System tool - znova :)

[Skyro]

Jo do nudzaku by uz nemal byt problem sa dostat, ono sa to dlhsie zasekne, resp nieco robi, a az po chvili spusti win v safemode, ja hlava blba zbrkla som to restartoval a dosel k mylnemu zaveru ze to nejde

AVP tool spustit v nudzovom rezime? Mozem to nechat bezat cez noc, bude odomna nieco potrebovat? A co ta vec s rkillom pri startupe? (Blbost?)

[motji]

Spustte ten avptool, v nouzáku Vám poběží. Rkill nepotřebujete, když se dostanete do nouzového režimu, ale combofix bych zatím vynechala.
Klidně ho nechte pracovat přes noc. Pokud máte opravdu sality, měl by zabrat . Ostatní viry pak domažeme

[Skyro]

Jo ono je ich tam viac, to sa mi bude hned lepsie spat A k tomu sality, myslim, ze on ho avast zmazal. Pri kontrole ked ho nasiel som nastavil aby nemilosrdne mazal vsetky infikovane subory, a vypisal mi ze ho aj zmazal. Teraz by som sa medzitym chcel spytat, co za haved mam vlastne v PC? Mam tam ten System Tool, potom pripadne ten Sality, co dal?

Log z AVPtool dodam rano.

Neskutocne vam (vsetkym!) dakujem za odpovede, taketo uzasne jednanie som snad este nezazil

[motji]

Máte tam toho hodně .

Jinak Sality právě infikuje exe soubory, proto ten Avptool, dokáže to krásně vyčistit.

Pak poprosím o nový log ze Rsitu, prosím nedávejte ho do code, děkuji

[Skyro]

No, takze AVPtool vyzerá že System tool odstranil, System funguje ako pred instalaciou System tool. Problém je, že teraz mi na pc vôbec nejde internet. Ani na windows ani na ubuntu. Pc síce ukazuje striedavo pripojene na internet a pripojenie s zltym vykricnikom. Firefox ani iné prehliadače nefunguju. Divne je, že ICQ (QIP) sa po hodnej chvíli pripojí na sieť (normálne funguje chat). Po ďalšej chvíli sa zase odpoji. iPhone sa na WiFi z routera pripojí, ale nedostane sa na net. Teraz píšem cez 3G na iPhone. Už ma to vážne vytaca.

[Skyro]

Bump, nikdo nič? Mám ešte jeden poznatok, keď chcem nanovo nakonfigurovat router, tak odo mna prilozeny software pýta heslo administratora, aj keď mi to nikdy nerobilo, a je mi to podozrivé. A aj ked zadam správne admin heslo, vyhodí password error.

AVPtool log :

Autoscan: malfunction (events: 4, objects: 0, time: Unknown)
15. 2. 2011 23:57:53 Task started
15. 2. 2011 23:59:58 Detected: HEUR:Trojan.Win32.Generic C:\ProgramData\hMlDiIo14700\hMlDiIo14700.exe
16. 2. 2011 0:00:00 Disinfected: HEUR:Trojan.Win32.Generic HKEY_USERS\S-1-5-21-4042001128-4225508476-1665424053-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\hMlDiIo14700
16. 2. 2011 0:00:00 Disinfected: HEUR:Trojan.Win32.Generic HKEY_USERS\S-1-5-21-4042001128-4225508476-1665424053-
1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\hMlDiIo14700




//takze net fungoval asi 5min, potom spadol, z ničoho nič a za chodu. Icq zatiaľ funguje.

[motji]

Bez logu toho moc nevykoumu

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
-přejmenujte combofix na ruka.com

[Skyro]

Jo tak cfix log po mne zatiaľ nikdo ani nechcel log dodam v edite

[motji]

Já po Vás chtěla log ze Rsitu, ale ted můžete rovnou combofix

[Skyro]

ComboFix 11-02-15.04 - Sprava . 02. 2011 17:11:30.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1033.18.2047.1136 [GMT 1:00]
Running from: c:\users\Sprava\Desktop\ruka.com
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Mama\AppData\Roaming\ccpep.exe
c:\users\Sprava\AppData\Roaming\7za.exe
c:\users\Sprava\AppData\Roaming\ccpep.exe
c:\users\Sprava\AppData\Roaming\desktop.ini
c:\users\Sprava\AppData\Roaming\Microsoft\lsass.exe
c:\users\Sprava\AppData\Roaming\WinInstallMon.exe
c:\users\Sprava\AppData\Roaming\WinPackService.exe
c:\windows\system\Pncrt.dll
c:\windows\system32\2DECE25E44.dll

.
((((((((((((((((((((((((( Files Created from 2011-01-16 to 2011-02-16 )))))))))))))))))))))))))))))))
.

2011-02-16 16:23 . 2011-02-16 16:24 -------- d-----w- c:\users\Sprava\AppData\Local\temp
2011-02-16 16:23 . 2011-02-16 16:23 -------- d-----w- c:\users\Mcx1-SPRAVA-PC\AppData\Local\temp
2011-02-16 16:23 . 2011-02-16 16:23 -------- d-----w- c:\users\Mama\AppData\Local\temp
2011-02-16 16:23 . 2011-02-16 16:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-15 22:54 . 2011-02-16 15:08 -------- d-----w- c:\programdata\Kaspersky Lab
2011-02-15 22:21 . 2011-02-15 22:24 -------- d-----w- c:\program files\trend micro
2011-02-15 22:21 . 2011-02-15 22:24 -------- d-----w- C:\rsit
2011-02-15 13:07 . 2011-02-15 13:07 -------- d-----w- C:\found.000
2011-02-14 14:32 . 2011-02-15 17:11 -------- d-----w- c:\program files\Pontifex
2011-02-14 14:32 . 2011-02-14 14:47 -------- d-----w- c:\program files\Bridge Building Game
2011-02-14 13:12 . 2011-02-16 15:05 29996 ---h--w- c:\users\Sprava\AppData\Roaming\ntuser.dat
2011-02-14 13:12 . 2011-02-14 13:12 -------- d-----w- c:\users\Sprava\AppData\Roaming\xwhyudsr1ktnkz2kznzqkikcjzvrrfat2
2011-02-14 11:41 . 2011-02-14 11:41 -------- d-----w- c:\users\Sprava\AppData\Roaming\kvxocdvqxprddmwydlb1mg3lfqhncdc2
2011-02-14 09:12 . 2011-02-14 09:13 -------- d-----w- c:\program files\WinAce
2011-02-03 16:04 . 1998-10-12 17:28 304128 ----a-w- c:\windows\IsUn0804.exe
2011-02-02 19:06 . 2011-02-02 19:07 -------- d-----w- c:\users\Sprava\AppData\Roaming\GHISLER
2011-02-02 19:06 . 2011-02-02 19:07 -------- d-----w- C:\totalcmd
2011-02-02 19:06 . 2010-12-17 06:56 545 ----a-w- c:\windows\UC.PIF
2011-02-02 19:06 . 2010-12-17 06:56 545 ----a-w- c:\windows\RAR.PIF
2011-02-02 19:06 . 2010-12-17 06:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-02-02 19:06 . 2010-12-17 06:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-02-02 19:06 . 2010-12-17 06:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-02-02 19:06 . 2010-12-17 06:56 545 ----a-w- c:\windows\LHA.PIF
2011-02-02 19:06 . 2010-12-17 06:56 545 ----a-w- c:\windows\ARJ.PIF
2011-01-26 16:48 . 2011-01-26 16:48 -------- d-----w- c:\users\Sprava\AppData\Local\OnLive App
2011-01-26 16:48 . 2011-01-26 16:48 -------- d-----w- c:\users\Sprava\AppData\Roaming\OnLive App
2011-01-26 16:48 . 2011-01-26 16:48 -------- d-----w- c:\program files\OnLive
2011-01-23 18:46 . 2011-01-23 18:46 -------- d-----w- c:\program files\HI-TECH Software
2011-01-22 10:51 . 2011-01-22 10:51 -------- d-----w- c:\programdata\SlySoft
2011-01-20 12:58 . 2011-01-20 12:58 -------- d-----w- c:\program files\Foxit Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-06 09:23 . 2011-01-06 09:23 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-01-05 09:58 . 2010-06-10 13:17 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-26 21:27 . 2010-12-26 21:27 49152 ----a-r- c:\users\Sprava\AppData\Roaming\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
2010-12-24 08:15 . 2010-12-24 08:15 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-12-06 13:58 . 2010-12-06 13:58 2496715 ----a-w- c:\windows\system32\abgx360.exe
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-28 11:22 . 2010-11-27 23:09 18432 ----a-w- c:\windows\srchasst\srchasm.dll
2010-11-26 04:19 . 2010-11-26 04:19 6650368 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-11-26 03:02 . 2010-11-26 03:02 16702976 ----a-w- c:\windows\system32\atioglxx.dll
2010-11-26 02:58 . 2010-11-26 02:58 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-11-26 02:58 . 2009-12-11 20:35 550400 ----a-w- c:\windows\system32\aticfx32.dll
2010-11-26 02:54 . 2010-11-26 02:54 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-11-26 02:54 . 2010-11-26 02:54 393216 ----a-w- c:\windows\system32\atieclxx.exe
2010-11-26 02:54 . 2010-11-26 02:54 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-11-26 02:52 . 2010-11-26 02:52 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-11-26 02:52 . 2010-11-26 02:52 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-11-26 02:52 . 2010-11-26 02:52 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-11-26 02:52 . 2010-11-26 02:52 15872 ----a-w- c:\windows\system32\atimuixx.dll
2010-11-26 02:52 . 2010-11-26 02:52 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-11-26 02:49 . 2009-07-13 22:09 4066816 ----a-w- c:\windows\system32\atidxx32.dll
2010-11-26 02:30 . 2009-06-10 21:19 4122624 ----a-w- c:\windows\system32\atiumdag.dll
2010-11-26 02:30 . 2010-11-26 02:30 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-11-26 02:30 . 2010-11-26 02:30 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-11-26 02:28 . 2010-11-26 02:28 5441024 ----a-w- c:\windows\system32\aticaldd.dll
2010-11-26 02:24 . 2009-12-11 20:11 52736 ----a-w- c:\windows\system32\coinst.dll
2010-11-26 02:22 . 2009-07-13 22:09 3460096 ----a-w- c:\windows\system32\atiumdva.dll
2010-11-26 02:17 . 2010-11-26 02:17 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-11-26 02:16 . 2010-11-26 02:16 27136 ----a-w- c:\windows\system32\atigktxx.dll
2010-11-26 02:16 . 2010-11-26 02:16 231936 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-11-26 02:15 . 2009-12-11 19:50 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2010-11-26 02:15 . 2009-12-11 19:50 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2010-11-26 02:15 . 2010-11-26 02:15 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2006-01-23 09:32 . 2006-01-23 09:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2006-06-07 13:40 . 2006-06-07 13:40 132848 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Infium"="d:\programs\QIP Infium\infium.exe" [2010-03-12 5739472]
"c:\users\Sprava\AppData\Roaming\InstallMon.exe"="c:\users\Sprava\AppData\Roaming\InstallMon.exe" [2010-06-30 36864]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"RGSC"="d:\programs\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
"mssend"="c:\users\Sprava\AppData\Roaming\xwhyudsr1ktnkz2kznzqkikcjzvrrfat2\svcnost.exe" [2011-02-14 86528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 336384]

c:\users\Sprava\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
_uninst_setup_9.0.0.722_16.02.2011_00-19.exe.lnk - c:\users\Sprava\AppData\Local\Temp\_uninst_setup_9.0.0.722_16.02.2011_00-19.exe.bat [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^·ţÎńąÜŔíĆ÷.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\·ţÎńąÜŔíĆ÷.lnk
backup=c:\windows\pss\·ţÎńąÜŔíĆ÷.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Sprava^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Sprava\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Users
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\users\Sprava
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\users\Sprava\AppData
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\users\Sprava\AppData\Roaming

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 02:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-09-18 15:34 205976 ----a-w- d:\programs\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 16:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20 57344 ----a-w- d:\programs\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
2007-06-29 13:03 36864 ----a-w- c:\program files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-02-12 12:50 20480 ----a-w- c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
2005-10-22 22:00 385024 ------w- c:\program files\Syncrosoft\POS\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
2010-03-12 13:20 5739472 ----a-w- d:\programs\QIP Infium\infium.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 16:16 421160 ----a-w- d:\programs\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-12-06 07:31 1910152 ----a-w- d:\programs\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2007-05-11 00:08 2512392 ----a-w- c:\windows\System32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-11-14 13:35 305064 ----a-r- d:\programs\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325]
2006-10-10 12:11 827392 ----a-w- c:\windows\vsnp325.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 14:58 1242448 ----a-w- d:\programs\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 13:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325]
2006-10-10 13:49 270336 ----a-w- c:\windows\tsnp325.exe

S4 50575461;50575461;c:\windows\system32\DRIVERS\50575461.sys [x]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder

2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 19:47]

2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 19:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://flvdirect.iamwired.net/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Sprava\AppData\Roaming\Mozilla\Firefox\Profiles\bdo2u5gz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a ... s:official
FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programs\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - d:\programs\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - d:\programs\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-InstallMon - c:\users\Mama\AppData\Roaming\InstallMon.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-RegCom32 - c:\users\Mama\AppData\Local\Temp\vip.exe
AddRemove-Bus Driver_is1 - c:\program files\Bus Driver\unins000.exe
AddRemove-EAN Barcode Creator V3.1_is1 - c:\program files\Naxter\EAN Barcode Creator\unins000.exe
AddRemove-eLicenser Control - c:\progra~1\ELICEN~1\UNWISE.EXE
AddRemove-ezPower POS Demo 13_is1 - c:\program files\ezPower POS Demo 13\unins000.exe
AddRemove-MegaTrainer XL_is1 - c:\program files\MegaDev\MD-Trainers\MegaTrainer XL\unins000.exe
AddRemove-Pontifex - c:\program files\Pontifex\uninstall.exe
AddRemove-Update Service - c:\program files\Sony Ericsson\Update Service\uninst.exe
AddRemove-{FDB61162-F860-4490-97FE-8E33EF6072D2} - c:\program files\Esperanto\Kurso3\Uninstall.exe
AddRemove-I-Doser v4 - c:\program files\IDoser v4\Uninstal.exe
AddRemove-Lotus Simulations L-39 - d:\games\Microsoft Games\Microsoft Flight Simulator X\Uninstal L-39.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4042001128-4225508476-1665424053-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:97,8c,19,de,ca,33,ca,50,c0,f1,57,f1,fa,66,72,6e,15,cc,9a,88,2a,3e,ba,
e9,37,b3,5d,6c,b0,69,47,62,2c,30,68,ae,57,9b,f1,3d,85,2c,7a,c8,e6,dc,bc,62,\
"??"=hex:b5,5e,67,b3,49,08,72,ad,41,a9,3a,9c,e3,bb,58,83

[HKEY_USERS\S-1-5-21-4042001128-4225508476-1665424053-1001\Software\SecuROM\License information*]
"datasecu"=hex:c6,20,5a,ea,83,32,8c,72,41,45,30,69,ec,4c,53,28,d7,b3,5f,13,a2,
88,3e,05,a7,ae,55,77,4d,f7,84,ce,3d,27,4a,a8,cb,9d,c0,33,eb,42,e9,cc,30,6e,\
"rkeysecu"=hex:b8,07,d5,ab,1e,d1,c2,46,63,01,78,91,7d,01,cc,d8

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-02-16 17:26:37
ComboFix-quarantined-files.txt 2011-02-16 16:26

Pre-Run: 397 983 744 bytes free
Post-Run: 446 078 976 bytes free

- - End Of File - - 487698083A7893021C1F118BA8A736BE

[motji]

Editováno - oprava skriptu



Odinstalujte Avptool

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Folder::
c:\users\Sprava\AppData\Roaming\xwhyudsr1ktnkz2kznzqkikcjzvrrfat2

File::
c:\users\Sprava\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
_uninst_setup_9.0.0.722_16.02.2011_00-19.exe.lnk 
c:\users\Sprava\AppData\Local\Temp\_uninst_setup_9.0.0.722_16.02.2011_00-19.exe.bat
c:\windows\pss\·ţÎńąÜŔíĆ÷.lnk

Collect::
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\·ţÎńąÜŔíĆ÷.lnk
c:\users\Sprava\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk

Registry::
[-HKLM\~\startupfolder\C:^Users^Sprava^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
[-HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mssend"=-
[-HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^·ţÎńąÜŔíĆ÷.lnk]

driver::
50575461

DDS::
uStart Page = hxxp://flvdirect.iamwired.net/

Firefox::
FF - ProfilePath - c:\users\Sprava\AppData\Roaming\Mozilla\Firefox\Profiles\bdo2u5gz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch ... ps&search=
FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch ... ps&search=

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci



Otestujte na http://www.virustotal.com
c:\windows\srchasst\srchasm.dll
C:\users\Sprava\AppData\Roaming\InstallMon.exe
-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.


Tohle znáte?
[HKLM\~\startupfolder\C:^Users^Sprava^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]



Tuto složku znáte?
- c:\users\Sprava\AppData\Local\OnLive App




Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[Skyro]

OneNote 2007 Screen Clipper and Launcher naozaj nepoznam. OnLive poznam, je v poriadku. Idem na to

[motji]

Vydržte minutku, editnu ten skript

[motji]

Hotovo

[Skyro]

Uf, pozde

Spravil som to, ze som nahodil ten zly resp starsi script, a potom si precital toto, a spravil to iste s novym.

Log z noveho scriptu

ComboFix 11-02-15.04 - Sprava . 02. 2011 18:58:47.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1033.18.2047.1293 [GMT 1:00]
Running from: c:\users\Sprava\Desktop\ComboFix.exe
Command switches used :: c:\users\Sprava\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\users\Sprava\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\srchasst\srchasm.dll

.
((((((((((((((((((((((((( Files Created from 2011-01-16 to 2011-02-16 )))))))))))))))))))))))))))))))
.

2011-02-16 18:05 . 2011-02-16 18:05 -------- d-----w- c:\users\Sprava\AppData\Local\temp
2011-02-16 18:05 . 2011-02-16 18:05 -------- d-----w- c:\users\Mcx1-SPRAVA-PC\AppData\Local\temp
2011-02-16 18:05 . 2011-02-16 18:05 -------- d-----w- c:\users\Mama\AppData\Local\temp
2011-02-16 18:05 . 2011-02-16 18:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-16 16:08 . 2011-02-16 16:26 -------- d-----w- C:\ruka
2011-02-15 22:54 . 2011-02-16 15:08 -------- d-----w- c:\programdata\Kaspersky Lab
2011-02-15 22:21 . 2011-02-15 22:24 -------- d-----w- c:\program files\trend micro
2011-02-15 22:21 . 2011-02-15 22:24 -------- d-----w- C:\rsit
2011-02-15 13:07 . 2011-02-15 13:07 -------- d-----w- C:\found.000
2011-02-14 14:32 . 2011-02-15 17:11 -------- d-----w- c:\program files\Pontifex
2011-02-14 14:32 . 2011-02-14 14:47 -------- d-----w- c:\program files\Bridge Building Game
2011-02-14 13:12 . 2011-02-16 15:05 29996 ---h--w- c:\users\Sprava\AppData\Roaming\ntuser.dat
2011-02-14 11:41 . 2011-02-14 11:41 -------- d-----w- c:\users\Sprava\AppData\Roaming\kvxocdvqxprddmwydlb1mg3lfqhncdc2
2011-02-14 09:12 . 2011-02-14 09:13 -------- d-----w- c:\program files\WinAce
2011-02-03 16:04 . 1998-10-12 17:28 304128 ----a-w- c:\windows\IsUn0804.exe
2011-02-02 19:06 . 2011-02-02 19:07 -------- d-----w- c:\users\Sprava\AppData\Roaming\GHISLER
2011-02-02 19:06 . 2011-02-02 19:07 -------- d-----w- C:\totalcmd
2011-02-02 19:06 . 2010-12-17 06:56 545 ----a-w- c:\windows\UC.PIF
2011-02-02 19:06 . 2010-12-17 06:56 545 ----a-w- c:\windows\RAR.PIF
2011-02-02 19:06 . 2010-12-17 06:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-02-02 19:06 . 2010-12-17 06:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-02-02 19:06 . 2010-12-17 06:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-02-02 19:06 . 2010-12-17 06:56 545 ----a-w- c:\windows\LHA.PIF
2011-02-02 19:06 . 2010-12-17 06:56 545 ----a-w- c:\windows\ARJ.PIF
2011-01-26 16:48 . 2011-01-26 16:48 -------- d-----w- c:\users\Sprava\AppData\Local\OnLive App
2011-01-26 16:48 . 2011-01-26 16:48 -------- d-----w- c:\users\Sprava\AppData\Roaming\OnLive App
2011-01-26 16:48 . 2011-01-26 16:48 -------- d-----w- c:\program files\OnLive
2011-01-23 18:46 . 2011-01-23 18:46 -------- d-----w- c:\program files\HI-TECH Software
2011-01-22 10:51 . 2011-01-22 10:51 -------- d-----w- c:\programdata\SlySoft
2011-01-20 12:58 . 2011-01-20 12:58 -------- d-----w- c:\program files\Foxit Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-06 09:23 . 2011-01-06 09:23 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-01-05 09:58 . 2010-06-10 13:17 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-26 21:27 . 2010-12-26 21:27 49152 ----a-r- c:\users\Sprava\AppData\Roaming\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
2010-12-24 08:15 . 2010-12-24 08:15 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-12-06 13:58 . 2010-12-06 13:58 2496715 ----a-w- c:\windows\system32\abgx360.exe
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-26 04:19 . 2010-11-26 04:19 6650368 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-11-26 03:02 . 2010-11-26 03:02 16702976 ----a-w- c:\windows\system32\atioglxx.dll
2010-11-26 02:58 . 2010-11-26 02:58 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-11-26 02:58 . 2009-12-11 20:35 550400 ----a-w- c:\windows\system32\aticfx32.dll
2010-11-26 02:54 . 2010-11-26 02:54 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-11-26 02:54 . 2010-11-26 02:54 393216 ----a-w- c:\windows\system32\atieclxx.exe
2010-11-26 02:54 . 2010-11-26 02:54 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-11-26 02:52 . 2010-11-26 02:52 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-11-26 02:52 . 2010-11-26 02:52 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-11-26 02:52 . 2010-11-26 02:52 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-11-26 02:52 . 2010-11-26 02:52 15872 ----a-w- c:\windows\system32\atimuixx.dll
2010-11-26 02:52 . 2010-11-26 02:52 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-11-26 02:49 . 2009-07-13 22:09 4066816 ----a-w- c:\windows\system32\atidxx32.dll
2010-11-26 02:30 . 2009-06-10 21:19 4122624 ----a-w- c:\windows\system32\atiumdag.dll
2010-11-26 02:30 . 2010-11-26 02:30 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-11-26 02:30 . 2010-11-26 02:30 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-11-26 02:28 . 2010-11-26 02:28 5441024 ----a-w- c:\windows\system32\aticaldd.dll
2010-11-26 02:24 . 2009-12-11 20:11 52736 ----a-w- c:\windows\system32\coinst.dll
2010-11-26 02:22 . 2009-07-13 22:09 3460096 ----a-w- c:\windows\system32\atiumdva.dll
2010-11-26 02:17 . 2010-11-26 02:17 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-11-26 02:16 . 2010-11-26 02:16 27136 ----a-w- c:\windows\system32\atigktxx.dll
2010-11-26 02:16 . 2010-11-26 02:16 231936 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-11-26 02:15 . 2009-12-11 19:50 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2010-11-26 02:15 . 2009-12-11 19:50 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2010-11-26 02:15 . 2010-11-26 02:15 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2006-01-23 09:32 . 2006-01-23 09:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2006-06-07 13:40 . 2006-06-07 13:40 132848 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Infium"="d:\programs\QIP Infium\infium.exe" [2010-03-12 5739472]
"c:\users\Sprava\AppData\Roaming\InstallMon.exe"="c:\users\Sprava\AppData\Roaming\InstallMon.exe" [2010-06-30 36864]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"RGSC"="d:\programs\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 336384]

c:\users\Sprava\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
_uninst_setup_9.0.0.722_16.02.2011_00-19.exe.lnk - c:\users\Sprava\AppData\Local\Temp\_uninst_setup_9.0.0.722_16.02.2011_00-19.exe.bat [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 02:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-09-18 15:34 205976 ----a-w- d:\programs\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 16:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20 57344 ----a-w- d:\programs\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
2007-06-29 13:03 36864 ----a-w- c:\program files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-02-12 12:50 20480 ----a-w- c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
2005-10-22 22:00 385024 ------w- c:\program files\Syncrosoft\POS\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
2010-03-12 13:20 5739472 ----a-w- d:\programs\QIP Infium\infium.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 16:16 421160 ----a-w- d:\programs\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-12-06 07:31 1910152 ----a-w- d:\programs\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2007-05-11 00:08 2512392 ----a-w- c:\windows\System32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-11-14 13:35 305064 ----a-r- d:\programs\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325]
2006-10-10 12:11 827392 ----a-w- c:\windows\vsnp325.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 14:58 1242448 ----a-w- d:\programs\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 13:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325]
2006-10-10 13:49 270336 ----a-w- c:\windows\tsnp325.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FStarForce;FStarForce;c:\windows\system32\DRIVERS\FStarForce.sys [2009-07-13 9216]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-04-06 13224]
R3 GGSAFERDriver;GGSAFER Driver;d:\programs\Garena\safedrv.sys [x]
R3 LLRING0;LLRING0;d:\games\NationMU\NationMU\NationMU Season5 Client\MuGuard\llck3.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys [2007-03-07 10260864]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-06-25 100496]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-06-25 31632]
R4 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [x]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 136176]
R4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;d:\programs\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-24 691696]
S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [2010-07-03 2911848]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-06-25 142992]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-06-25 41936]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 176128]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-30 2222376]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 6650368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 231936]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-07-13 27632]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-06-25 111312]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder

2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 19:47]

2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 19:47]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Sprava\AppData\Roaming\Mozilla\Firefox\Profiles\bdo2u5gz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a ... s:official
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programs\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - d:\programs\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - d:\programs\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4042001128-4225508476-1665424053-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:97,8c,19,de,ca,33,ca,50,c0,f1,57,f1,fa,66,72,6e,15,cc,9a,88,2a,3e,ba,
e9,37,b3,5d,6c,b0,69,47,62,2c,30,68,ae,57,9b,f1,3d,85,2c,7a,c8,e6,dc,bc,62,\
"??"=hex:b5,5e,67,b3,49,08,72,ad,41,a9,3a,9c,e3,bb,58,83

[HKEY_USERS\S-1-5-21-4042001128-4225508476-1665424053-1001\Software\SecuROM\License information*]
"datasecu"=hex:c6,20,5a,ea,83,32,8c,72,41,45,30,69,ec,4c,53,28,d7,b3,5f,13,a2,
88,3e,05,a7,ae,55,77,4d,f7,84,ce,3d,27,4a,a8,cb,9d,c0,33,eb,42,e9,cc,30,6e,\
"rkeysecu"=hex:b8,07,d5,ab,1e,d1,c2,46,63,01,78,91,7d,01,cc,d8

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-02-16 19:06:39
ComboFix-quarantined-files.txt 2011-02-16 18:06
ComboFix2.txt 2011-02-16 17:53
ComboFix3.txt 2011-02-16 16:26

Pre-Run: 459 362 304 bytes free
Post-Run: 400 728 064 bytes free

- - End Of File - - FF4D033888E0577AD7D2480DB8E4E5BB




Ak bude treba dodam aj stary, ak mi poradite kde ho najdem