vypinanie pc z vírusu

Zpráva

Dominika Polakova

Ahoj, ja som si spravila ten combofix presne podla rád, posielam log. Pc ked zapnem tak ma hodí teraz do núdzového režimu a aby som mohla použiť net, musím ho znovu zapnút a dať save mode with networking. ak chcem aby mi fičal v normalnom režime čo treba urobit?

log:

ComboFix 11-07-21.02 - Dominika . 07. 2011 22:08:35.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.3069.1745 [GMT 2:00]
Running from: c:\users\Dominika\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\components\rlxg.dll
c:\program files\RelevantKnowledge\chrome.manifest
c:\program files\RelevantKnowledge\install.rdf
c:\program files\RelevantKnowledge\ncncf.dat
c:\program files\RelevantKnowledge\nscf.dat
c:\program files\RelevantKnowledge\rlls.dll
c:\program files\RelevantKnowledge\rlls64.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlph.dll
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\program files\RelevantKnowledge\rlvknlg64.exe
c:\program files\RelevantKnowledge\rlxf.dll
c:\program files\RelevantKnowledge\shfscp.dat
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk
c:\users\Dominika\AppData\Roaming\dwm.exe
c:\users\Dominika\AppData\Roaming\Local
c:\users\Dominika\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\Dominika\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(10).ddp
c:\users\Dominika\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(11).ddp
c:\users\Dominika\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(12).ddp
c:\users\Dominika\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(13).ddp
c:\users\Dominika\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(14).ddp
c:\users\Dominika\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(15).ddp
c:\users\Dominika\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(16).ddp
c:\users\Dominika\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\users\Dominika\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp
c:\users\Dominika\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4).ddp
c:\users\Dominika\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(5).ddp
c:\users\Dominika\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(6).ddp
c:\users\Dominika\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(7).ddp
c:\users\Dominika\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(8).ddp
c:\users\Dominika\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(9).ddp
c:\users\Dominika\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\Dominika\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\users\Dominika\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\xgnmoj.mp4.ddp
c:\users\Dominika\AppData\Roaming\Microsoft\conhost.exe
c:\windows\proc_list1.log
c:\windows\services32.exe
c:\windows\system32\no
c:\windows\system32\no\toscdspd.cpl.mui
c:\windows\system32\SV
c:\windows\system32\SV\toscdspd.cpl.mui
c:\windows\system32\wfwindowp32.dll
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.tray-14-0\svchost.exe
c:\windows\update.tray-15-0\svchost.exe
c:\windows\update.tray-2-0\svchost.exe
c:\windows\update.tray-3-0\svchost.exe
c:\windows\update.tray-7-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RelevantKnowledge
-------\Service_wxpdrivers
.
.
((((((((((((((((((((((((( Files Created from 2011-06-21 to 2011-07-21 )))))))))))))))))))))))))))))))
.
.
2011-07-21 20:03 . 2011-07-21 20:03 -------- d-----w- C:\32788R22FWJFW
2011-07-21 16:30 . 2011-07-21 16:30 -------- d-----w- c:\users\Dominika\AppData\Roaming\RegistryKeys
2011-07-21 15:40 . 2011-07-21 16:12 -------- d-----w- c:\programdata\MFAData
2011-07-21 13:08 . 2011-07-21 20:17 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-21 13:08 . 2011-07-21 13:08 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-21 12:36 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-21 12:36 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-21 12:36 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-21 12:36 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-21 12:36 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-21 12:36 . 2011-02-23 13:55 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-21 12:35 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-07-21 12:35 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-17 23:18 . 2011-07-17 23:18 -------- d-----w- c:\program files\Application Updater
2011-07-17 23:18 . 2011-07-17 23:18 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2011-07-17 23:14 . 2011-07-21 13:16 -------- d-----w- c:\windows\av_ico
2011-07-17 22:58 . 2011-07-21 20:17 -------- d--h--w- c:\windows\update.tray-3-0
2011-07-17 22:58 . 2011-07-21 20:17 -------- d--h--w- c:\windows\update.tray-2-0
2011-07-17 22:58 . 2011-07-21 20:17 -------- d--h--w- c:\windows\update.tray-15-0
2011-07-17 22:58 . 2011-07-21 20:17 -------- d--h--w- c:\windows\update.tray-14-0
2011-07-17 22:58 . 2011-07-19 04:36 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-07-17 22:58 . 2011-07-19 04:36 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-07-17 22:58 . 2011-07-19 04:36 -------- d--h--w- c:\windows\update.tray-15-0-lnk
2011-07-17 22:58 . 2011-07-19 04:36 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-07-17 10:09 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{437D4EE8-748A-4232-9F48-EF8DB4521709}\mpengine.dll
2011-07-13 16:38 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 16:38 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 16:38 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-06 10:24 . 2011-07-06 10:24 -------- d-----w- c:\program files\Webteh
2011-07-04 08:50 . 2011-03-31 17:30 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-07-04 08:50 . 2011-03-31 17:30 120104 ----a-w- c:\windows\system32\SynTPCo9.dll
2011-07-04 08:50 . 2011-03-31 17:30 218408 ----a-w- c:\windows\system32\SynCtrl.dll
2011-07-04 08:50 . 2011-03-31 17:30 173352 ----a-w- c:\windows\system32\SynCOM.dll
2011-07-04 08:50 . 2011-03-31 17:32 1335472 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-07-04 08:06 . 2011-07-04 08:18 -------- d-----w- c:\users\Dominika\AppData\Local\ElevatedDiagnostics
2011-07-03 21:50 . 2011-07-03 21:51 -------- d-----w- c:\users\Guest\AppData\Local\ApplicationHistory
2011-07-03 21:50 . 2011-07-03 21:50 -------- d-----w- c:\users\Guest\AppData\Roaming\Synaptics
2011-07-02 18:10 . 2011-07-02 18:10 -------- d-----w- c:\programdata\HP
2011-07-02 18:10 . 2011-07-02 18:10 -------- d-----w- c:\programdata\Hewlett-Packard
2011-07-02 18:10 . 2011-07-21 19:59 -------- d-----w- c:\users\Dominika\AppData\Local\ApplicationHistory
2011-07-02 17:57 . 2011-07-02 18:18 -------- d-----w- c:\program files\HP
2011-07-02 17:55 . 2011-07-02 17:55 -------- d-----w- c:\windows\system32\URTTEMP
2011-07-02 17:54 . 2011-07-02 18:14 -------- d--h--w- c:\program files\Avago-HP
2011-07-02 17:52 . 2008-02-20 21:44 65536 ----a-w- c:\windows\system32\HPPLVS.dll
2011-07-02 17:52 . 2008-04-28 04:14 284160 ----a-w- c:\windows\system32\HP1006LM.DLL
2011-06-29 09:52 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-28 11:52 . 2011-06-28 11:52 -------- d-----w- c:\program files\Free MP4 Converter
2011-06-22 14:54 . 2011-06-22 14:54 -------- d-----w- c:\program files\Common Files\Pinnacle
2011-06-22 14:53 . 2011-06-22 14:53 -------- d-----w- c:\users\Dominika\AppData\Local\Downloaded Installations
2011-06-22 14:51 . 2011-07-03 03:52 -------- d-----w- c:\users\Dominika\AppData\Local\Avid
2011-06-22 14:39 . 2011-06-22 14:39 -------- d-----w- c:\program files\Common Files\Pegasus Imaging
2011-06-22 14:39 . 2011-06-22 14:39 -------- d-----w- c:\program files\Pinnacle
2011-06-22 14:39 . 2011-06-22 14:39 -------- d-----w- c:\program files\Avid
2011-06-22 14:37 . 2011-06-22 14:37 -------- d-----w- c:\programdata\Pinnacle
2011-06-22 14:22 . 2011-06-22 14:51 -------- d-----w- c:\programdata\Avid
2011-06-22 11:23 . 2011-06-22 11:23 -------- d-----w- c:\users\Dominika\AppData\Local\WMTools Downloaded Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-21 17:50 . 2011-06-21 17:50 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-06-20 18:08 . 2011-06-20 18:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-20 06:57 . 2011-07-18 18:50 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{045706F4-4863-4986-93A4-901DAC899254}\mpengine.dll
2011-06-07 15:55 . 2010-03-08 15:18 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-24 17:14 . 2009-10-26 17:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-05 14:26 . 2011-05-05 14:26 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-05 14:26 . 2011-05-05 14:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-05-05 14:26 . 2011-05-05 14:26 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-05 14:26 . 2011-05-05 14:26 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-05 14:26 . 2011-05-05 14:26 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-05 14:26 . 2011-05-05 14:26 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-05-05 14:26 . 2011-05-05 14:26 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-05 14:26 . 2011-05-05 14:26 367104 ----a-w- c:\windows\system32\html.iec
2011-05-05 14:26 . 2011-05-05 14:26 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-05-05 14:26 . 2011-05-05 14:26 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-05 14:26 . 2011-05-05 14:26 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-05 14:26 . 2011-05-05 14:26 152064 ----a-w- c:\windows\system32\wextract.exe
2011-05-05 14:26 . 2011-05-05 14:26 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-05-05 14:26 . 2011-05-05 14:26 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-05 14:26 . 2011-05-05 14:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-05 14:26 . 2011-05-05 14:26 11776 ----a-w- c:\windows\system32\mshta.exe
2011-05-05 14:26 . 2011-05-05 14:26 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-05 14:26 . 2011-05-05 14:26 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-05 14:26 . 2011-05-05 14:26 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-02 17:16 . 2011-06-15 21:58 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25 . 2011-06-15 21:58 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25 . 2011-06-15 21:58 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24 . 2011-06-15 21:58 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24 . 2011-06-15 21:58 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24 . 2011-06-15 21:58 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-22 23:35 . 2011-06-16 10:08 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-22 23:25 . 2011-06-16 10:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-16 04:53 . 2011-07-06 15:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-09 08:23 . 2010-07-09 08:23 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-04-29 1490312]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Freecorder\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-04-29 10:12 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-04-29 1490312]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-04-29 1490312]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-17 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-06-29 124216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-09 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-04-29 395144]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-06-24 534880]
.
c:\users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2009-4-25 98688]
TipCam.lnk - c:\program files\uTIPu\tipc.exe [2009-10-19 8836744]
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-11-3 113664]
OfficeSAS.lnk - c:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-4-8 122264]
Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2011-7-4 45056]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1862361349-3501387422-1277301654-1000]
"EnableNotificationsRef"=dword:00000001
.
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-06-24 393112]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2008-03-26 34128]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 14:49]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 14:49]
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1862361349-3501387422-1277301654-1000Core.job
- c:\users\Dominika\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-23 17:58]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1862361349-3501387422-1277301654-1000UA.job
- c:\users\Dominika\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-23 17:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyServer = http=127.0.0.1:49838
uSearchAssistant = hxxp://search.qip.ru/ie
uCustomizeSearch = hxxp://search13.net/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: S&end to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Dominika\AppData\Roaming\Mozilla\Firefox\Profiles\fagk98yn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\AVAST Software\Avast\ashShell.dll
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKLM-Run-ITSecMng - c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-Run-MSC - c:\program files\Microsoft Security Client\msseces.exe
HKLM-Run-wxpdrv - c:\windows\services32.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - c:\windows\update.tray-15-0\svchost.exe
HKLM-Run-tray_ico1 - c:\windows\update.tray-7-0\svchost.exe
HKLM-Run-tray_ico2 - c:\windows\update.tray-3-0\svchost.exe
HKLM-Run-tray_ico3 - c:\windows\update.tray-14-0\svchost.exe
HKLM-Run-tray_ico4 - c:\windows\update.tray-2-0\svchost.exe
HKLM-Run-avast - c:\program files\AVAST Software\Avast\avastUI.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Freecorder Toolbar - c:\program files\Freecorder\uninstall.exe
AddRemove-Stylish Profile - c:\program files\Stylish Profile\uninstall.exe
AddRemove-{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23} - c:\program files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-21 22:23
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????<?%????P?\?x?\???\???\??
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Narrator.exe
c:\windows\helppane.exe
.
**************************************************************************
.
Completion time: 2011-07-21 22:27:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-21 20:27
.
Pre-Run: 44 108 148 736 bytes free
Post-Run: 63 573 094 400 bytes free
.
- - End Of File - - 73EBBD276C727CA37C45DC2B145CB410

#2 Příspěvek od **vyosek** » 22 črc 2011 09:42

Zdravim a pekny den preji

Prosim o strpeni, uz pisu docistovaci skript a postup

#3 Příspěvek od **vyosek** » 22 črc 2011 09:53

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
msconfig
```
Kliknete na OK
Prepnete se na zalozku Spuštění počítače
Podivejte se, ci nemate zaskrtnute Bezpecne spousteni - pokud ano, tak odskrtnete
Nasledny restart by jiz mel vest do normalniho rezimu

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT1060933
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyServer = http=127.0.0.1:49838
uSearchAssistant = hxxp://search.qip.ru/ie
uCustomizeSearch = hxxp://search13.net/

File::
c:\windows\system32\ConduitEngine.tmp
c:\program files\Freecorder\prxtbFre0.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk 
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1862361349-3501387422-1277301654-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1862361349-3501387422-1277301654-1000UA.job

Folder::
c:\windows\update.tray-7-0
c:\windows\update.tray-7-0-lnk
c:\windows\av_ico
c:\windows\update.tray-3-0
c:\windows\update.tray-2-0
c:\windows\update.tray-15-0
c:\windows\update.tray-14-0
c:\windows\update.tray-3-0-lnk
c:\windows\update.tray-2-0-lnk
c:\windows\update.tray-15-0-lnk
c:\program files\Ask.com
c:\program files\Common Files\Spigot\Search Settings
c:\program files\Family Toolbar

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"=-
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"=-
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[-HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[-HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[-HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[-HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
[-HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
"WMPNSCFG"=-
"ICQ"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"DivXUpdate"=-
"DivX Download Manager"=-
"QuickTime Task"=-
"NeroFilterCheck"=-
"ApnUpdater"=-
"SearchSettings"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1862361349-3501387422-1277301654-1000]

Firefox::
FF - ProfilePath - c:\users\Dominika\AppData\Roaming\Mozilla\Firefox\Profiles\fagk98yn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT17505 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 1750559&q=

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Dominika Polakova

dakujem velmi pekne, ked sa vratim z prace poobede vyskusam to...sand to pojde...a potom pokracujeme, skopirujem tu, co mi vybehlo

)

#5 Příspěvek od **vyosek** » 22 črc 2011 11:17

Ok, ja tu tez budu nakukovat

Dominika Polakova

no nabehol mi normalny rezim hned po zadani toho prveho kodu! teraz by uz vsetko malo byt ok? mam pocitac vycisteny a je potreba nainstalovat nejaky antivirus?

#7 Příspěvek od **vyosek** » 22 črc 2011 18:58

Udelejte jeste ten krok se skriptem ComboFixu - ten PC docisti

Dominika Polakova

vykonala som ten combofix..posielam log

ComboFix 11-07-21.02 - Dominika . 07. 2011 20:04:04.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.3069.1558 [GMT 2:00]
Running from: c:\users\Dominika\Desktop\ComboFix.exe
Command switches used :: c:\users\Dominika\Desktop\CFScript.txt.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\program files\Freecorder\prxtbFre0.dll"
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk"
"c:\windows\system32\ConduitEngine.tmp"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1862361349-3501387422-1277301654-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1862361349-3501387422-1277301654-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_82b8.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Common Files\Spigot\Search Settings
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files\Family Toolbar
c:\program files\Family Toolbar\about.gif
c:\program files\Family Toolbar\about.html
c:\program files\Family Toolbar\active.html
c:\program files\Family Toolbar\addPhotos.gif
c:\program files\Family Toolbar\alerts.gif
c:\program files\Family Toolbar\anniversary.gif
c:\program files\Family Toolbar\AR.gif
c:\program files\Family Toolbar\banner.html
c:\program files\Family Toolbar\basis.xml
c:\program files\Family Toolbar\BG.gif
c:\program files\Family Toolbar\birthday.gif
c:\program files\Family Toolbar\buyFamilyGifts.gif
c:\program files\Family Toolbar\calendar.gif
c:\program files\Family Toolbar\clearhist.exe
c:\program files\Family Toolbar\clearSearchHistory.gif
c:\program files\Family Toolbar\collage.gif
c:\program files\Family Toolbar\createFamilySite.gif
c:\program files\Family Toolbar\CS.gif
c:\program files\Family Toolbar\DA.gif
c:\program files\Family Toolbar\dbghelp.dll
c:\program files\Family Toolbar\DE.gif
c:\program files\Family Toolbar\EL.gif
c:\program files\Family Toolbar\EN.gif
c:\program files\Family Toolbar\ES.gif
c:\program files\Family Toolbar\Family_Toolbar.dll
c:\program files\Family Toolbar\family_toolbar.xpi
c:\program files\Family Toolbar\familyTree.gif
c:\program files\Family Toolbar\femaleOnline.gif
c:\program files\Family Toolbar\femaleOnlineAway.gif
c:\program files\Family Toolbar\FI.gif
c:\program files\Family Toolbar\FR.gif
c:\program files\Family Toolbar\HE.gif
c:\program files\Family Toolbar\HR.gif
c:\program files\Family Toolbar\HU.gif
c:\program files\Family Toolbar\chat.html
c:\program files\Family Toolbar\icons.bmp
c:\program files\Family Toolbar\inboxOff.gif
c:\program files\Family Toolbar\inboxOn.gif
c:\program files\Family Toolbar\info.txt
c:\program files\Family Toolbar\inviteFamily.gif
c:\program files\Family Toolbar\IT.gif
c:\program files\Family Toolbar\logoff.gif
c:\program files\Family Toolbar\logOnToMH.gif
c:\program files\Family Toolbar\LT.gif
c:\program files\Family Toolbar\maleOnline.gif
c:\program files\Family Toolbar\maleOnlineAway.gif
c:\program files\Family Toolbar\MHlogo.gif
c:\program files\Family Toolbar\morph.gif
c:\program files\Family Toolbar\NL.gif
c:\program files\Family Toolbar\NO.gif
c:\program files\Family Toolbar\off.exe
c:\program files\Family Toolbar\online.gif
c:\program files\Family Toolbar\PB.gif
c:\program files\Family Toolbar\photos.gif
c:\program files\Family Toolbar\PL.gif
c:\program files\Family Toolbar\privacy.gif
c:\program files\Family Toolbar\PT.gif
c:\program files\Family Toolbar\reload.gif
c:\program files\Family Toolbar\RO.gif
c:\program files\Family Toolbar\RU.gif
c:\program files\Family Toolbar\search.gif
c:\program files\Family Toolbar\site.gif
c:\program files\Family Toolbar\sites.gif
c:\program files\Family Toolbar\SK.gif
c:\program files\Family Toolbar\SR.gif
c:\program files\Family Toolbar\stub.xml
c:\program files\Family Toolbar\SV.gif
c:\program files\Family Toolbar\tagPeople.gif
c:\program files\Family Toolbar\TB_AR.gif
c:\program files\Family Toolbar\TB_BG.gif
c:\program files\Family Toolbar\TB_CS.gif
c:\program files\Family Toolbar\TB_DA.gif
c:\program files\Family Toolbar\TB_DE.gif
c:\program files\Family Toolbar\TB_EL.gif
c:\program files\Family Toolbar\TB_EN.gif
c:\program files\Family Toolbar\TB_ES.gif
c:\program files\Family Toolbar\TB_FI.gif
c:\program files\Family Toolbar\TB_FR.gif
c:\program files\Family Toolbar\TB_HE.gif
c:\program files\Family Toolbar\TB_HR.gif
c:\program files\Family Toolbar\TB_HU.gif
c:\program files\Family Toolbar\TB_IT.gif
c:\program files\Family Toolbar\TB_LT.gif
c:\program files\Family Toolbar\TB_NL.gif
c:\program files\Family Toolbar\TB_NO.gif
c:\program files\Family Toolbar\TB_PB.gif
c:\program files\Family Toolbar\TB_PL.gif
c:\program files\Family Toolbar\TB_PT.gif
c:\program files\Family Toolbar\TB_RO.gif
c:\program files\Family Toolbar\TB_RU.gif
c:\program files\Family Toolbar\TB_SK.gif
c:\program files\Family Toolbar\TB_SR.gif
c:\program files\Family Toolbar\TB_SV.gif
c:\program files\Family Toolbar\TB_TR.gif
c:\program files\Family Toolbar\TB_UK.gif
c:\program files\Family Toolbar\tbcore3.dll
c:\program files\Family Toolbar\tbhelper.dll
c:\program files\Family Toolbar\tbs_include_script_000391.js
c:\program files\Family Toolbar\tbs_include_script_000733.js
c:\program files\Family Toolbar\tbs_include_script_000784.js
c:\program files\Family Toolbar\tbs_include_script_001134.js
c:\program files\Family Toolbar\tbs_include_script_002287.js
c:\program files\Family Toolbar\tbs_include_script_002346.js
c:\program files\Family Toolbar\tbs_include_script_002789.js
c:\program files\Family Toolbar\tbs_include_script_002833.js
c:\program files\Family Toolbar\tbs_include_script_003080.js
c:\program files\Family Toolbar\tbs_include_script_003083.js
c:\program files\Family Toolbar\tbs_include_script_004456.js
c:\program files\Family Toolbar\tbs_include_script_004711.js
c:\program files\Family Toolbar\tbs_include_script_004823.js
c:\program files\Family Toolbar\tbs_include_script_004824.js
c:\program files\Family Toolbar\tbs_include_script_005792.js
c:\program files\Family Toolbar\tbs_include_script_006838.js
c:\program files\Family Toolbar\tbs_include_script_007158.js
c:\program files\Family Toolbar\tbs_include_script_007564.js
c:\program files\Family Toolbar\tbs_include_script_007690.js
c:\program files\Family Toolbar\tbs_include_script_007803.js
c:\program files\Family Toolbar\tbs_include_script_008357.js
c:\program files\Family Toolbar\tbs_include_script_008502.js
c:\program files\Family Toolbar\tbs_include_script_009578.js
c:\program files\Family Toolbar\tbs_include_script_009807.js
c:\program files\Family Toolbar\tbs_include_script_011492.js
c:\program files\Family Toolbar\tbs_include_script_011550.js
c:\program files\Family Toolbar\tbs_include_script_011614.js
c:\program files\Family Toolbar\tbs_include_script_011637.js
c:\program files\Family Toolbar\tbs_include_script_012671.js
c:\program files\Family Toolbar\tbs_include_script_013916.js
c:\program files\Family Toolbar\tbs_include_script_014484.js
c:\program files\Family Toolbar\tbs_include_script_014583.js
c:\program files\Family Toolbar\tbs_include_script_014799.js
c:\program files\Family Toolbar\tbs_include_script_015508.js
c:\program files\Family Toolbar\tbs_include_script_015800.js
c:\program files\Family Toolbar\tbs_include_script_016179.js
c:\program files\Family Toolbar\tbs_include_script_016289.js
c:\program files\Family Toolbar\tbs_include_script_016678.js
c:\program files\Family Toolbar\tbs_include_script_017022.js
c:\program files\Family Toolbar\tbs_include_script_017427.js
c:\program files\Family Toolbar\tbs_include_script_018243.js
c:\program files\Family Toolbar\tbs_include_script_018279.js
c:\program files\Family Toolbar\tbs_include_script_018505.js
c:\program files\Family Toolbar\tbs_include_script_020098.js
c:\program files\Family Toolbar\tbs_include_script_020109.js
c:\program files\Family Toolbar\tbs_include_script_020129.js
c:\program files\Family Toolbar\tbs_include_script_020859.js
c:\program files\Family Toolbar\tbs_include_script_022495.js
c:\program files\Family Toolbar\tbs_include_script_023942.js
c:\program files\Family Toolbar\tbs_include_script_025757.js
c:\program files\Family Toolbar\tbs_include_script_025787.js
c:\program files\Family Toolbar\tbs_include_script_026799.js
c:\program files\Family Toolbar\tbs_include_script_026954.js
c:\program files\Family Toolbar\tbs_include_script_027482.js
c:\program files\Family Toolbar\tbs_include_script_027696.js
c:\program files\Family Toolbar\tbs_include_script_028246.js
c:\program files\Family Toolbar\tbs_include_script_028279.js
c:\program files\Family Toolbar\tbs_include_script_029390.js
c:\program files\Family Toolbar\tbs_include_script_030206.js
c:\program files\Family Toolbar\tbs_include_script_030277.js
c:\program files\Family Toolbar\tbs_include_script_030359.js
c:\program files\Family Toolbar\tbs_include_script_030760.js
c:\program files\Family Toolbar\tbs_include_script_030814.js
c:\program files\Family Toolbar\tbs_include_script_031331.js
c:\program files\Family Toolbar\tbs_include_script_031332.js
c:\program files\Family Toolbar\tbs_include_script_031711.js
c:\program files\Family Toolbar\tbs_include_script_032188.js
c:\program files\Family Toolbar\tbs_include_script_032423.js
c:\program files\Family Toolbar\tbs_include_script_032495.js
c:\program files\Family Toolbar\tellAFriend.gif
c:\program files\Family Toolbar\toolbarSetting.gif
c:\program files\Family Toolbar\TR.gif
c:\program files\Family Toolbar\UK.gif
c:\program files\Family Toolbar\uninstall.exe
c:\program files\Family Toolbar\uninstall.gif
c:\program files\Family Toolbar\update.exe
c:\program files\Family Toolbar\updateToolbar.gif
c:\program files\Family Toolbar\userSite.gif
c:\program files\Family Toolbar\version.txt
c:\program files\Family Toolbar\whatsNew.gif
c:\program files\Freecorder\prxtbFre0.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\av_ico\ico_defender_start.ico
c:\windows\av_ico\ico_Essentials_start.ico
c:\windows\av_ico\ico_NOD_AV_START.ico
c:\windows\av_ico\ico_NOD_SS_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\system32\ConduitEngine.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1862361349-3501387422-1277301654-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1862361349-3501387422-1277301654-1000UA.job
c:\windows\update.tray-14-0
c:\windows\update.tray-15-0-lnk
c:\windows\update.tray-15-0-lnk\svchost.exe
c:\windows\update.tray-15-0
c:\windows\update.tray-2-0-lnk
c:\windows\update.tray-2-0-lnk\svchost.exe
c:\windows\update.tray-2-0
c:\windows\update.tray-3-0-lnk
c:\windows\update.tray-3-0-lnk\svchost.exe
c:\windows\update.tray-3-0
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-7-0-lnk\svchost.exe
c:\windows\update.tray-7-0
.
.
((((((((((((((((((((((((( Files Created from 2011-06-22 to 2011-07-22 )))))))))))))))))))))))))))))))
.
.
2011-07-22 18:11 . 2011-07-22 18:15 -------- d-----w- c:\users\Dominika\AppData\Local\temp
2011-07-22 18:11 . 2011-07-22 18:11 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-07-22 18:11 . 2011-07-22 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-22 17:24 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F50239A-F410-4518-B4CA-BD0A2940F8AF}\mpengine.dll
2011-07-21 16:30 . 2011-07-21 16:30 -------- d-----w- c:\users\Dominika\AppData\Roaming\RegistryKeys
2011-07-21 15:40 . 2011-07-21 16:12 -------- d-----w- c:\programdata\MFAData
2011-07-21 12:36 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-21 12:36 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-21 12:36 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-21 12:36 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-21 12:36 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-21 12:36 . 2011-02-23 13:55 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-21 12:35 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-07-21 12:35 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-17 23:18 . 2011-07-17 23:18 -------- d-----w- c:\program files\Application Updater
2011-07-17 23:18 . 2011-07-17 23:18 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2011-07-17 22:58 . 2011-07-19 04:36 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-07-17 10:09 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{437D4EE8-748A-4232-9F48-EF8DB4521709}\mpengine.dll
2011-07-13 16:38 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 16:38 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 16:38 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-06 10:24 . 2011-07-06 10:24 -------- d-----w- c:\program files\Webteh
2011-07-04 08:50 . 2011-03-31 17:30 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-07-04 08:50 . 2011-03-31 17:30 120104 ----a-w- c:\windows\system32\SynTPCo9.dll
2011-07-04 08:50 . 2011-03-31 17:30 218408 ----a-w- c:\windows\system32\SynCtrl.dll
2011-07-04 08:50 . 2011-03-31 17:30 173352 ----a-w- c:\windows\system32\SynCOM.dll
2011-07-04 08:50 . 2011-03-31 17:32 1335472 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-07-04 08:06 . 2011-07-04 08:18 -------- d-----w- c:\users\Dominika\AppData\Local\ElevatedDiagnostics
2011-07-03 21:50 . 2011-07-03 21:51 -------- d-----w- c:\users\Guest\AppData\Local\ApplicationHistory
2011-07-03 21:50 . 2011-07-03 21:50 -------- d-----w- c:\users\Guest\AppData\Roaming\Synaptics
2011-07-02 18:10 . 2011-07-02 18:10 -------- d-----w- c:\programdata\HP
2011-07-02 18:10 . 2011-07-02 18:10 -------- d-----w- c:\programdata\Hewlett-Packard
2011-07-02 18:10 . 2011-07-22 17:18 -------- d-----w- c:\users\Dominika\AppData\Local\ApplicationHistory
2011-07-02 17:57 . 2011-07-02 18:18 -------- d-----w- c:\program files\HP
2011-07-02 17:55 . 2011-07-02 17:55 -------- d-----w- c:\windows\system32\URTTEMP
2011-07-02 17:54 . 2011-07-02 18:14 -------- d--h--w- c:\program files\Avago-HP
2011-07-02 17:52 . 2008-02-20 21:44 65536 ----a-w- c:\windows\system32\HPPLVS.dll
2011-07-02 17:52 . 2008-04-28 04:14 284160 ----a-w- c:\windows\system32\HP1006LM.DLL
2011-06-29 09:52 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-28 11:52 . 2011-06-28 11:52 -------- d-----w- c:\program files\Free MP4 Converter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-20 18:08 . 2011-06-20 18:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-07 15:55 . 2010-03-08 15:18 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-24 17:14 . 2009-10-26 17:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-05 14:26 . 2011-05-05 14:26 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-05 14:26 . 2011-05-05 14:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-05-05 14:26 . 2011-05-05 14:26 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-05 14:26 . 2011-05-05 14:26 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-05 14:26 . 2011-05-05 14:26 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-05 14:26 . 2011-05-05 14:26 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-05-05 14:26 . 2011-05-05 14:26 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-05 14:26 . 2011-05-05 14:26 367104 ----a-w- c:\windows\system32\html.iec
2011-05-05 14:26 . 2011-05-05 14:26 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-05-05 14:26 . 2011-05-05 14:26 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-05 14:26 . 2011-05-05 14:26 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-05 14:26 . 2011-05-05 14:26 152064 ----a-w- c:\windows\system32\wextract.exe
2011-05-05 14:26 . 2011-05-05 14:26 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-05-05 14:26 . 2011-05-05 14:26 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-05 14:26 . 2011-05-05 14:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-05 14:26 . 2011-05-05 14:26 11776 ----a-w- c:\windows\system32\mshta.exe
2011-05-05 14:26 . 2011-05-05 14:26 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-05 14:26 . 2011-05-05 14:26 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-05 14:26 . 2011-05-05 14:26 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-02 17:16 . 2011-06-15 21:58 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25 . 2011-06-15 21:58 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25 . 2011-06-15 21:58 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24 . 2011-06-15 21:58 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24 . 2011-06-15 21:58 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24 . 2011-06-15 21:58 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 04:53 . 2011-07-06 15:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-09 08:23 . 2010-07-09 08:23 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-09 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
.
c:\users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2009-4-25 98688]
TipCam.lnk - c:\program files\uTIPu\tipc.exe [2009-10-19 8836744]
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
OfficeSAS.lnk - c:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-4-8 122264]
Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2011-7-4 45056]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1862361349-3501387422-1277301654-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-06-24 393112]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2008-03-26 34128]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: S&end to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Dominika\AppData\Roaming\Mozilla\Firefox\Profiles\fagk98yn.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0C37B053-FD68-456a-82E1-D788EE342E6F} - c:\program files\Family Toolbar\tbcore3.dll
BHO-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????<?%????P?\?x?\???\???\??
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\windows\system32\OSPPSVC.EXE
c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Toshiba TEMPRO\TempoSVC.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\System32\Narrator.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Completion time: 2011-07-22 20:21:45 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-22 18:20
ComboFix2.txt 2011-07-21 20:27
.
Pre-Run: 61 693 112 320 bytes free
Post-Run: 62 470 234 112 bytes free
.
- - End Of File - - 3EC423A48A876F2417FE692D6B80B647

co dalej?

#9 Příspěvek od **vyosek** » 22 črc 2011 19:27

Jeste nam tam neco malinko zustalo - takze si dame dalsi skript pro ComboFix - postup je stejny

Kód: Vybrat vše

KillAll::

Folder::
c:\program files\ICQ6Toolbar
c:\program files\YouTube Downloader Toolbar
c:\windows\update.tray-14-0-lnk

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1862361349-3501387422-1277301654-1000]

Reboot::

Dominika Polakova

log:

ComboFix 11-07-21.02 - Dominika . 07. 2011 20:33:14.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.3069.1752 [GMT 2:00]
Running from: c:\users\Dominika\Desktop\ComboFix.exe
Command switches used :: c:\users\Dominika\Desktop\CFScript.txt.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\1106082340\config.xml
c:\program files\ICQ6Toolbar\1106082340\Icons.bmp
c:\program files\ICQ6Toolbar\1106082340\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\1106082340\ICQToolBar.dll
c:\program files\ICQ6Toolbar\1106082340\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\1106082340\logo_small.gif
c:\program files\ICQ6Toolbar\1106082340\short.wav
c:\program files\ICQ6Toolbar\1106082340\Version.txt
c:\program files\ICQ6Toolbar\1106082340\voucher.bmp
c:\program files\ICQ6Toolbar\1106082340\voucher2.bmp
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\YouTube Downloader Toolbar
c:\program files\YouTube Downloader Toolbar\FF\chrome.manifest
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\chevron.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\chevron.xul
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\login.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\login.xul
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\parser.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\searchbox.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\searchbox.xul
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\utils.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\widgicomm.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\widgihandling.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\widgichevron.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\widgiui.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\YouTube Downloader Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\YouTube Downloader Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\YouTube Downloader Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\amazon.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\dailymotion.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\ebay.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\hulu.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\chevron.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\metacafe.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search-button.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search_youtube.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\searchbox.css
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\splitter.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\veoh.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\youtube.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\ytd.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\ytd_logo.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\ytd_logo_hover.gif
c:\program files\YouTube Downloader Toolbar\FF\install.rdf
c:\program files\YouTube Downloader Toolbar\IE\4.5\config.ini
c:\program files\YouTube Downloader Toolbar\IE\4.5\youtubedownloaderToolbarIE.dll
c:\program files\YouTube Downloader Toolbar\Res\amazon.gif
c:\program files\YouTube Downloader Toolbar\Res\dailymotion.gif
c:\program files\YouTube Downloader Toolbar\Res\ebay.gif
c:\program files\YouTube Downloader Toolbar\Res\hulu.gif
c:\program files\YouTube Downloader Toolbar\Res\icon_settings.gif
c:\program files\YouTube Downloader Toolbar\Res\metacafe.gif
c:\program files\YouTube Downloader Toolbar\Res\search-button-hover.gif
c:\program files\YouTube Downloader Toolbar\Res\search-button.gif
c:\program files\YouTube Downloader Toolbar\Res\search-chevron-hover.gif
c:\program files\YouTube Downloader Toolbar\Res\search-chevron.gif
c:\program files\YouTube Downloader Toolbar\Res\search_amazon.gif
c:\program files\YouTube Downloader Toolbar\Res\search_ebay.gif
c:\program files\YouTube Downloader Toolbar\Res\search_yahoo.gif
c:\program files\YouTube Downloader Toolbar\Res\search_youtube.gif
c:\program files\YouTube Downloader Toolbar\Res\veoh.gif
c:\program files\YouTube Downloader Toolbar\Res\widgets.xml
c:\program files\YouTube Downloader Toolbar\Res\youtube.gif
c:\program files\YouTube Downloader Toolbar\Res\ytd.gif
c:\program files\YouTube Downloader Toolbar\Res\ytd_logo.gif
c:\program files\YouTube Downloader Toolbar\Res\ytd_logo_hover.gif
c:\program files\YouTube Downloader Toolbar\WidgiHelper.exe
c:\windows\update.tray-14-0-lnk
c:\windows\update.tray-14-0-lnk\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ICQ Service
-------\Service_ICQ Service
.
.
((((((((((((((((((((((((( Files Created from 2011-06-22 to 2011-07-22 )))))))))))))))))))))))))))))))
.
.
2011-07-22 18:39 . 2011-07-22 18:43 -------- d-----w- c:\users\Dominika\AppData\Local\temp
2011-07-22 18:39 . 2011-07-22 18:39 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-07-22 18:39 . 2011-07-22 18:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-22 18:30 . 2011-07-22 18:31 -------- d-----w- C:\32788R22FWJFW
2011-07-22 17:24 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F50239A-F410-4518-B4CA-BD0A2940F8AF}\mpengine.dll
2011-07-21 16:30 . 2011-07-21 16:30 -------- d-----w- c:\users\Dominika\AppData\Roaming\RegistryKeys
2011-07-21 15:40 . 2011-07-21 16:12 -------- d-----w- c:\programdata\MFAData
2011-07-21 12:36 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-21 12:36 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-21 12:36 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-21 12:36 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-21 12:36 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-21 12:36 . 2011-02-23 13:55 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-21 12:35 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-07-21 12:35 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-17 23:18 . 2011-07-17 23:18 -------- d-----w- c:\program files\Application Updater
2011-07-17 10:09 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{437D4EE8-748A-4232-9F48-EF8DB4521709}\mpengine.dll
2011-07-13 16:38 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 16:38 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 16:38 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-06 10:24 . 2011-07-06 10:24 -------- d-----w- c:\program files\Webteh
2011-07-04 08:50 . 2011-03-31 17:30 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-07-04 08:50 . 2011-03-31 17:30 120104 ----a-w- c:\windows\system32\SynTPCo9.dll
2011-07-04 08:50 . 2011-03-31 17:30 218408 ----a-w- c:\windows\system32\SynCtrl.dll
2011-07-04 08:50 . 2011-03-31 17:30 173352 ----a-w- c:\windows\system32\SynCOM.dll
2011-07-04 08:50 . 2011-03-31 17:32 1335472 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-07-04 08:06 . 2011-07-04 08:18 -------- d-----w- c:\users\Dominika\AppData\Local\ElevatedDiagnostics
2011-07-03 21:50 . 2011-07-03 21:51 -------- d-----w- c:\users\Guest\AppData\Local\ApplicationHistory
2011-07-03 21:50 . 2011-07-03 21:50 -------- d-----w- c:\users\Guest\AppData\Roaming\Synaptics
2011-07-02 18:10 . 2011-07-02 18:10 -------- d-----w- c:\programdata\HP
2011-07-02 18:10 . 2011-07-02 18:10 -------- d-----w- c:\programdata\Hewlett-Packard
2011-07-02 18:10 . 2011-07-22 17:18 -------- d-----w- c:\users\Dominika\AppData\Local\ApplicationHistory
2011-07-02 17:57 . 2011-07-02 18:18 -------- d-----w- c:\program files\HP
2011-07-02 17:55 . 2011-07-02 17:55 -------- d-----w- c:\windows\system32\URTTEMP
2011-07-02 17:54 . 2011-07-02 18:14 -------- d--h--w- c:\program files\Avago-HP
2011-07-02 17:52 . 2008-02-20 21:44 65536 ----a-w- c:\windows\system32\HPPLVS.dll
2011-07-02 17:52 . 2008-04-28 04:14 284160 ----a-w- c:\windows\system32\HP1006LM.DLL
2011-06-29 09:52 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-28 11:52 . 2011-06-28 11:52 -------- d-----w- c:\program files\Free MP4 Converter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-20 18:08 . 2011-06-20 18:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-07 15:55 . 2010-03-08 15:18 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-24 17:14 . 2009-10-26 17:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-05 14:26 . 2011-05-05 14:26 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-05 14:26 . 2011-05-05 14:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-05-05 14:26 . 2011-05-05 14:26 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-05 14:26 . 2011-05-05 14:26 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-05 14:26 . 2011-05-05 14:26 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-05 14:26 . 2011-05-05 14:26 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-05-05 14:26 . 2011-05-05 14:26 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-05 14:26 . 2011-05-05 14:26 367104 ----a-w- c:\windows\system32\html.iec
2011-05-05 14:26 . 2011-05-05 14:26 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-05-05 14:26 . 2011-05-05 14:26 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-05 14:26 . 2011-05-05 14:26 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-05 14:26 . 2011-05-05 14:26 152064 ----a-w- c:\windows\system32\wextract.exe
2011-05-05 14:26 . 2011-05-05 14:26 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-05-05 14:26 . 2011-05-05 14:26 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-05 14:26 . 2011-05-05 14:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-05 14:26 . 2011-05-05 14:26 11776 ----a-w- c:\windows\system32\mshta.exe
2011-05-05 14:26 . 2011-05-05 14:26 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-05 14:26 . 2011-05-05 14:26 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-05 14:26 . 2011-05-05 14:26 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-02 17:16 . 2011-06-15 21:58 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25 . 2011-06-15 21:58 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25 . 2011-06-15 21:58 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24 . 2011-06-15 21:58 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24 . 2011-06-15 21:58 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24 . 2011-06-15 21:58 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 04:53 . 2011-07-06 15:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-09 08:23 . 2010-07-09 08:23 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-09 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
.
c:\users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2009-4-25 98688]
TipCam.lnk - c:\program files\uTIPu\tipc.exe [2009-10-19 8836744]
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
OfficeSAS.lnk - c:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-4-8 122264]
Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2011-7-4 45056]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1862361349-3501387422-1277301654-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-06-24 393112]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2008-03-26 34128]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: S&end to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Dominika\AppData\Roaming\Mozilla\Firefox\Profiles\fagk98yn.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????<?%????P?\?x?\???\???\??
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\windows\system32\OSPPSVC.EXE
c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Toshiba TEMPRO\TempoSVC.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\System32\Narrator.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Completion time: 2011-07-22 20:48:35 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-22 18:48
ComboFix2.txt 2011-07-22 18:21
ComboFix3.txt 2011-07-21 20:27
.
Pre-Run: 62 505 115 648 bytes free
Post-Run: 62 155 218 944 bytes free
.
- - End Of File - - 9835716E1D66C38DBF26DF1D33AEC162

dufam ze uz som vsetku háveť zabila

#11 Příspěvek od **vyosek** » 22 črc 2011 20:16

Jak se chova nas pacient

Dominika Polakova

nas pacient je v normalnom rezime, nevypol sa zatial odvtedy a okrem toho že mi vyhodí že nemam ziadny antivirusovy program je vsetko ok.. ochrana proti vírusom mi píše - nenájdené!

inak som happy...

#13 Příspěvek od **vyosek** » 22 črc 2011 20:23

Odinstalujte Combofix

Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
Napiste ComboFix /Uninstall
Stisknete Enter
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Nainstalujte antivir - doporucuji Avast Free http://www.avast.com/cs-cz/free-antivirus-download

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Dejte novy log z RSIT

Dominika Polakova

no dostala som sa len po prvy bod...vzdy ked napisem /podotykam urcite spravne lebo som si to kontrolovala/ ComboFix/Uninstall a dam ok..vyhodi mi že system windows nemoze najst subor combofix/Uninstall

#15 Příspěvek od **vyosek** » 22 črc 2011 20:40

Za combofix ma byt mezera (ComboFixmezera/Uninstall, ale udelame to jinak

Prejmenujte ikonu ComboFixu na Uninstall a spustte jej - ucinek bude stejny

VIRY.CZ

vypinanie pc z vírusu

vypinanie pc z vírusu

Re: vypinanie pc z vírusu

Re: vypinanie pc z vírusu

Re: vypinanie pc z vírusu

Re: vypinanie pc z vírusu

Re: vypinanie pc z vírusu

Re: vypinanie pc z vírusu

Re: vypinanie pc z vírusu

Re: vypinanie pc z vírusu

Re: vypinanie pc z vírusu

Re: vypinanie pc z vírusu

Re: vypinanie pc z vírusu

Re: vypinanie pc z vírusu

Re: vypinanie pc z vírusu

Re: vypinanie pc z vírusu