nefunkční...webka Vyřešeno

[peacoq]

''zynga toolbar'', ...vsak ta mas uvedene ''zkontrolovat a kdyz tam bude - odinstalovat''.
A co ICQ Toolbar ?, - taky tam neni. Zase pises jen pulku.

[Reklama]

[anavi85]

tak..ja..udelam ted ten combofix

[anavi85]

icq tolbar sem odinstalovala

[peacoq]

Dobre udelej CF,...
ALE, ...mysli na to, ze zase CF muze trvat hodinu, nez skonci - a nesmi se to prerusit, protoze bude delat ''nejake operace'' a ne jen testovat zkoumat zo a jak. Posledne ti CF jel hodinu, tak na to mysli, ...kdyz budes chtit jit spat.

Soucasne si myslim, ze dokud se znova neproveri ram/ka, ze CF neni schopen udelat co ma. Nevim, jak ti to vysvetlit, proste RAM pamet je ''lebka s mozkem dohromady'' tveho PC, ktere byla poskozena (bych ti to nejak priblizil, proc bylo (a jeste i je) tak dulezite ji zkontrolovat). Mohla se castecne opravit, ale take ne uplne perfektne, a potom ti zase nesel spustit planovany test tovarnim testem - proste to chce mit jistotu.
Jednak si to logcky myslim, a uz jsem se na to i ptal, a je to skoro jasne, ze CF nemuze ''protlacit'' svoje prikazi k systemu, by ho opravoval.
Chci, aby ti tak nejak bylo jasne, proc musis vse delad presne a detailne a 2krat, a porad nic nejde dobre - ani PC, ani spousteni, a tak dokola => RAM pamet, kompl ma naborenej mozek.

Tak se rozmysli, zda zkusis CF ted zpustit, (...) co potom, kdyz pojede a pojede dobre, nebude sekly, - a budes chtit jit spat.

[anavi85]

ComboFix 10-11-26.07 - I.Radu 29.11.2010 0:09.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.1022.467 [GMT 1:00]
Spuštěný z: c:\users\I.Radu\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\I.Radu\Desktop\CFScript.txt.lnk
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-10-28 do 2010-11-28 )))))))))))))))))))))))))))))))
.

2010-11-28 23:23 . 2010-11-28 23:23 -------- d-----w- c:\users\I.Radu\AppData\Local\temp
2010-11-28 23:23 . 2010-11-28 23:23 -------- d-----w- c:\users\User\AppData\Local\temp
2010-11-28 23:23 . 2010-11-28 23:23 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-11-28 23:23 . 2010-11-28 23:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-27 10:31 . 2010-11-27 10:31 -------- d-----w- c:\users\I.Radu\AppData\Roaming\Malwarebytes
2010-11-27 10:31 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-27 10:31 . 2010-11-27 10:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-27 10:31 . 2010-11-27 10:31 -------- d-----w- c:\programdata\Malwarebytes
2010-11-27 10:31 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-27 10:23 . 2010-11-27 10:23 388096 ----a-r- c:\users\I.Radu\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-27 10:23 . 2010-11-27 10:23 -------- d-----w- c:\program files\Trend Micro
2010-11-26 23:09 . 2010-11-26 23:09 -------- d-----w- c:\windows\PixArt
2010-11-26 23:01 . 2010-11-26 23:01 -------- d-----w- c:\program files\Common Files\iLook300
2010-11-26 23:01 . 2007-11-02 10:07 6656 ----a-w- c:\windows\system32\CoInst_071029.dll
2010-11-26 23:01 . 2007-10-29 15:25 458112 ----a-w- c:\windows\system32\drivers\PAC7302.SYS
2010-11-26 23:01 . 2007-05-17 14:50 129024 ----a-w- c:\windows\system32\SP7302.AX
2010-11-26 22:54 . 2010-11-26 22:54 -------- d-----w- C:\Pac6371
2010-11-26 20:27 . 2010-11-26 20:30 -------- d-----w- c:\users\I.Radu\AppData\Local\ManyCam
2010-11-26 20:05 . 2010-11-26 20:05 -------- d-----w- c:\users\I.Radu\AppData\Local\VS Revo Group
2010-11-26 20:05 . 2009-12-30 11:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-11-26 20:05 . 2010-11-26 20:05 -------- d-----w- c:\program files\VS Revo Group
2010-11-26 13:34 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{07E40BD9-AF06-4C6D-B7F1-18468579F3C1}\mpengine.dll
2010-11-26 12:25 . 2010-11-26 12:25 -------- d-----w- c:\windows\Album
2010-11-26 12:25 . 2010-11-26 12:25 -------- d-----w- c:\program files\KYE
2010-11-25 08:37 . 2010-11-25 08:37 -------- d-----w- c:\users\User\AppData\Roaming\CTVoD
2010-11-21 01:00 . 2010-11-21 01:00 -------- d-----w- c:\programdata\NortonInstaller
2010-11-21 01:00 . 2010-11-21 01:00 -------- d-----w- c:\program files\NortonInstaller
2010-11-21 00:26 . 2010-11-26 23:19 -------- d-----w- c:\users\I.Radu\AppData\Roaming\ManyCam
2010-11-21 00:26 . 2010-11-26 21:20 -------- d-----w- c:\program files\ManyCam 2.4
2010-11-20 20:04 . 2007-01-24 14:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2010-11-20 16:12 . 2010-11-20 20:02 -------- d--h--w- c:\windows\msdownld.tmp
2010-11-20 15:46 . 2010-11-20 15:46 13824 ----a-w- c:\windows\system32\drivers\splitcam.sys
2010-11-20 15:46 . 2010-11-20 17:13 -------- d-----w- c:\program files\SplitCam
2010-11-20 15:46 . 2010-09-26 08:04 389120 ----a-w- c:\windows\system32\actskn43.ocx
2010-11-19 20:42 . 2010-11-19 20:42 -------- d-----w- c:\windows\system32\0405
2010-11-19 18:32 . 2010-11-19 18:33 -------- d-----w- c:\program files\CCleaner
2010-11-15 13:55 . 2010-11-26 17:25 -------- d-----w- c:\users\I.Radu\AppData\Roaming\Packard Bell
2010-11-12 21:46 . 2010-11-27 13:25 -------- d-----w- c:\windows\CheckSur
2010-11-11 23:02 . 2010-11-11 23:02 -------- d-----w- c:\program files\DIFX
2010-11-11 23:00 . 2010-11-11 23:00 -------- d-----w- c:\users\I.Radu\AppData\Local\Downloaded Installations
2010-11-11 23:00 . 2009-05-12 14:53 16896 ----a-w- c:\windows\system32\drivers\FlashUsb.sys
2010-11-11 23:00 . 2010-11-11 23:00 -------- d-----w- c:\program files\infineon
2010-11-11 22:59 . 2010-01-21 00:59 20864 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
2010-11-11 22:59 . 2010-01-21 00:59 24960 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2010-11-11 22:59 . 2010-01-21 00:59 13056 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
2010-11-11 22:52 . 2010-11-11 22:52 -------- d-----w- C:\KP500
2010-11-11 22:48 . 2006-05-04 07:33 53248 ----a-w- c:\windows\system32\CommonDL.dll
2010-11-11 22:48 . 2005-10-04 00:39 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-11-11 22:46 . 2010-11-11 22:49 -------- d-----w- c:\programdata\LGMOBILEAX
2010-11-11 22:06 . 2007-06-13 19:44 114688 ----a-w- c:\windows\system32\btcamvideosource.dll
2010-11-11 22:06 . 2010-11-18 23:55 -------- d-----w- c:\program files\Mobiola Web Camera 2 for S60 2nd Edition
2010-11-11 11:12 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-11 10:59 . 2010-11-11 10:59 -------- d-----w- c:\windows\cs
2010-11-11 10:44 . 2010-09-22 23:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-11-11 09:44 . 2010-11-11 09:44 -------- d-----w- c:\windows\PCHEALTH
2010-11-11 09:26 . 2010-11-11 09:26 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\8b6e3c0d1cb818206\InstallManager_WLE_WLE.exe
2010-11-11 09:21 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-11-11 09:21 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-11-11 09:21 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-11-11 09:20 . 2010-11-11 09:20 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\ac2460681cb818105\MeshBetaRemover.exe
2010-11-11 09:20 . 2010-11-11 09:20 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\aa8f89b71cb818104\DSETUP.dll
2010-11-11 09:20 . 2010-11-11 09:20 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\aa8f89b71cb818104\DXSETUP.exe
2010-11-11 09:20 . 2010-11-11 09:20 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\aa8f89b71cb818104\dsetup32.dll
2010-11-11 09:19 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-11-11 09:19 . 2010-11-11 09:19 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\806705071cb818103\DSETUP.dll
2010-11-11 09:19 . 2010-11-11 09:19 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\806705071cb818103\DXSETUP.exe
2010-11-11 09:19 . 2010-11-11 09:19 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\806705071cb818103\dsetup32.dll
2010-11-11 09:15 . 2010-11-11 09:15 6260088 ----a-w- c:\program files\Common Files\Windows Live\.cache\fa1a1f0c1cb818002\Silverlight.4.0.exe
2010-11-11 09:10 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-11-11 09:06 . 2010-11-28 10:30 -------- d-----w- c:\users\I.Radu\AppData\Local\Windows Live
2010-11-11 07:47 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-11-11 07:46 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-11-11 07:46 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-11-11 07:46 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-11-11 07:25 . 2009-10-23 17:10 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-11-09 13:25 . 2010-11-09 13:27 -------- d-----w- c:\users\I.Radu\AppData\Roaming\CTVoD
2010-11-07 21:21 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2010-11-07 21:21 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-11-07 20:06 . 2009-06-25 12:20 1446264 ----a-w- c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
2010-11-07 17:34 . 2010-11-07 17:34 -------- d-----w- c:\program files\Microsoft.NET
2010-11-07 17:32 . 2010-11-07 17:32 -------- d-----w- C:\d57353ac0bf67387aaad4a792563
2010-11-07 13:53 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-11-07 13:53 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-11-07 13:53 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-11-07 13:48 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-11-07 13:48 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-11-07 13:48 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-11-07 13:48 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-11-07 13:48 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-11-07 13:48 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-11-07 13:48 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-11-07 13:48 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-11-07 13:48 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-11-07 12:08 . 2010-11-07 12:09 -------- d-----w- c:\windows\system32\ca-ES
2010-11-07 12:08 . 2010-11-07 12:09 -------- d-----w- c:\windows\system32\eu-ES
2010-11-07 12:08 . 2010-11-07 12:09 -------- d-----w- c:\windows\system32\vi-VN
2010-11-07 11:36 . 2010-11-07 11:36 -------- d-----w- c:\windows\system32\EventProviders
2010-11-05 14:20 . 2010-11-11 13:39 -------- d-----w- c:\users\I.Radu\Tracing
2010-10-31 19:43 . 2010-10-31 19:54 -------- d-----w- c:\program files\ICQ7.2
2010-10-30 15:46 . 2010-10-30 15:46 -------- d-----w- c:\users\User\AppData\Roaming\LG Electronics

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2010-08-06 03:03 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 23:47 . 2010-09-22 23:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 23:32 . 2010-09-22 23:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-13 13:56 . 2010-10-14 08:23 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 17:23 . 2010-10-16 16:15 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 17:07 . 2010-10-16 16:15 834048 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 15:23 . 2010-10-16 16:15 389632 ----a-w- c:\windows\system32\html.iec
2010-09-07 16:12 . 2010-08-31 20:03 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 16:11 . 2010-08-31 20:02 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 15:52 . 2010-08-31 20:04 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 15:52 . 2010-08-31 20:04 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 15:47 . 2010-08-31 20:04 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 15:47 . 2010-08-31 20:03 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 15:47 . 2010-08-31 20:04 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-06 16:20 . 2010-10-16 16:25 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-16 16:25 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-16 16:25 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-16 16:25 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-16 16:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:46 . 2010-10-16 16:26 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-16 16:26 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-16 16:14 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-16 16:22 2038272 ----a-w- c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\I.Radu\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-18 136176]
"SplitCam"="c:\program files\SplitCam\SplitCam.exe" [2010-07-22 1585152]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 81920]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"BMISR"="c:\program files\KYE\WebMate\BM.exe" [2008-08-19 208896]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 pr2anmub;Ubersoldier 2 Drivers Auto Removal (pr2anmub);c:\windows\system32\pr2anmub.exe svc [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 pe3anmub;Ubersoldier 2 Environment Driver (pe3anmub);c:\windows\system32\drivers\pe3anmub.sys [2007-12-14 65152]
S0 ps7anmub;Ubersoldier 2 Synchronization Driver (ps7anmub);c:\windows\system32\drivers\ps7anmub.sys [2007-12-14 68744]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 iprip;Naslouchání RIP;c:\windows\System32\svchost.exe [2008-01-19 21504]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
.
Obsah adresáře 'Naplánované úlohy'

2010-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1996667597-2660804495-1484584364-1003Core.job
- c:\users\I.Radu\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-18 21:13]

2010-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1996667597-2660804495-1484584364-1003UA.job
- c:\users\I.Radu\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-18 21:13]

2010-11-28 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-03-02 16:34]

2010-11-28 c:\windows\Tasks\User_Feed_Synchronization-{3451234B-8353-4E0A-B34E-B3EBAA3DA1A3}.job
- c:\windows\system32\msfeedssync.exe [2010-08-09 07:33]
.
.
------- Doplňkový sken -------
.
FF - ProfilePath - c:\users\I.Radu\AppData\Roaming\Mozilla\Firefox\Profiles\7unyomxo.default\
FF - prefs.js: browser.search.selectedEngine - Obchody MALL.cz
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.0.0&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\users\I.Radu\AppData\Roaming\Mozilla\Firefox\Profiles\7unyomxo.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\I.Radu\AppData\Roaming\Mozilla\Firefox\Profiles\7unyomxo.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\I.Radu\AppData\Roaming\Mozilla\Firefox\Profiles\7unyomxo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\users\I.Radu\AppData\Roaming\Mozilla\Firefox\Profiles\7unyomxo.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Extension: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\users\I.Radu\AppData\Roaming\Mozilla\Firefox\Profiles\7unyomxo.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-29 00:23
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1996667597-2660804495-1484584364-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1B118CA8-ED1E-ABED-272E-CDD6967C0182}*]
"haollbmdbgcgapam"=hex:6b,61,6a,70,67,70,68,62,68,6d,6a,6a,63,63,61,69,6a,6f,
6a,6f,66,6e,00,00
"iaelnonhlhcclblchg"=hex:6b,61,6a,70,70,70,65,6f,66,65,6f,69,6b,65,62,63,6f,6c,
6f,65,6e,66,00,00

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-11-29 01:02:26
ComboFix-quarantined-files.txt 2010-11-29 00:02
ComboFix2.txt 2010-11-27 21:51
ComboFix3.txt 2010-11-27 17:15

Před spuštěním: Volných bajtů: 120 748 429 312
Po spuštění: Volných bajtů: 120 670 535 680

- - End Of File - - DD8E0B67DE8C55751C12BF62539C84F4

[anavi85]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:17:34, on 29.11.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\PixArt\Pac7302\Monitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\osk.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Orange Internet\UIMain.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [BMISR] C:\Program Files\KYE\WebMate\BM.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\I.Radu\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SplitCam] C:\Program Files\SplitCam\SplitCam.exe /play
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Ubersoldier 2 Drivers Auto Removal (pr2anmub) (pr2anmub) - City Interactive Sp z o.o. - C:\Windows\system32\pr2anmub.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 5754 bytes

[anavi85]

jsem mrtvější než moje..pc

[peacoq]

Tak jdi spat. Ja si delam sve veci na netu, tak to vidim. Dobrou noc ...tenhle ten uz taky spi...

[peacoq]

Takze, az se k tomu dostanes - ...je to porad dokola.
Jedna opravena chyba ram-pameti PC moc neulevila a vypada to, ze ''prikazy k oprave, ktere se snazi udelat CF se proste k PC nedostanou - jakoby nevedel kudy se k systemu protlacit'' (- ja nejsem vedator a neumim ti to jinak vysvetlit),
...jedine na co se da spolehet je to co udelal Malwarebytes, a to je malo, a vi se, ze RAM pamet byla (nebo porad je) na ceste do kytek.

Dokud se nezjistit toto, - esi v PC neni nejaky proces co provadeni prikazu treba blokuje, a nebude co mozna nejvetsi klid, ze ram-pamet je Ok > porodni baby co ti pisi a kontroluji logy, ...ti nemaji jak pomoct, protze kompl jakoby nic neprovadi.

Podle navodu v prispevku zde v tematu, nedele 9:48, - znovu spust Mem Test. Sem-tam ho sleduj, at mas prehled co se deje. Posledne pri 2000%tech testovani nasel chybu a pokusil se ji opravit, a spustil se znovu. To, ze nasel chybu relativne pozde je tim, ze on kontroluje pamet jakoby v cyklech dokola a porad dukladneji a dukladneji... Je to zadarmo a tak se nevi, kde chyba byla, jaky sektor je poskozeny, atd.
Takze - spust ho a pobezi aspon hodinu a dosahne 3000% Coverage ,
- kdyz nenarazi na problem, kdyz ano zopakuje se to co poprve a tak ho nech dal bezet, a ZA HODINU SE PODIVEJ, jak je na tom.

/ ...ja jsem doma, odpoledne jdu na postu, a tak muzes psat.

[anavi85]

tak...ja..jdu..na..to

[peacoq]

Vis co by me zajimalo, ...jak ty vlastne spoustis Combo Fix (?),... (- jakoze spatne, to je jasne, ale jak vubec technicky)

Dival jsem, ze CF spoustis ze stazenych souboru, nikoli z plochy - jak jsi mela a bylo i napsano ''stahni a uloz ho na plochu a spust ho, tj. tedy z plochy''; Spuštěný z: c:\users\I.Radu\Downloads\ComboFix.exe
Spravne ma byt: Spuštěný z: c:\users\I.Radu\DESKTOP\ComboFix.exe

To znamena, ze CF mas ve slozce kam se stahnul a NEPREMISTILA jsi ho na plochu, ale poustela jsi ho z otevrene slozky stazenin ( ?, - jak bez otazniku rika zapis o prubehu operace ''Spusten z...Downloads'' ), coz mi potom neni jasne, jak jsi pracovala s premistovanim scriptu ?,
- to jsi si na plochu presunula ikonu - zastupce spousteni programu, a nebo mi spis pripada, ze delas toto,
- script mas na plose, ten uchopis a presunes ho nad ikonku CF ve slozce stazenych souboru, a nebo
- sis udelala na plose ikonku CF a nad ni script upustis, ...ale CF je ve skutecnost ve slozce, kde byl stazen ==> je z toho rapl a nepracuje.

...takze se te uz nemuzu dockat RAM pamet byla sice poskozena, ale nemoznost protlacit prikazy Combo Fixy do systemu (asi) potom uz nebyla chybou ram-pameti, ale CF prose nebyl pouzivan a spousten spravne - z plochy.

[anavi85]

ale ja ho mam na plose,,zástupce,,delala sem ted mem test doslo to prez 3000 a 0 errors..tak sem to vypla