Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Click.Giftload - very persistent infection!!


  • This topic is locked This topic is locked
3 replies to this topic

#1 Kiklop

Kiklop

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 25 April 2011 - 09:28 AM

Hi guys,

I'm really starting to get desperate, hopefully someone here can help me. I've been looking all over the place and didn't find a way, how to get rid of the Click.Giftload spyware.
I have ASUS X59SLseries laptop and as most people, the symptoms are - redirecting links from Google to other sites, slowing computer, opening new windows in my Opera browser and most importantly, I'm not able to shut down or restart computer properly... Every time I do that, the screen just gets blurred, it freezes and I need to shut it down by pressing and holding the "power" button, which is really killing me...
Probably only Spybot has been able to find the Click.Giftload infection, but it doesn't get rid of it properly and when I reboot the computer, it's obviously back. I have AVG also, which finds something, but is not able to clean it properly as well. I tried Malwarebytes and that didn't even find the spyware. I also tried to run two programmes that I found here in the forums - rkill and Combofix. The thing is, that every time I tried to run either of these, Windows just freezes the same way as in the rebooting process and I'm done... I managed to start Combofix once, in safety mode, clicking "Run as an administrator", but I wasn't able to do that again, trying couple of times and it seems it didn't get rid of the spyware as well. I do have a log from that scan so I'm adding it right here, hopefully this is the proper thing to do here (I have never posted anything in these forums). It also seems I have an corrupted MBR, we've been trying to solve it here:
http://www.bleepingcomputer.com/forums/topic393555.html/page__p__2220910__fromsearch__1#entry2220910

Thank you very much in advance for any advice, I would be very grateful! Oh and by the way, the log from ComboFix is in Czech language, but you probably know what to look for anyway. If there is a translation needed, just ask me. Thanks once again.

ComboFix 11-04-24.03 - Radim 24.04.2011 22:49:54.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3071.2556 [GMT -5:00]
Spuštěný z: c:\users\Radim\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
.
ADS - Windows: deleted 128 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Radim\AppData\Local\{5C031E4B-EB75-4F53-AF75-C8A17F8C26CA}
c:\users\Radim\AppData\Local\{5C031E4B-EB75-4F53-AF75-C8A17F8C26CA}\chrome.manifest
c:\users\Radim\AppData\Local\{5C031E4B-EB75-4F53-AF75-C8A17F8C26CA}\chrome\content\_cfg.js
c:\users\Radim\AppData\Local\{5C031E4B-EB75-4F53-AF75-C8A17F8C26CA}\chrome\content\overlay.xul
c:\users\Radim\AppData\Local\{5C031E4B-EB75-4F53-AF75-C8A17F8C26CA}\install.rdf
c:\users\Radim\AppData\Roaming\Local
c:\users\Radim\AppData\Roaming\Microsoft\AdjMmsVista.dll
c:\windows\system32\FastUserSwitchingCompatibilityex.dll
c:\windows\system32\system
c:\windows\system32\zlibwapi.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-25 do 2011-04-25 )))))))))))))))))))))))))))))))
.
.
2011-04-25 03:57 . 2011-04-25 03:57 -------- d-----w- c:\users\Radim\AppData\Local\temp
2011-04-25 03:57 . 2011-04-25 03:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-25 00:13 . 2011-04-25 00:13 -------- d-----w- c:\program files\Enigma Software Group
2011-04-25 00:12 . 2011-04-25 01:54 -------- d-----w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-04-25 00:03 . 2011-04-25 00:03 -------- d-----w- c:\users\Radim\AppData\Roaming\Malwarebytes
2011-04-25 00:03 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-25 00:03 . 2011-04-25 00:03 -------- d-----w- c:\programdata\Malwarebytes
2011-04-25 00:03 . 2011-04-25 00:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-25 00:03 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-24 23:29 . 2011-04-24 23:49 -------- d-----w- c:\programdata\PC Tools
2011-04-24 00:45 . 2011-04-24 00:45 0 ----a-w- c:\users\Radim\AppData\Local\Ifohonaje.bin
2011-04-15 13:40 . 2011-02-16 15:29 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-15 13:40 . 2011-02-16 13:24 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-15 13:40 . 2011-02-22 12:52 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 13:40 . 2011-02-22 12:52 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 13:40 . 2011-02-22 12:51 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-15 13:40 . 2011-02-22 12:51 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-15 13:40 . 2011-03-10 16:12 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 13:40 . 2011-03-10 16:12 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-11 14:13 . 2011-04-11 14:13 1409 ----a-w- c:\windows\QTFont.for
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-24 15:41 . 2008-10-23 04:08 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-02-15 18:15 . 2011-02-15 18:15 4608 ----a-w- c:\windows\system32\w95inf32.dll
2011-02-15 18:15 . 2011-02-15 18:15 2272 ----a-w- c:\windows\system32\w95inf16.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-06-02 93376]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-10-23 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-10-23 33136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-27 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-05-06 98304]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-06-02 93376]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-02-22 8522272]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"AvgUninstallURL"="start http:" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 02:52 104936 ----a-w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
2009-07-30 14:05 497000 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.0\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 17:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
2007-08-03 03:52 778240 ----a-w- c:\program files\P4P\P4P.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2007-09-03 05:37 630784 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 MpKsld25d5cff;MpKsld25d5cff;c:\windows\Temp\MpKsld25d5cff.sys [x]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2010-06-24 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-06-24 65856]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\DRIVERS\OlyCamComm.sys [2009-09-10 21648]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-25 717296]
S4 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ECACHE
*Deregistered* - AVGIDSErHrvtx
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = https://www.mojebanka.cz/InternetBanking/?L=CS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Okiprmd - c:\windows\System32\okiprmd.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-24 22:57
Windows 6.0.6001 Service Pack 1 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\users\Radim\AppData\Local\Temp\catchme.dll 53248 bytes executable
C:\ADSM_PData_0150
.
sken byl úspešně dokončen
skryté soubory: 2
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.032"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ani"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.arw"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bay"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bmp"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bw"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cr2"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.crw"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cs1"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cur"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcr"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcx"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dib"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djv"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djvu"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dng"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.emf"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.eps"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.erf"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fff"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fpx"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.gif"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.hdr"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icl"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icn"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ico"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iff"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ilbm"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.int"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.inta"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iw4"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2c"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2k"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jfif"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jif"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jp2"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpc"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpe"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpeg"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpg"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpk"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpx"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.lbm"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mef"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mos"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mrw"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.nef"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.orf"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pbm"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcd"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pct"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcx"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pef"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pgm"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pic"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pict"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pix"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.png"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ppm"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psd"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psp"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pspimage"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raf"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ras"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raw"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgb"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgba"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rle"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rsb"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sgi"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sr2"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.srf"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tga"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.thm"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tif"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tiff"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttc"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttf"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10o"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10p"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10pf"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbm"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbmp"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wmf"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xbm"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xif"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xmp"
.
[HKEY_USERS\S-1-5-21-1958480833-1477067478-3387154408-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xpm"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-04-24 23:00:29
ComboFix-quarantined-files.txt 2011-04-25 04:00
.
Před spuštěním: Volných bajtů: 60 868 714 496
Po spuštění: Volných bajtů: 60 936 609 792
.
- - End Of File - - F353E1D155B8817674A8CF5CA3D89999

Edited by Kiklop, 25 April 2011 - 02:58 PM.


BC AdBot (Login to Remove)

 


#2 Kiklop

Kiklop
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 25 April 2011 - 10:17 AM

I just read the tutorial, sorry about that. I ran the DDS programme succesfully and here is the log plus + attach.txt. Unfortunatelly, I wasn't able to start the Gmer programme. It did the same thing as with ComboFix, when I tried to run it, the computer freezes.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Radim at 9:55:01,01 on po 25.04.2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3071.1297 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\ASUSTPE.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\ASScrPro.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Olympus\ib\olycamdetect.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Opera\Opera.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\ICQ7.0\ICQ.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Radim\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.mojebanka.cz/InternetBanking/?L=CS
uURLSearchHooks: H - No File
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mURLSearchHooks: H - No File
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Podpora odkazu pro Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Foxit Editor Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Foxit Editor Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Olympus ib] "c:\program files\olympus\ib\olycamdetect.exe" /Startup
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [ASUSTPE] c:\windows\system32\ASUSTPE.exe
mRun: [ASUS Camera ScreenSaver] c:\windows\ASScrProlog.exe
mRun: [ASUS Screen Saver Protector] c:\windows\ASScrPro.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MDS_Menu] "c:\program files\olympus\ib\muitransfer\muistartmenu.exe" "c:\program files\olympus\ib" updatewithcreateonce "software\olympus\ib\1.0"
mRun: [Olympus ib] "c:\program files\olympus\ib\olycamdetect.exe" /Startup
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.cz/cz.special-uninstallation-feedback-appf?lic=OQBGAFIARQBFAC0AVgA2AFoASgBBAC0AQgBOADIAWQBRAC0ARgAzAFYAUwBSAC0AVgBXAFMAUgA0AC0AVgBZADcATQBaAA"&"inst=NwA3AC0ANAA1ADcANAA3ADEANAA1ADgALQBWAE8AUAArADMALQBYAE8AMwA2ACsAMQAtAE4AMQBEACsAMQAtAEYATAArADkALQBYAE8AOQArADEA"&"prod=90"&"ver=9.0.894
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\icq7.0\ICQ.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrsstx.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2011-4-24 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2011-4-24 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2011-4-24 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2011-4-24 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2011-4-24 308136]
R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2010-2-23 246520]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2010-6-24 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-6-24 65856]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2007-6-19 47616]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2010-4-1 25832]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [2009-9-10 21648]
.
=============== Created Last 30 ================
.
2011-04-25 04:36:59 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2011-04-25 04:36:53 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-04-25 04:36:30 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-04-25 04:36:14 -------- d-----w- c:\windows\system32\drivers\Avg
2011-04-25 04:00:34 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-25 04:00:32 -------- d-----w- c:\users\radim\appdata\local\temp
2011-04-25 03:46:42 98816 ----a-w- c:\windows\sed.exe
2011-04-25 03:46:42 89088 ----a-w- c:\windows\MBR.exe
2011-04-25 03:46:42 256512 ----a-w- c:\windows\PEV.exe
2011-04-25 03:46:42 161792 ----a-w- c:\windows\SWREG.exe
2011-04-25 00:13:34 -------- d-----w- c:\program files\Enigma Software Group
2011-04-25 00:12:27 -------- d-----w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-04-25 00:03:35 -------- d-----w- c:\users\radim\appdata\roaming\Malwarebytes
2011-04-25 00:03:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-25 00:03:21 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-25 00:03:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-25 00:03:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-24 23:29:43 -------- d-----w- c:\progra~2\PC Tools
2011-04-24 00:45:04 0 ----a-w- c:\users\radim\appdata\local\Ifohonaje.bin
2011-04-15 13:40:08 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-15 13:40:08 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-15 13:40:05 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 13:40:05 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 13:40:05 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-15 13:40:04 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-15 13:40:01 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 13:40:01 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-11 14:13:48 1409 ----a-w- c:\windows\QTFont.for
.
==================== Find3M ====================
.
2011-04-25 04:49:41 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-03-03 15:00:15 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 12:53:48 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 14:49:43 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-18 15:48:42 833024 ----a-w- c:\windows\system32\wininet.dll
2011-02-18 15:45:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-18 14:09:54 389632 ----a-w- c:\windows\system32\html.iec
2011-02-18 13:48:10 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-16 15:35:41 430080 ----a-w- c:\windows\system32\vbscript.dll
2011-02-15 18:15:01 4608 ----a-w- c:\windows\system32\w95inf32.dll
2011-02-15 18:15:01 2272 ----a-w- c:\windows\system32\w95inf16.dll
.
============= FINISH: 9:57:40,61 ===============

#3 Kiklop

Kiklop
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 26 April 2011 - 02:38 AM

Alright, I could not take it anymore, so I formatted the whole disk and got a clean Windows 7 install. You can close this thread then ...

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 26 April 2011 - 03:45 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users