w- c:\d38bccdb1003cf2c1989a454\1053\eula.rtf
2008-12-13 16:53 . 2008-12-13 16:53 77193 ----a-w- c:\d38bccdb1003cf2c1989a454\1055\eula.rtf
2008-12-13 16:53 . 2008-12-13 16:53 102032 ----a-w- c:\d38bccdb1003cf2c1989a454\2052\eula.rtf
2008-12-13 16:53 . 2008-12-13 16:53 76519 ----a-w- c:\d38bccdb1003cf2c1989a454\2070\eula.rtf
2008-12-13 16:53 . 2008-12-13 16:53 37119 ----a-w- c:\d38bccdb1003cf2c1989a454\3076\eula.rtf
2008-12-13 16:53 . 2008-12-13 16:53 94271 ----a-w- c:\d38bccdb1003cf2c1989a454\3082\eula.rtf


((((((((((((((((((((((((((((( SnapShot@2009-08-03_00.59.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-06 20:46 . 2009-07-14 00:17 88824 c:\windows\system32\vxblock.dll
+ 2009-02-06 20:46 . 2009-07-14 00:17 64760 c:\windows\system32\pxinsa64.exe
- 2009-02-06 20:46 . 2007-03-07 23:51 64760 c:\windows\system32\pxinsa64.exe
- 2009-02-06 20:46 . 2007-03-07 23:51 72440 c:\windows\system32\pxhpinst.exe
+ 2009-02-06 20:46 . 2009-07-14 00:17 72440 c:\windows\system32\pxhpinst.exe
+ 2009-02-06 20:46 . 2009-07-14 00:17 66296 c:\windows\system32\pxcpya64.exe
+ 2009-08-03 02:10 . 2009-08-03 02:10 22528 c:\windows\Installer\1e4709f.msi
+ 2009-02-06 20:46 . 2009-07-14 00:17 379640 c:\windows\system32\pxwave.dll
- 2009-02-06 20:46 . 2007-03-07 23:51 379640 c:\windows\system32\pxwave.dll
+ 2009-02-06 20:46 . 2009-07-14 00:17 187128 c:\windows\system32\pxmas.dll
- 2009-02-06 20:46 . 2007-03-07 23:51 187128 c:\windows\system32\pxmas.dll
+ 2009-02-06 20:46 . 2009-07-14 00:17 518904 c:\windows\system32\pxdrv.dll
+ 2009-02-06 20:46 . 2009-07-14 00:17 551672 c:\windows\system32\px.dll
+ 2009-08-03 01:57 . 2009-08-03 01:57 152576 c:\windows\Installer\1d82f5a.msi
- 2009-02-06 20:46 . 2007-03-07 23:51 1628920 c:\windows\system32\pxsfs.dll
+ 2009-02-06 20:46 . 2009-07-14 00:17 1628920 c:\windows\system32\pxsfs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-23 1271808]
"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-02-07 306088]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-17 139264]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-03 13680640]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-04 987187]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-02-06 1783808]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-03 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-11 1447168]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-03 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-04-10 16861184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-06-29 124928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Shortcut to RKLauncher.exe.lnk - c:\program files\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe [2009-2-6 708608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-21 06:57 176128 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Games\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Games\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\Games\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"d:\\Games\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Games\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Games\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"d:\\Games\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"d:\\Games\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"d:\\Games\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"d:\\Games\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\Games\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"d:\\Games\\Codemasters\\FUEL\\FUEL.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Games\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"d:\\Games\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=

R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [7.2.2009 5:03 2915944]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10.6.2008 18:56 34312]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [6.2.2009 13:32 141312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [10.6.2008 18:53 468224]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [6.2.2009 13:43 222456]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S2 gupdate1ca13ddbfd7f2c2;Služba Google Update (gupdate1ca13ddbfd7f2c2);c:\program files\Google\Update\GoogleUpdate.exe [2.8.2009 18:57 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Contents of the 'Scheduled Tasks' folder

2009-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 01:57]

2009-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 01:57]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\usa4ag4p.default\
FF - prefs.js: browser.search.selectedEngine - Google

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-117609710-1214440339-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:01,c3,ce,30,d8,50,70,38,16,d3,28,bb,de,34,15,cc,c9,68,a5,a9,41,5e,4c,
98,0b,85,45,29,59,a1,94,48,70,cf,a1,27,f7,3c,fb,4a,a1,58,f0,d3,15,81,b2,27,\
"??"=hex:41,ec,15,d0,ef,d1,dd,52,1b,77,ab,e6,9f,62,c5,4d

[HKEY_USERS\S-1-5-21-117609710-1214440339-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:f2,5d,7c,11,53,ad,4b,a2,99,8d,9e,7c,f3,a1,93,73,9a,fa,7a,5f,9a,
e8,22,cf,d8,e9,6e,88,1e,b5,4d,2f,30,d7,06,5c,dd,17,f1,4a,93,82,d2,c9,db,88,\
"rkeysecu"=hex:70,e9,de,14,a5,07,8c,2f,21,66,3b,05,39,97,82,de

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'explorer.exe'(3856)
c:\windows\system32\WININET.dll
c:\program files\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\ieframe.dll
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WgaTray.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-03 20:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-03 03:27
ComboFix2.txt 2009-08-03 02:26
ComboFix3.txt 2009-08-03 01:27
ComboFix4.txt 2009-08-03 01:00

Pre-Run: 103 051 427 840 bytes free
Post-Run: 11 adresárov, 102 997 381 120 voľných bajtov

542 --- E O F --- 2009-07-27 01:13
Porub33
Kolemjdoucí

Odeslat příspěvekod Porub33 2. 9. 2009 21:05

no sefe zatial to slape bez problemov,uz je to vsetko hotove?...este by som sa chcel zaroven opytat na antivirus,aky by si doporucoval?
Porub33
Kolemjdoucí

Odeslat příspěvekod Levlard 2. 9. 2009 21:39

Tenhle soubor jsme vymazali, ale vytvořil se znovu: c:\windows\S3687B798.tmp
Pravděpodobně ho bude vytvářet nějaký proces při spuštění počítače -> má koncovku .tmp a nulovou velikost, vir to nebude -> necháme ho už proto napokoji :mrgreen:

Jdi přes Start - Spustit a do volného řádku zkopíruj tento příkaz a potvrď: ComboFix /u - tohle odinstaluje ComboFix.

Podle ComboFixu máš jako měsíc nastavený srpen. Klikni pravým tlačítkem myši na hodiny v hlavním panelu - možnost: Upravit datum a čas - záložka: Čas v internetu - klikni na: Aktualizovat. Případně si sám datum přehoď na 2. září 2009.

NOD32 je dobrý antivirus, sám ho používám - pokud máš k němu zakoupenou licenci a nemáš proti němu výhrady, ponech si ho :-))
Life is short. Live while you can.
Levlard
VIP uživatel
Uživatelský avatar

Další stránka

Kdo je online

Uživatelé procházející toto fórum: Žádní registrovaní uživatelé a 0 návštevníků