poprosim kontrolu - samo otvara browser

[motji]

Já Vám zapoměla napsat, že když se Vás zeptá, zda otestovat znovu, musíte dát ano .
Prosím otestujte znovu, a k odkazu mi napiště o jaký soubor se jedná. Děkuji

C:\ProgramData\hpe9222.dll
C:\Users\Dj Mirente\AppData\Roaming\scheduler.exe
C:\Users\Dj Mirente\AppData\Roaming\FileDownloader.exe
C:\Users\Dj Mirente\AppData\Roaming\install.exe
C:\Users\Dj Mirente\AppData\Roaming\pacman.exe
C:\Users\Dj Mirente\AppData\Roaming\svch0st.exe
C:\Users\Dj Mirente\AppData\Roaming\cowboy.exe

[djmirente]

Tuto to je znova
C:\ProgramData\hpe9222.dll
http://www.virustotal.com/cs/analisis/4 ... 1269330836

C:\Users\Dj Mirente\AppData\Roaming\scheduler.exe
http://www.virustotal.com/cs/analisis/e ... 1269330746

C:\Users\Dj Mirente\AppData\Roaming\FileDownloader.exe
http://www.virustotal.com/cs/analisis/3 ... 1269330515

C:\Users\Dj Mirente\AppData\Roaming\install.exe
http://www.virustotal.com/cs/analisis/3 ... 1269330931

C:\Users\Dj Mirente\AppData\Roaming\pacman.exe
http://www.virustotal.com/cs/analisis/9 ... 1269331129

C:\Users\Dj Mirente\AppData\Roaming\svch0st.exe
http://www.virustotal.com/cs/analisis/6 ... 1269331213

C:\Users\Dj Mirente\AppData\Roaming\cowboy.exe
http://www.virustotal.com/cs/analisis/1 ... 1269331323

[motji]

Fajn, pak je smažeme .
Co ten mbam?

[djmirente]

MBAM sa teraz robi, lebo vecer som uz nevladal. Dnes to tu bude

[motji]

V pořádku

[djmirente]

A aby sa nezabudlo na tie subory z virustotalu
Tu je log z MBAM
Malwarebytes' Anti-Malware 1.44
Verzia databázy: 3510
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23. 3. 2010 9:48:06
mbam-log-2010-03-23 (09-48-01).txt

Typ kontroly: Úplná (C:\|D:\|E:\|)
Objektov kontrolovaných: 275583
Uplynutý cas: 56 minute(s), 33 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 1
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 42

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\System32\memman.vxd (Rogue.sysCleaner) -> No action taken.

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\Sierra\Half-Life\gearbox\DQ2249.ICD (Trojan.Agent) -> No action taken.
C:\Users\Dj Mirente\AppData\Roaming\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> No action taken.
C:\Users\Public\Application Data\{ACD5D733-6E37-4CF9-89D9-C891DB987DEF}\offline\IFGMGCEMRAFAKNXEIMMAXFNSDRFFFF0\memman.vxd (Rogue.sysCleaner) -> No action taken.
C:\Windows\System32\memman.vxd (Rogue.sysCleaner) -> No action taken.
D:\Moje Dokumenty\softy\Fruityloops Studio Producer Edition XXL v8\Crack\fruityloops.studio.producer.edition.xxl.v8.0.0-NoPE.exe (Trojan.Downloader) -> No action taken.
D:\Moje Dokumenty\softy\Sound Forge 8.0\SPr\Keygen.exe (Trojan.Downloader) -> No action taken.
D:\Moje Dokumenty\softy\Sound Forge 8.0\SPr\SoundForge8-kg\Keygens\SoundForge8_Retail_KG.exe (Trojan.Downloader) -> No action taken.
D:\Moje Dokumenty\softy\Sound Forge 8.0\SPr\SoundForge8-kg\Keygens\SoundForge8_Trial.exe (Trojan.Downloader) -> No action taken.
D:\software\Nokia 5530XM\Taskman 9.5v5\keygen.exe (Trojan.Downloader) -> No action taken.
D:\software\Software\ACDSee Pro 2.5 build 335 CZ\ACDSeeProKeygen.exe (Trojan.Downloader) -> No action taken.
D:\software\Software\BlueSoleil 6.4.249.0WithMobile\Crack\keygen.exe (Trojan.Agent) -> No action taken.
D:\software\Software\BS.Player.Pro.v2.36.Build.990.Incl.Keymaker-CORE\Keymaker-CORE\keygen.exe (Trojan.Agent) -> No action taken.
D:\software\Software\Camtasia.Studio.6\KGN\keygen.exe (Malware.Tool) -> No action taken.
D:\software\Software\DVDFab.Platinum.5.1.0.0\Patch 5.x.exe (Trojan.Patcher) -> No action taken.
D:\software\Software\Nero 8 Ultra Edition 8.2.8.0. CZ,SK\Keygen CiM\Nero 8 Keygen.exe (Malware.Packer) -> No action taken.
D:\software\Software\Nero 8 Ultra Edition 8.2.8.0. CZ,SK\Keygen CiM\Plug-ins Keygen.exe (Malware.Packer) -> No action taken.
D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP101\A0045887.bat (Spyware.OnlineGames) -> No action taken.
D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP101\A0045888.bat (Spyware.OnlineGames) -> No action taken.
D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP101\A0045889.cmd (Spyware.OnlineGames) -> No action taken.
D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP102\A0045974.cmd (Spyware.OnlineGames) -> No action taken.
D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP103\A0046046.cmd (Spyware.OnlineGames) -> No action taken.
D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP103\A0046103.cmd (Spyware.OnlineGames) -> No action taken.
D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP104\A0046234.cmd (Spyware.OnlineGames) -> No action taken.
D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP105\A0046335.cmd (Spyware.OnlineGames) -> No action taken.
D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP105\A0046409.cmd (Spyware.OnlineGames) -> No action taken.
D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP105\A0046441.cmd (Spyware.OnlineGames) -> No action taken.
D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP106\A0046477.cmd (Spyware.OnlineGames) -> No action taken.
D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP106\A0046482.cmd (Spyware.OnlineGames) -> No action taken.
D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP106\A0046564.cmd (Spyware.OnlineGames) -> No action taken.
D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP106\A0046817.cmd (Spyware.OnlineGames) -> No action taken.
D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP107\A0046842.cmd (Spyware.OnlineGames) -> No action taken.
D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP107\A0046914.cmd (Spyware.OnlineGames) -> No action taken.
D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP108\A0046951.cmd (Spyware.OnlineGames) -> No action taken.
D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP108\A0046956.exe (Worm.AutoRun) -> No action taken.
D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP109\A0047045.cmd (Spyware.OnlineGames) -> No action taken.
D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP109\A0047054.exe (Worm.AutoRun) -> No action taken.
D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP109\A0047138.cmd (Spyware.OnlineGames) -> No action taken.
D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP109\A0047139.exe (Worm.AutoRun) -> No action taken.
D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP113\A0048564.cmd (Spyware.OnlineGames) -> No action taken.
D:\System Volume Information\_restore{4E536814-8346-4C3F-A2EC-31D4B1A8435E}\RP113\A0048596.cmd (Spyware.OnlineGames) -> No action taken.
D:\System Volume Information\_restore{C5B228DB-B238-4E7F-8C78-EC7FC4FC39B1}\RP1\A0000014.exe (Worm.AutoRun) -> No action taken.
C:\Users\Dj Mirente\AppData\Local\Temp\hi.bat (Malware.Trace) -> No action taken.

[motji]

Co našel mbam, smažte

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe


- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

[djmirente]

Log z combofix, ale tie stranky mi stale otvara z nicoho nic

ComboFix 10-03-22.02 - Dj Mirente . 03. 2010 10:00:53.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.2046.1262 [GMT 1:00]
Running from: c:\users\Dj Mirente\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\hpe9222.dll
c:\recycled\Recycled
c:\users\Dj Mirente\AppData\Roaming\cowboy.exe
c:\users\Dj Mirente\AppData\Roaming\Desktopicon
c:\users\Dj Mirente\AppData\Roaming\Desktopicon\eBayShortcuts.exe
c:\users\Dj Mirente\AppData\Roaming\inst.exe
c:\users\Dj Mirente\AppData\Roaming\pacman.exe
c:\users\Dj Mirente\AppData\Roaming\svch0st.exe
c:\windows\system32\Connect.dll
c:\windows\system32\detoured.dll
c:\windows\system32\Memman.vxd
c:\windows\system32\skinboxer43.dll
D:\Autorun.inf
E:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_DUMeterSvc


((((((((((((((((((((((((( Files Created from 2010-02-23 to 2010-03-23 )))))))))))))))))))))))))))))))
.

2010-03-23 09:09 . 2010-03-23 09:11 -------- d-----w- c:\users\Dj Mirente\AppData\Local\temp
2010-03-23 09:09 . 2010-03-23 09:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-23 08:55 . 2010-03-23 08:55 -------- d-----w- C:\32788R22FWJFW
2010-03-22 21:19 . 2010-03-22 21:19 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\Malwarebytes
2010-03-22 21:19 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-22 21:19 . 2010-03-22 21:19 -------- d-----w- c:\programdata\Malwarebytes
2010-03-22 21:19 . 2010-03-22 21:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-22 21:19 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-22 18:45 . 2009-11-12 09:03 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-03-22 18:45 . 2009-11-12 09:03 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-03-22 18:45 . 2009-11-12 09:03 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-03-22 12:23 . 2010-03-22 12:23 -------- d-----w- c:\users\Dj Mirente\AppData\Local\Threat Expert
2010-03-22 12:14 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-22 12:14 . 2009-10-30 10:09 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-03-22 12:14 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-22 12:14 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-22 12:14 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-22 12:14 . 2010-03-22 18:45 -------- d-----w- c:\programdata\PC Tools
2010-03-22 12:14 . 2010-03-22 12:14 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\PC Tools
2010-03-22 12:03 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-03-22 12:03 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-03-22 12:03 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-03-22 12:03 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2010-03-22 12:03 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2010-03-22 12:03 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-03-22 11:59 . 2010-03-23 08:53 -------- d-----w- c:\program files\Spyware Doctor
2010-03-22 11:59 . 2010-03-22 12:18 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-22 07:36 . 2010-03-22 07:36 -------- d-----w- c:\windows\system32\URTTEMP
2010-03-22 07:31 . 2010-03-23 09:06 78238 ----a-w- c:\windows\system32\perfh01B.dat
2010-03-22 07:31 . 2010-03-23 09:06 26942 ----a-w- c:\windows\system32\perfc01B.dat
2010-03-22 07:31 . 2010-03-22 07:31 -------- d-----w- c:\windows\system32\BestPractices
2010-03-22 07:31 . 2010-03-22 07:31 -------- d-----w- C:\inetpub
2010-03-20 19:08 . 2010-03-20 19:08 -------- d-----w- c:\program files\CCleaner
2010-03-20 15:11 . 2010-03-20 15:11 20480 ----a-w- c:\users\Dj Mirente\AppData\Roaming\scheduler.exe
2010-03-20 15:11 . 2010-03-20 15:11 24576 ----a-w- c:\users\Dj Mirente\AppData\Roaming\FileDownloader.exe
2010-03-20 15:06 . 2010-03-20 15:06 7558 --sh--w- c:\users\Dj Mirente\AppData\Roaming\install.exe
2010-03-20 15:05 . 2010-03-20 15:05 -------- d-----w- c:\users\Dj Mirente\AppData\Local\Sony
2010-03-20 08:37 . 2010-03-20 08:39 -------- d-----w- C:\downloads
2010-03-20 08:37 . 2010-03-20 08:37 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\GrabPro
2010-03-20 08:37 . 2010-03-20 18:55 -------- d-----w- c:\program files\Orbitdownloader
2010-03-20 08:37 . 2010-03-20 08:41 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\Orbit
2010-03-16 21:07 . 2010-03-16 21:07 7680 ----a-w- c:\users\Dj Mirente\AppData\Roaming\Thinstall\Xilisoft Video Converter Platinum\4000003c00002i\vcloader.exe
2010-03-16 21:07 . 2010-03-16 21:07 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\Thinstall
2010-03-16 15:24 . 2010-03-16 15:24 -------- d-----w- c:\program files\Common Files\Common Share
2010-03-16 15:24 . 2008-12-18 12:38 719872 ----a-w- c:\windows\system32\devil.dll
2010-03-16 15:24 . 2008-12-18 12:38 351744 ----a-w- c:\windows\system32\avisynth.dll
2010-03-16 15:24 . 2010-03-16 15:24 -------- d-----w- c:\program files\OJOsoft
2010-03-11 08:56 . 2010-03-11 08:56 -------- d-----w- c:\users\Dj Mirente\Games
2010-03-07 10:54 . 2010-03-07 10:54 442368 ----a-w- c:\users\Dj Mirente\ipscan.exe
2010-03-04 07:48 . 2010-03-04 07:48 -------- d-----w- c:\program files\VirtualDJ
2010-03-03 07:58 . 2010-03-03 08:10 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\WebStripper
2010-03-03 07:58 . 2010-03-03 07:58 -------- d-----w- c:\program files\Solent
2010-03-03 07:24 . 2010-03-03 07:24 -------- d-----w- c:\program files\r-cube
2010-02-23 11:57 . 2008-07-10 12:56 107864 ----a-w- c:\windows\system32\tsccvid.dll
2010-02-23 11:57 . 2010-02-23 11:57 -------- d-----w- c:\windows\system32\QuickTime
2010-02-23 11:57 . 2010-02-23 11:57 -------- d-----w- c:\programdata\TechSmith
2010-02-23 11:57 . 2010-02-23 11:57 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2010-02-23 11:57 . 2010-02-23 11:57 -------- d-----w- c:\program files\TechSmith
2010-02-23 11:47 . 2010-02-23 11:50 -------- d-----w- C:\Fraps
2010-02-22 16:32 . 2010-03-22 20:36 -------- d-----w- c:\program files\YRefresher
2010-02-21 09:39 . 2010-03-22 13:01 -------- d-----w- c:\program files\NirSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-23 09:13 . 2009-12-15 15:51 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\uTorrent
2010-03-23 09:13 . 2009-12-15 15:35 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\Skype
2010-03-23 07:30 . 2009-12-15 15:39 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\skypePM
2010-03-22 07:39 . 2009-12-06 20:01 -------- d-----w- c:\program files\Microsoft.NET
2010-03-22 07:36 . 2009-11-24 19:36 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\XnView
2010-03-22 06:52 . 2010-01-12 18:16 -------- d-----w- c:\program files\Blaze Media Pro
2010-03-20 15:10 . 2010-01-12 08:55 -------- d-----w- c:\program files\Sony
2010-03-20 15:05 . 2010-01-12 08:55 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\Sony
2010-03-20 08:24 . 2010-02-14 16:09 -------- d-----w- c:\program files\SpeedFan
2010-03-17 07:37 . 2009-11-27 19:43 -------- d-----w- c:\program files\ImTOO
2010-03-16 21:36 . 2010-01-27 22:10 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\vlc
2010-03-16 21:08 . 2009-12-03 08:20 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\Vso
2010-03-09 07:14 . 2009-11-09 13:22 223560 ----a-w- c:\users\Dj Mirente\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-07 14:51 . 2009-11-09 18:50 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-02 10:42 . 2009-12-15 15:38 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\ICQ
2010-02-23 21:49 . 2010-01-19 14:33 -------- d-----w- c:\program files\ICQ7.0
2010-02-22 16:49 . 2010-02-19 21:38 -------- d-----w- c:\program files\MediaInfo
2010-02-20 12:47 . 2009-11-09 16:18 -------- d-----w- c:\program files\Common Files\Ahead
2010-02-20 12:44 . 2009-11-09 16:18 -------- d-----w- c:\program files\Nero
2010-02-20 12:44 . 2010-02-20 12:30 -------- d-----w- c:\programdata\Nero
2010-02-20 12:32 . 2010-02-20 12:32 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\Nero
2010-02-19 08:26 . 2010-02-07 08:52 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\dvdcss
2010-02-18 17:52 . 2010-02-05 18:32 -------- d-----w- c:\programdata\Google Updater
2010-02-18 13:57 . 2009-11-23 20:35 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\BSplayer PRO
2010-02-13 15:43 . 2010-02-13 15:43 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\SPORE
2010-02-13 15:06 . 2009-11-09 13:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-11 11:21 . 2009-11-09 17:17 -------- d-----w- c:\programdata\Installations
2010-02-11 11:19 . 2010-02-11 11:19 -------- d-----w- c:\programdata\Nokia
2010-02-09 20:50 . 2010-02-09 20:48 -------- d-----w- c:\program files\CamStudio
2010-02-09 20:49 . 2010-02-09 20:49 1078 ----a-w- c:\windows\system32\unins000.dat
2010-02-09 20:49 . 2010-02-09 20:49 695578 ----a-w- c:\windows\system32\unins000.exe
2010-02-09 17:24 . 2009-12-12 08:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-06 14:12 . 2010-01-03 15:04 -------- d-----w- c:\program files\HighGrow
2010-02-06 08:15 . 2009-11-18 07:55 -------- d-----w- c:\program files\MyVideoConverter
2010-02-05 18:32 . 2009-12-19 15:21 -------- d-----w- c:\program files\Google
2010-02-03 19:52 . 2010-02-03 19:52 -------- d-----w- c:\programdata\WinZip
2010-01-30 18:51 . 2010-01-30 18:51 -------- d-----w- c:\program files\KC Softwares
2010-01-27 22:09 . 2010-01-27 22:09 -------- d-----w- c:\program files\VideoLAN
2010-01-12 08:55 . 2010-01-12 08:55 98 ----a-w- c:\users\Dj Mirente\AppData\Local\fusioncache.dat
2010-01-06 19:23 . 2010-01-06 19:23 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-01-03 14:44 . 2010-01-03 14:44 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-01-03 14:44 . 2010-01-03 14:44 286720 ------w- c:\windows\Setup1.exe
2010-01-02 20:03 . 2010-01-02 20:03 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-01-02 20:03 . 2010-01-02 20:03 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-12-25 17:43 . 2009-12-25 17:43 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2009-12-25 17:43 . 2009-12-25 17:43 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-25 12:38 . 2009-12-25 12:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-05 17:34 . 2009-12-22 16:05 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2009-03-13 1058816]
"HighGrow"="c:\program files\HighGrow\HighGrow.exe" [2005-04-19 1757184]
"Google Update"="c:\users\Dj Mirente\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-09 135664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-05 39408]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2007-07-22 218624]
"Infium"="c:\program files\QIP Infium\infium.exe" [2009-10-08 5662720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"CTHelper"="CTHELPER.EXE" [2009-03-04 19456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 92704]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-25 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]

c:\users\Dj Mirente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-13 717296]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2009-03-04 99352]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-09 79360]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2009-03-04 555032]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2009-03-04 100888]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2009-03-04 100888]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2009-03-04 566296]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-01-02 13224]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [2009-09-03 70408]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-11-12 33552]
R3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-09 207792]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-11-12 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-11-12 59664]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2009-10-30 233136]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/09 17:40];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-02-28 18:40 87536]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-21 112592]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2009-03-04 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2009-03-04 555032]
S3 ctgame;Game Port;c:\windows\system32\DRIVERS\ctgame.sys [2009-03-04 18840]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2009-03-04 566296]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-05 18:32]

2010-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3915007230-3236664037-1421229897-1000Core.job
- c:\users\Dj Mirente\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-09 20:53]

2010-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3915007230-3236664037-1421229897-1000UA.job
- c:\users\Dj Mirente\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-09 20:53]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: {2673009A-FCB4-4609-AB0B-2E13D1CBC4D7} = 195.146.128.60,195.146.132.59
FF - ProfilePath - c:\users\Dj Mirente\AppData\Roaming\Mozilla\Firefox\Profiles\aszpldio.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\users\Dj Mirente\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Nokia FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
AddRemove-WinZip - c:\program files\WinZip\WINZIP32.EXE



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdxata]
"ImagePath"="System32\Drivers\amdxata.svs"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3915007230-3236664037-1421229897-1000\Software\SecuROM\License information*]
"datasecu"=hex:22,03,69,f9,e0,d6,d8,41,a7,01,f3,fa,89,2c,15,75,74,6a,b5,61,76,
24,fc,74,de,ff,9c,b5,49,aa,21,76,25,52,85,4b,c6,7a,6b,f7,c6,2d,32,61,a9,aa,\
"rkeysecu"=hex:bf,dc,58,de,0a,3b,b9,79,3f,cd,b3,c2,fd,03,f9,70

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2496)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\conhost.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-03-23 10:15:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-23 09:15

Pre-Run: 10 977 075 200 bytes free
Post-Run: 10 850 390 016 bytes free

- - End Of File - - 388FD756530448124FEB2B6149BD3F62

[motji]

Zkoušel jste, jestli se otvírají i v nouzovém režimu?
Dělá to jen u Opery?

Otestujte na www.virustotal.com
c:\windows\System32\Drivers\amdxata.svs

[djmirente]

Ten subor mi nejde skontrolovat neviem preco, a nie robi to ako sa mojmu pc zachce, raz to otvori v IE potom v Opere a potom v FF, zalezi co mam otvorene.

//bude to tym ze ten subor uz v pc nieje

// a neskusal som to v nudzovom rezime, pretoze by som tam musel stravit trochu casu, neviem ono to neotvara casto, ale stale mi otvori nejake stranky

[motji]

Stáhněte SystemLook
http://jpshortstuff.247fixes.com/SystemLook.exe

- uložte ho na plochu a spustte.
- do okénka zkopírujte

Kód: Vybrat vše

:filefind
amdxata.svs

- klikněte na Look, proběhne sken, na konci se zobrazí log, jehož obsah zkopírujete sem

[djmirente]

tu je log

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 13:53 on 23/03/2010 by Dj Mirente (Administrator - Elevation successful)

========== filefind ==========

Searching for "amdxata.svs"
No files found.

-=End Of File=-

[motji]

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdxata]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"=-
Reglock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
DDS::
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:



-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci


Otestujte na www.virustotal.com
c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll

[djmirente]

Subor z virustotal
http://www.virustotal.com/cs/analisis/d ... 1269350593

Log z CF, a dlhsie tu nebudem pridem az vecer

ComboFix 10-03-22.02 - Dj Mirente . 03. 2010 14:10:10.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.2046.1283 [GMT 1:00]
Running from: c:\users\Dj Mirente\Desktop\ComboFix.exe
Command switches used :: c:\users\Dj Mirente\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\DRIVERS\nvstor.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2010-02-23 to 2010-03-23 )))))))))))))))))))))))))))))))
.

2010-03-23 13:17 . 2010-03-23 13:18 -------- d-----w- c:\users\Dj Mirente\AppData\Local\temp
2010-03-23 13:17 . 2010-03-23 13:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-23 13:17 . 2010-03-23 13:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-23 13:17 . 2010-03-23 13:17 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-03-23 13:06 . 2010-03-23 13:06 -------- d-----w- C:\32788R22FWJFW
2010-03-22 21:19 . 2010-03-22 21:19 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\Malwarebytes
2010-03-22 21:19 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-22 21:19 . 2010-03-22 21:19 -------- d-----w- c:\programdata\Malwarebytes
2010-03-22 21:19 . 2010-03-22 21:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-22 21:19 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-22 18:45 . 2009-11-12 09:03 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-03-22 18:45 . 2009-11-12 09:03 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-03-22 18:45 . 2009-11-12 09:03 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-03-22 12:23 . 2010-03-22 12:23 -------- d-----w- c:\users\Dj Mirente\AppData\Local\Threat Expert
2010-03-22 12:14 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-22 12:14 . 2009-10-30 10:09 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-03-22 12:14 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-22 12:14 . 2009-10-06 15:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-22 12:14 . 2009-09-03 08:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-22 12:14 . 2010-03-22 18:45 -------- d-----w- c:\programdata\PC Tools
2010-03-22 12:14 . 2010-03-22 12:14 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\PC Tools
2010-03-22 12:03 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-03-22 12:03 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-03-22 12:03 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-03-22 12:03 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2010-03-22 12:03 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2010-03-22 12:03 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-03-22 11:59 . 2010-03-23 08:53 -------- d-----w- c:\program files\Spyware Doctor
2010-03-22 11:59 . 2010-03-22 12:18 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-22 07:36 . 2010-03-22 07:36 -------- d-----w- c:\windows\system32\URTTEMP
2010-03-22 07:31 . 2010-03-23 13:14 78238 ----a-w- c:\windows\system32\perfh01B.dat
2010-03-22 07:31 . 2010-03-23 13:14 26942 ----a-w- c:\windows\system32\perfc01B.dat
2010-03-22 07:31 . 2010-03-22 07:31 -------- d-----w- c:\windows\system32\BestPractices
2010-03-22 07:31 . 2010-03-22 07:31 -------- d-----w- C:\inetpub
2010-03-20 19:08 . 2010-03-20 19:08 -------- d-----w- c:\program files\CCleaner
2010-03-20 15:11 . 2010-03-20 15:11 20480 ----a-w- c:\users\Dj Mirente\AppData\Roaming\scheduler.exe
2010-03-20 15:11 . 2010-03-20 15:11 24576 ----a-w- c:\users\Dj Mirente\AppData\Roaming\FileDownloader.exe
2010-03-20 15:06 . 2010-03-20 15:06 7558 --sh--w- c:\users\Dj Mirente\AppData\Roaming\install.exe
2010-03-20 15:05 . 2010-03-20 15:05 -------- d-----w- c:\users\Dj Mirente\AppData\Local\Sony
2010-03-20 08:37 . 2010-03-20 08:39 -------- d-----w- C:\downloads
2010-03-20 08:37 . 2010-03-20 08:37 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\GrabPro
2010-03-20 08:37 . 2010-03-20 18:55 -------- d-----w- c:\program files\Orbitdownloader
2010-03-20 08:37 . 2010-03-20 08:41 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\Orbit
2010-03-16 21:07 . 2010-03-16 21:07 7680 ----a-w- c:\users\Dj Mirente\AppData\Roaming\Thinstall\Xilisoft Video Converter Platinum\4000003c00002i\vcloader.exe
2010-03-16 21:07 . 2010-03-16 21:07 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\Thinstall
2010-03-16 15:24 . 2010-03-16 15:24 -------- d-----w- c:\program files\Common Files\Common Share
2010-03-16 15:24 . 2008-12-18 12:38 719872 ----a-w- c:\windows\system32\devil.dll
2010-03-16 15:24 . 2008-12-18 12:38 351744 ----a-w- c:\windows\system32\avisynth.dll
2010-03-16 15:24 . 2010-03-16 15:24 -------- d-----w- c:\program files\OJOsoft
2010-03-11 08:56 . 2010-03-11 08:56 -------- d-----w- c:\users\Dj Mirente\Games
2010-03-07 10:54 . 2010-03-07 10:54 442368 ----a-w- c:\users\Dj Mirente\ipscan.exe
2010-03-04 07:48 . 2010-03-04 07:48 -------- d-----w- c:\program files\VirtualDJ
2010-03-03 07:58 . 2010-03-03 08:10 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\WebStripper
2010-03-03 07:58 . 2010-03-03 07:58 -------- d-----w- c:\program files\Solent
2010-03-03 07:24 . 2010-03-03 07:24 -------- d-----w- c:\program files\r-cube
2010-02-23 11:57 . 2008-07-10 12:56 107864 ----a-w- c:\windows\system32\tsccvid.dll
2010-02-23 11:57 . 2010-02-23 11:57 -------- d-----w- c:\windows\system32\QuickTime
2010-02-23 11:57 . 2010-02-23 11:57 -------- d-----w- c:\programdata\TechSmith
2010-02-23 11:57 . 2010-02-23 11:57 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2010-02-23 11:57 . 2010-02-23 11:57 -------- d-----w- c:\program files\TechSmith
2010-02-23 11:47 . 2010-02-23 11:50 -------- d-----w- C:\Fraps
2010-02-22 16:32 . 2010-03-22 20:36 -------- d-----w- c:\program files\YRefresher

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-23 13:18 . 2009-12-15 15:35 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\Skype
2010-03-23 13:18 . 2009-12-15 15:51 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\uTorrent
2010-03-23 12:25 . 2009-11-24 19:36 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\XnView
2010-03-23 12:25 . 2009-12-03 08:20 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\Vso
2010-03-23 10:54 . 2010-01-12 18:16 -------- d-----w- c:\program files\Blaze Media Pro
2010-03-23 10:53 . 2010-01-27 22:10 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\vlc
2010-03-23 10:34 . 2009-12-15 15:39 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\skypePM
2010-03-22 13:01 . 2010-02-21 09:39 -------- d-----w- c:\program files\NirSoft
2010-03-22 07:39 . 2009-12-06 20:01 -------- d-----w- c:\program files\Microsoft.NET
2010-03-20 15:10 . 2010-01-12 08:55 -------- d-----w- c:\program files\Sony
2010-03-20 15:05 . 2010-01-12 08:55 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\Sony
2010-03-20 08:24 . 2010-02-14 16:09 -------- d-----w- c:\program files\SpeedFan
2010-03-17 07:37 . 2009-11-27 19:43 -------- d-----w- c:\program files\ImTOO
2010-03-09 07:14 . 2009-11-09 13:22 223560 ----a-w- c:\users\Dj Mirente\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-07 14:51 . 2009-11-09 18:50 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-02 10:42 . 2009-12-15 15:38 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\ICQ
2010-02-23 21:49 . 2010-01-19 14:33 -------- d-----w- c:\program files\ICQ7.0
2010-02-22 16:49 . 2010-02-19 21:38 -------- d-----w- c:\program files\MediaInfo
2010-02-20 12:47 . 2009-11-09 16:18 -------- d-----w- c:\program files\Common Files\Ahead
2010-02-20 12:44 . 2009-11-09 16:18 -------- d-----w- c:\program files\Nero
2010-02-20 12:44 . 2010-02-20 12:30 -------- d-----w- c:\programdata\Nero
2010-02-20 12:32 . 2010-02-20 12:32 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\Nero
2010-02-19 08:26 . 2010-02-07 08:52 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\dvdcss
2010-02-18 17:52 . 2010-02-05 18:32 -------- d-----w- c:\programdata\Google Updater
2010-02-18 13:57 . 2009-11-23 20:35 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\BSplayer PRO
2010-02-13 15:43 . 2010-02-13 15:43 -------- d-----w- c:\users\Dj Mirente\AppData\Roaming\SPORE
2010-02-13 15:06 . 2009-11-09 13:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-11 11:21 . 2009-11-09 17:17 -------- d-----w- c:\programdata\Installations
2010-02-11 11:19 . 2010-02-11 11:19 -------- d-----w- c:\programdata\Nokia
2010-02-09 20:50 . 2010-02-09 20:48 -------- d-----w- c:\program files\CamStudio
2010-02-09 20:49 . 2010-02-09 20:49 1078 ----a-w- c:\windows\system32\unins000.dat
2010-02-09 20:49 . 2010-02-09 20:49 695578 ----a-w- c:\windows\system32\unins000.exe
2010-02-09 17:24 . 2009-12-12 08:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-06 14:12 . 2010-01-03 15:04 -------- d-----w- c:\program files\HighGrow
2010-02-06 08:15 . 2009-11-18 07:55 -------- d-----w- c:\program files\MyVideoConverter
2010-02-05 18:32 . 2009-12-19 15:21 -------- d-----w- c:\program files\Google
2010-02-03 19:52 . 2010-02-03 19:52 -------- d-----w- c:\programdata\WinZip
2010-01-30 18:51 . 2010-01-30 18:51 -------- d-----w- c:\program files\KC Softwares
2010-01-27 22:09 . 2010-01-27 22:09 -------- d-----w- c:\program files\VideoLAN
2010-01-12 08:55 . 2010-01-12 08:55 98 ----a-w- c:\users\Dj Mirente\AppData\Local\fusioncache.dat
2010-01-06 19:23 . 2010-01-06 19:23 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-01-03 14:44 . 2010-01-03 14:44 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-01-03 14:44 . 2010-01-03 14:44 286720 ------w- c:\windows\Setup1.exe
2010-01-02 20:03 . 2010-01-02 20:03 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-01-02 20:03 . 2010-01-02 20:03 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-12-25 17:43 . 2009-12-25 17:43 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2009-12-25 17:43 . 2009-12-25 17:43 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-25 12:38 . 2009-12-25 12:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-05 17:34 . 2009-12-22 16:05 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2009-03-13 1058816]
"HighGrow"="c:\program files\HighGrow\HighGrow.exe" [2005-04-19 1757184]
"Google Update"="c:\users\Dj Mirente\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-09 135664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-05 39408]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2007-07-22 218624]
"Infium"="c:\program files\QIP Infium\infium.exe" [2009-10-08 5662720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"CTHelper"="CTHELPER.EXE" [2009-03-04 19456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 92704]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-25 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

c:\users\Dj Mirente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-13 717296]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2009-03-04 99352]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-09 79360]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2009-03-04 555032]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2009-03-04 100888]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2009-03-04 100888]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2009-03-04 566296]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-01-02 13224]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [2009-09-03 70408]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-11-12 33552]
R3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-09 207792]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-11-12 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-11-12 59664]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2009-10-30 233136]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/11/09 17:40];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-02-28 18:40 87536]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-21 112592]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2009-03-04 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2009-03-04 555032]
S3 ctgame;Game Port;c:\windows\system32\DRIVERS\ctgame.sys [2009-03-04 18840]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2009-03-04 566296]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-05 18:32]

2010-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3915007230-3236664037-1421229897-1000Core.job
- c:\users\Dj Mirente\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-09 20:53]

2010-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3915007230-3236664037-1421229897-1000UA.job
- c:\users\Dj Mirente\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-09 20:53]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: {2673009A-FCB4-4609-AB0B-2E13D1CBC4D7} = 195.146.128.60,195.146.132.59
FF - ProfilePath - c:\users\Dj Mirente\AppData\Roaming\Mozilla\Firefox\Profiles\aszpldio.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine -
FF - component: c:\program files\Mozilla Firefox\components\qippipe.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\users\Dj Mirente\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3915007230-3236664037-1421229897-1000\Software\SecuROM\License information*]
"datasecu"=hex:22,03,69,f9,e0,d6,d8,41,a7,01,f3,fa,89,2c,15,75,74,6a,b5,61,76,
24,fc,74,de,ff,9c,b5,49,aa,21,76,25,52,85,4b,c6,7a,6b,f7,c6,2d,32,61,a9,aa,\
"rkeysecu"=hex:bf,dc,58,de,0a,3b,b9,79,3f,cd,b3,c2,fd,03,f9,70

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1972)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2010-03-23 14:22:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-23 13:22
ComboFix2.txt 2010-03-23 09:15

Pre-Run: 46 042 894 336 bytes free
Post-Run: 45 968 650 240 bytes free

- - End Of File - - C8B25FA799F191FE1F82501B18F9C4A5

[motji]

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky