VIRY.CZ

Zabalte komplet vsechny a uploadnete je v jednom raru

vsetky LOGy
http://www.ulozto.sk/10945256/logy-rar

heslo je 123456

vsetky logy su v prilohe..

Na rucni mazani je toho dost a OTL by asi vse nezvladl smazat, takze pouzijem neco silnejsiho

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

tak som dokoncil combofix, ale az na druhý pokus. prvý krat som zabudol vypnut avast a vypol som ho az potom, ked ma na to kombofix upozornil. tak potom som combofix spustil este raz. skenovanie v tom druhom pripade uz prebehlo rychlejsie.
combofix.txt subor z prveho skenovania mozem v pripade potreby poslat tiez.

ComboFix 11-11-10.03 - Administrator . 11. 2011 23:29:15.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.511.172 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Panda Cloud Antivirus *Disabled/Updated* {3C6467D5-0CB7-4322-B2CA-E08614E5D9B5}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-10 to 2011-11-10 )))))))))))))))))))))))))))))))
.
.
2011-11-09 17:23 . 2011-11-09 17:23 -------- d-s---w- c:\documents and settings\Administrator\UserData
2011-11-09 17:21 . 2011-11-09 17:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Hewlett-Packard
2011-11-09 15:03 . 2011-11-09 18:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitMeter2
2011-11-09 15:02 . 2011-11-09 15:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2011-11-09 14:42 . 2011-11-09 14:42 233469 ----a-w- c:\windows\CQPhone Uninstaller.exe
2011-11-09 14:42 . 2011-11-09 14:42 -------- d-----w- c:\program files\CQPhone
2011-11-09 11:14 . 2011-11-09 15:16 512 ----a-w- C:\PhysicalMBR.bin
2011-11-09 10:56 . 2011-11-09 10:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\STDUViewer
2011-11-08 20:23 . 2011-11-08 20:48 -------- d-----w- C:\rsit
2011-11-08 15:14 . 2003-08-19 11:36 65536 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2011-11-08 15:14 . 2003-08-19 11:36 65536 ----a-w- c:\windows\system32\Audio3D.dll
2011-11-08 15:14 . 2003-08-19 11:36 65536 ----a-w- c:\windows\system32\a3d.dll
2011-11-07 10:31 . 2011-11-07 10:31 -------- d-----w- c:\program files\BSPlayer
2011-11-07 10:12 . 2011-11-07 10:13 -------- d-----w- c:\program files\DivX
2011-11-07 10:06 . 2011-11-07 10:06 -------- d-----r- c:\program files\Kartotéka
2011-11-05 20:45 . 2011-11-05 20:55 -------- d-----w- c:\program files\HijackThis.HJT
2011-11-04 13:20 . 2011-09-09 17:23 2469760 ----a-w- c:\windows\system32\BootMan.exe
2011-11-04 13:20 . 2011-07-29 12:54 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
2011-11-04 13:20 . 2011-07-29 12:54 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2011-11-04 13:20 . 2011-07-29 12:54 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2011-11-04 13:20 . 2011-07-29 12:54 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2011-11-04 13:20 . 2011-11-04 13:20 -------- d-----w- c:\program files\EASEUS
2011-11-04 11:16 . 2011-11-04 11:16 -------- d-----w- c:\program files\HD Tune
2011-11-04 11:09 . 2011-11-04 11:09 -------- d-----w- c:\program files\FreshDevices
2011-11-03 16:03 . 2011-11-03 16:03 -------- d-----w- c:\program files\Common Files\Apple
2011-11-03 16:03 . 2011-11-03 16:03 -------- d-----w- c:\program files\Apple Software Update
2011-11-03 16:03 . 2011-11-03 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-23 09:42 . 2011-10-23 09:42 -------- d-----w- c:\program files\Common Files\Java
2011-10-19 05:55 . 2011-10-24 10:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedUpToolbar
2011-10-19 05:55 . 2011-10-19 05:55 -------- d-----w- c:\program files\SpeedUpToolbar
2011-10-19 05:53 . 2011-10-19 05:53 -------- d-----w- c:\program files\Microsoft Silverlight
2011-10-18 06:26 . 2003-07-16 12:27 43264 ------w- c:\windows\system32\drivers\ser2pl.sys
2011-10-16 09:16 . 2003-06-02 01:19 45056 ----a-r- c:\windows\system32\usbmonit.exe
2011-10-16 09:16 . 2003-05-21 01:27 139264 ----a-r- c:\windows\system32\geneicon.dll
2011-10-16 09:16 . 2003-03-07 03:52 36864 ----a-r- c:\windows\system32\deluidrv.exe
2011-10-16 09:16 . 2002-03-05 02:10 32768 ----a-r- c:\windows\system32\delentry.exe
2011-10-16 09:16 . 2003-06-02 01:31 24720 ----a-r- c:\windows\system32\drivers\geneuide.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-08 16:53 . 2010-11-19 15:42 60 ----a-w- c:\windows\rafazon.bat
2011-10-03 03:06 . 2010-11-02 10:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2011-07-27 20:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-06 20:45 . 2010-11-19 16:34 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-11-19 16:34 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-05-05 06:17 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2010-11-19 16:35 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-11-19 16:35 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-11-19 16:35 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-11-19 16:35 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2010-11-19 16:35 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2010-11-19 16:35 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2010-11-19 16:35 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-31 15:00 . 2010-09-17 08:38 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2001-07-22 19:29 . 2008-02-26 20:31 351744 ----a-w- c:\program files\Salamander.exe
1998-06-17 12:42 . 2010-01-26 08:17 602624 ----a-w- c:\program files\w95sstv.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D52B2CA-C02E-4EC1-8E80-0A5CD2A640BD}]
2011-09-08 02:49 2372696 ----a-w- c:\program files\SpeedUpToolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-10-18 15:28 1485112 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-10-18 1485112]
"{005B8FC3-0F7E-45DD-8A2F-E352D67EDBFC}"= "c:\program files\SpeedUpToolbar\IEToolbar.dll" [2011-09-08 2372696]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{005b8fc3-0f7e-45dd-8a2f-e352d67edbfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2010-12-03 141368]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-10-13 111928]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 67584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2009-6-21 1462272]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bitmeter2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bitmeter2.lnk
backup=c:\windows\pss\Bitmeter2.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Topcom Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Topcom Wireless LAN Utility.lnk
backup=c:\windows\pss\Topcom Wireless LAN Utility.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-03 22:56 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2000-06-26 15:22 905216 ----a-r- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-04 21:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2007-05-10 11:18 835584 ----a-w- c:\windows\vsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-01-05 10:31 424448 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-06-18 08:31 67584 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2007-04-21 07:32 270336 ----a-w- c:\windows\tsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
2006-08-09 13:27 36864 ------w- c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
"wuauserv"=2 (0x2)
"SpyEmrgSrv"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5. 5. 2011 7:17 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19. 11. 2010 17:35 320856]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14. 4. 2010 10:28 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19. 11. 2010 17:35 20568]
R2 OkiPar;OkiPar;c:\windows\system32\drivers\OkiPar.Sys [2. 10. 2001 10:54 40192]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [25. 9. 2009 16:10 27632]
S1 456f9f9e;456f9f9e;c:\windows\system32\drivers\456f9f9e.sys [4. 4. 2009 19:21 0]
S2 xwoarh;xwoarh;\??\c:\windows\system32\Drivers\xwoarh.sys --> c:\windows\system32\Drivers\xwoarh.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [4. 11. 2011 14:20 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [4. 11. 2011 14:20 8456]
S3 FlarionDTM;Flarion DTM Network Interface;c:\windows\system32\drivers\FlrnDTM.sys [4. 12. 2008 18:33 24706]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [20. 11. 2010 20:49 13224]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [27. 2. 2010 13:17 19034]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [31. 7. 2009 18:24 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [31. 7. 2009 18:24 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [31. 7. 2009 18:24 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [31. 7. 2009 18:24 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [31. 7. 2009 18:24 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [31. 7. 2009 18:24 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [31. 7. 2009 18:24 109736]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [4. 12. 2008 22:31 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [4. 12. 2008 22:34 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [4. 12. 2008 22:34 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [4. 12. 2008 22:38 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [4. 12. 2008 22:45 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [4. 12. 2008 22:37 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [4. 12. 2008 22:40 110120]
S3 se26nd3;Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (NDIS);c:\windows\system32\drivers\se26nd3.sys [14. 11. 2009 13:52 18208]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [1. 2. 2011 10:28 155344]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19. 11. 2010 20:20 135664]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://home.sweetim.com
TCP: Interfaces\{DE0F6CE3-562F-4790-A186-468AE3F02BA4}: NameServer = 194.154.230.80,195.91.78.80
Handler: speeduptoolbar - {A59E71FA-63AB-4695-B7B0-7B97BAA3CF9E} - c:\program files\SpeedUpToolbar\IEToolbar.dll
FF - ProfilePath -
.
.
------- File Associations -------
.
.txt=STDUViewerFile.TXT
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-10 23:40
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(4004)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-11-10 23:44:46
ComboFix-quarantined-files.txt 2011-11-10 22:44
.
Pre-Run: 6 991 220 736 bytes free
Post-Run: 6 970 331 136 voľných bajtov
.
- - End Of File - - 906E07B0A781941AD0B0C2955D7E4A11

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Folder::
c:\documents and settings\All Users\Application Data\SpeedUpToolbar
c:\program files\SpeedUpToolbar
c:\program files\SweetIM

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D52B2CA-C02E-4EC1-8E80-0A5CD2A640BD}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
"{005B8FC3-0F7E-45DD-8A2F-E352D67EDBFC}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[-HKEY_CLASSES_ROOT\clsid\{005b8fc3-0f7e-45dd-8a2f-e352d67edbfc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"SweetIM"=-
"SunJavaUpdateSched"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]$

Collect::
c:\windows\system32\drivers\456f9f9e.sys
c:\windows\system32\Drivers\xwoarh.sys

Driver::
456f9f9e
xwoarh
SetupNTGLM7X
gupdate
gupdatem

File::
c:\windows\Tasks\AppleSoftwareUpdate.job

DDS::
mStart Page = hxxp://home.sweetim.com
Handler: speeduptoolbar - {A59E71FA-63AB-4695-B7B0-7B97BAA3CF9E} - c:\program files\SpeedUpToolbar\IEToolbar.dll

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

posielam uvedený log. len pri restarte nastal problem s avastom. pri skenovani som ho vypol, ale pri restarte sa znova spustil a nejaký subor z kombofixu sa nepodarilo spustit. ja som ho potom vypol, ale neviem ci uz nebolo neskoro.

ComboFix 11-11-10.03 - Administrator . 11. 2011 16:40:26.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.511.194 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Panda Cloud Antivirus *Disabled/Updated* {3C6467D5-0CB7-4322-B2CA-E08614E5D9B5}
.
FILE ::
"c:\windows\Tasks\AppleSoftwareUpdate.job"
.
file zipped: c:\windows\system32\drivers\456f9f9e.sys
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\SpeedUpToolbar
c:\documents and settings\All Users\Application Data\SpeedUpToolbar\cache\cu_406b53c3bab9ac80.cache
c:\documents and settings\All Users\Application Data\SpeedUpToolbar\IEToolbar.dll
c:\documents and settings\All Users\Application Data\SpeedUpToolbar\Languages\en.ini
c:\documents and settings\All Users\Application Data\SpeedUpToolbar\Languages\languages.cfg
c:\program files\SpeedUpToolbar
c:\program files\SpeedUpToolbar\Firefox\sp.xml
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\components\autocomplete.js
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\components\facebook.js
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\components\IGeared_speedupp_xputils.xpt
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\components\IGeared_speedupp_xputils3.dll
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\components\IGeared_speedupp_xputils35.dll
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\components\notifications.js
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\components\sp.js
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\components\utils.dll
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\components\utilsobj.js
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome.manifest
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\autocomplete-popup.xml
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\config.xml
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\contexthtml.xul
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\custom.js
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\about.htm
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\bubble_AB.htm
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\bubble_ABSearch.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\bubble_arrow.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\bubble_bottom_shadow.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\bubble_confirm.htm
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\bubble_confirmEmail.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\bubble_confirmFacebook.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\bubble_confirmCheckbox.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\bubble_confirmIco_fb.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\bubble_confirmIco_notifier.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\bubble_confirmIco_weather.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\bubble_confirmTbr.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\bubble_logo.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\bubble_search.htm
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\bubble_searchSearchBox.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\bubble_style.css
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\bubble_top_shadow.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\deletehistory_processing.htm
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\emailchecker_config.htm
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\emailchecker_notifier.htm
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\emailchecker_notifierBackground.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\emailchecker_notifierBullet.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\emailchecker_notifierClose.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\emailchecker_notifierDown.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\emailchecker_notifierDownActive.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\emailchecker_notifierDownDisabled.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\emailchecker_notifierIco.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\emailchecker_notifierNext.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\emailchecker_notifierNextActive.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\emailchecker_notifierNextDisabled.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\emailchecker_notifierPrevious.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\emailchecker_notifierPreviousActive.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\emailchecker_notifierPreviousDisabled.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\emailchecker_notifierScrollbar.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\emailchecker_notifierSettings.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\emailchecker_notifierUp.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\emailchecker_notifierUpActive.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\emailchecker_notifierUpDisabled.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\Facebook_config.htm
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\Facebook_error.htm
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\facebook_logo.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\Facebook_notifier.htm
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\Facebook_notifierIco.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\Facebook_status.htm
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\facebook_style.css
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\facebook_textbox.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\Facebook_user.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\icoUBAccess.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\icoUBCalc.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\icoUBExcel.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\icoUBExplorer.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\icoUBMediaPlayer.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\icoUBNotepad.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\icoUBOutlook.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\icoUBOutlookExpress.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\icoUBPaint.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\icoUBPowerPoint.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\icoUBSkype.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\icoUBWord.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\rssreader_!backgroundGrey.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\rssreader_!backgroundRed.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\rssreader_!bullet.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\rssreader_!close.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\rssreader_!icoiDNES.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\rssreader_!icoRead.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\rssreader_!icoRSS.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\rssreader_!icoSimple.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\rssreader_!icoUnread.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\rssreader_!logo.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\rssreader_!settings.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\rssreader_!tabHilighted.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\rssreader_advanced.css
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\rssreader_advanced.htm
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\rssreader_config.htm
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\rssreader_simple.htm
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\settings_askdialog.htm
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\settings_background.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\settings_closedialog.htm
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\settings_checkboxdialog.htm
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\settings_icohelp.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\settings_loading.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\settings_logo.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\settings_main.htm
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\settings_menu1.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\settings_menu2.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\settings_menu3.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\settings_menu4.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\settings_style.css
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\tabswelcome.htm
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\tabswelcome_button.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\tabswelcome_button_hilight.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\tabswelcome_ie7footer.htm
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\tabswelcome_ie7header.htm
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\tabswelcome_ie8footer.htm
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\tabswelcome_ie8header.htm
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\tbapi.js
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\toolbarprotector_window.htm
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\updater_error.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\updater_ok.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\updater_processing.htm
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\weather_bg.gif
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\weather_error.htm
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\weather_img.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\html\weather_x.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\htmlwindow.xul
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\imageButton.xml
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\libs\include.js
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\libs\include_lite.js
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\marquee.xml
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\overlay.js
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\overlay.xul
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\content\srp.xml
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\icons\default\IGeared_speedupp_htmlwindow.ico
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\contexthtml.css
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\dragdrop.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\emailchecker_icoEmail.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\emailchecker_icoEmailNew.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\gripper.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\chevron.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoFacebook_facebook.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoFacebook_FriendReq.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoFacebook_messages.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoFacebook_pokes.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoGoButtonBG.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoHelp1.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoHomepage.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoInfo1.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoOptions.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoRSS.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoRSSBlue.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoRSSGray.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoRSSGreen.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoSpeed.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoTrash.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoUBAccess.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoUBCalc.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoUBExcel.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoUBExplorer.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoUBMediaPlayer.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoUBNotepad.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoUBOutlook.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoUBOutlookExpress.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoUBPaint.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoUBPowerPoint.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoUBSkype.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoUBWord.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoUpdate.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\icoWeather.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\logo.ico
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\logo.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\overlay.css
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\rssreader_!icoRead.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\rssreader_!icoUnread.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\Search_provider_drop.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\searchProvider.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\settings_icon.ico
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\slider.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\spImages.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\spLocal.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\spMapy.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\spSearch.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\spShopping.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\spVideo.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\spWiki.png
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\chrome\skin\toolbarprotector_icon.ico
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\install.rdf
c:\program files\SpeedUpToolbar\Firefox\SpeedUp@igeared\xpfunc.dll
c:\program files\SpeedUpToolbar\IE8Lib.dll
c:\program files\SpeedUpToolbar\IEToolbar.dll
c:\program files\SpeedUpToolbar\ToolbarBroker.exe
c:\program files\SpeedUpToolbar\unins000.dat
c:\program files\SpeedUpToolbar\unins000.exe
c:\program files\SweetIM
c:\program files\SweetIM\Messenger\default.xml
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\SweetIM\Messenger\mgAIMAuto.dll
c:\program files\SweetIM\Messenger\mgAIMMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgArchive.dll
c:\program files\SweetIM\Messenger\mgcommon.dll
c:\program files\SweetIM\Messenger\mgcommunication.dll
c:\program files\SweetIM\Messenger\mgconfig.dll
c:\program files\SweetIM\Messenger\mgFlashPlayer.dll
c:\program files\SweetIM\Messenger\mghooking.dll
c:\program files\SweetIM\Messenger\mgICQAuto.dll
c:\program files\SweetIM\Messenger\mgICQMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgIEPlayer.dll
c:\program files\SweetIM\Messenger\mglogger.dll
c:\program files\SweetIM\Messenger\mgMediaPlayer.dll
c:\program files\SweetIM\Messenger\mgMsnAuto.dll
c:\program files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
c:\program files\SweetIM\Messenger\mgsimcommon.dll
c:\program files\SweetIM\Messenger\mgSweetIM.dll
c:\program files\SweetIM\Messenger\mgUpdateSupport.dll
c:\program files\SweetIM\Messenger\mgxml_wrapper.dll
c:\program files\SweetIM\Messenger\mgYahooAuto.dll
c:\program files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
c:\program files\SweetIM\Messenger\msvcp71.dll
c:\program files\SweetIM\Messenger\msvcr71.dll
c:\program files\SweetIM\Messenger\resources\images\AudibleButton.png
c:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
c:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png
c:\program files\SweetIM\Messenger\resources\images\GamesButton.png
c:\program files\SweetIM\Messenger\resources\images\KeyboardButton.png
c:\program files\SweetIM\Messenger\resources\images\NudgeButton.png
c:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png
c:\program files\SweetIM\Messenger\resources\images\WinksButton.png
c:\program files\SweetIM\Messenger\SweetIM.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\default.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\mghooking.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\about.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dating.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\find.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\games.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\help.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\music.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\news.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\options.html
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\photos.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\version.txt
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\video.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_SETUPNTGLM7X
-------\Legacy_xwoarh
-------\Service_456f9f9e
-------\Service_gupdate
-------\Service_SetupNTGLM7X
-------\Service_xwoarh
.
.
((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 )))))))))))))))))))))))))))))))
.
.
2011-11-09 17:23 . 2011-11-09 17:23 -------- d-s---w- c:\documents and settings\Administrator\UserData
2011-11-09 17:21 . 2011-11-09 17:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Hewlett-Packard
2011-11-09 15:03 . 2011-11-09 18:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitMeter2
2011-11-09 15:02 . 2011-11-09 15:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2011-11-09 14:42 . 2011-11-09 14:42 233469 ----a-w- c:\windows\CQPhone Uninstaller.exe
2011-11-09 14:42 . 2011-11-09 14:42 -------- d-----w- c:\program files\CQPhone
2011-11-09 11:14 . 2011-11-09 15:16 512 ----a-w- C:\PhysicalMBR.bin
2011-11-09 10:56 . 2011-11-09 10:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\STDUViewer
2011-11-08 20:23 . 2011-11-08 20:48 -------- d-----w- C:\rsit
2011-11-08 15:14 . 2003-08-19 11:36 65536 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2011-11-08 15:14 . 2003-08-19 11:36 65536 ----a-w- c:\windows\system32\Audio3D.dll
2011-11-08 15:14 . 2003-08-19 11:36 65536 ----a-w- c:\windows\system32\a3d.dll
2011-11-07 10:31 . 2011-11-07 10:31 -------- d-----w- c:\program files\BSPlayer
2011-11-07 10:12 . 2011-11-07 10:13 -------- d-----w- c:\program files\DivX
2011-11-07 10:06 . 2011-11-07 10:06 -------- d-----r- c:\program files\Kartotéka
2011-11-05 20:45 . 2011-11-05 20:55 -------- d-----w- c:\program files\HijackThis.HJT
2011-11-04 13:20 . 2011-09-09 17:23 2469760 ----a-w- c:\windows\system32\BootMan.exe
2011-11-04 13:20 . 2011-07-29 12:54 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
2011-11-04 13:20 . 2011-07-29 12:54 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2011-11-04 13:20 . 2011-07-29 12:54 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2011-11-04 13:20 . 2011-07-29 12:54 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2011-11-04 13:20 . 2011-11-04 13:20 -------- d-----w- c:\program files\EASEUS
2011-11-04 11:16 . 2011-11-04 11:16 -------- d-----w- c:\program files\HD Tune
2011-11-04 11:09 . 2011-11-04 11:09 -------- d-----w- c:\program files\FreshDevices
2011-11-03 16:03 . 2011-11-03 16:03 -------- d-----w- c:\program files\Common Files\Apple
2011-11-03 16:03 . 2011-11-03 16:03 -------- d-----w- c:\program files\Apple Software Update
2011-11-03 16:03 . 2011-11-03 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-23 09:42 . 2011-10-23 09:42 -------- d-----w- c:\program files\Common Files\Java
2011-10-22 21:02 . 2011-10-22 21:02 -------- d-----w- c:\documents and settings\Admin\temp
2011-10-19 05:53 . 2011-10-19 05:53 -------- d-----w- c:\program files\Microsoft Silverlight
2011-10-18 06:26 . 2003-07-16 12:27 43264 ------w- c:\windows\system32\drivers\ser2pl.sys
2011-10-16 09:16 . 2003-06-02 01:19 45056 ----a-r- c:\windows\system32\usbmonit.exe
2011-10-16 09:16 . 2003-05-21 01:27 139264 ----a-r- c:\windows\system32\geneicon.dll
2011-10-16 09:16 . 2003-03-07 03:52 36864 ----a-r- c:\windows\system32\deluidrv.exe
2011-10-16 09:16 . 2002-03-05 02:10 32768 ----a-r- c:\windows\system32\delentry.exe
2011-10-16 09:16 . 2003-06-02 01:31 24720 ----a-r- c:\windows\system32\drivers\geneuide.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-08 16:53 . 2010-11-19 15:42 60 ----a-w- c:\windows\rafazon.bat
2011-10-03 03:06 . 2010-11-02 10:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2011-07-27 20:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-06 20:45 . 2010-11-19 16:34 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-11-19 16:34 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-05-05 06:17 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2010-11-19 16:35 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-11-19 16:35 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-11-19 16:35 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-11-19 16:35 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2010-11-19 16:35 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2010-11-19 16:35 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2010-11-19 16:35 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-31 15:00 . 2010-09-17 08:38 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2001-07-22 19:29 . 2008-02-26 20:31 351744 ----a-w- c:\program files\Salamander.exe
1998-06-17 12:42 . 2010-01-26 08:17 602624 ----a-w- c:\program files\w95sstv.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-10_22.17.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-11 15:56 . 2011-11-11 15:56 16384 c:\windows\temp\Perflib_Perfdata_130.dat
- 2010-12-31 20:17 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\a4c8b51fef38872a7ec62d0a40ca147c\update\spcustom.dll
- 2010-12-31 20:17 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\a4c8b51fef38872a7ec62d0a40ca147c\spmsg.dll
- 2010-12-31 20:17 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\a4c8b51fef38872a7ec62d0a40ca147c\update\updspapi.dll
- 2010-12-31 20:17 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\a4c8b51fef38872a7ec62d0a40ca147c\update\update.exe
- 2010-12-31 20:17 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\a4c8b51fef38872a7ec62d0a40ca147c\spuninst.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2010-12-03 141368]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 67584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2009-6-21 1462272]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bitmeter2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bitmeter2.lnk
backup=c:\windows\pss\Bitmeter2.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Topcom Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Topcom Wireless LAN Utility.lnk
backup=c:\windows\pss\Topcom Wireless LAN Utility.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-03 22:56 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2000-06-26 15:22 905216 ----a-r- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-04 21:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2007-05-10 11:18 835584 ----a-w- c:\windows\vsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-01-05 10:31 424448 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-06-18 08:31 67584 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2007-04-21 07:32 270336 ----a-w- c:\windows\tsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
2006-08-09 13:27 36864 ------w- c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
"wuauserv"=2 (0x2)
"SpyEmrgSrv"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5.5.2011 7:17 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19.11.2010 17:35 320856]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 10:28 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.11.2010 17:35 20568]
R2 OkiPar;OkiPar;c:\windows\system32\drivers\OkiPar.Sys [2.10.2001 10:54 40192]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [25.9.2009 16:10 27632]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [4.11.2011 14:20 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [4.11.2011 14:20 8456]
S3 FlarionDTM;Flarion DTM Network Interface;c:\windows\system32\drivers\FlrnDTM.sys [4.12.2008 18:33 24706]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [20.11.2010 20:49 13224]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [27.2.2010 13:17 19034]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [31.7.2009 18:24 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [31.7.2009 18:24 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [31.7.2009 18:24 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [31.7.2009 18:24 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [31.7.2009 18:24 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [31.7.2009 18:24 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [31.7.2009 18:24 109736]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [4.12.2008 22:31 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [4.12.2008 22:34 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [4.12.2008 22:34 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [4.12.2008 22:38 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [4.12.2008 22:45 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [4.12.2008 22:37 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [4.12.2008 22:40 110120]
S3 se26nd3;Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (NDIS);c:\windows\system32\drivers\se26nd3.sys [14.11.2009 13:52 18208]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [1.2.2011 10:28 155344]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9eeda45-a457-11dc-8559-806d6172696f}]
\Shell\AutoRun\command - F:\Mlv.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.igeared.com/dispatcher.aspx?i=63
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.91.0.17 194.154.227.17
TCP: Interfaces\{DE0F6CE3-562F-4790-A186-468AE3F02BA4}: NameServer = 194.154.230.80,195.91.78.80
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\a0e17hkh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{005B8FC3-0F7E-45DD-8A2F-E352D67EDBFC} - (no file)
AddRemove-SpeedUp Toolbar_is1 - c:\program files\SpeedUpToolbar\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-11 16:58
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2956)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\StkASv2K.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-11-11 17:04:42 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-11 16:04
ComboFix2.txt 2011-11-10 22:44
.
Pre-Run: 6 852 653 056 bytes free
Post-Run: 6 723 567 616 voľných bajtov
.
- - End Of File - - A10D56267BE4A6E5111E1AF681E2511C

nemal by som to spustit este raz?

Neni treba, CF udelal co mel a odryla se dalsi havet a zavadne radky

Takze jeste jeden skript - postup stejny

Kód: Vybrat vše

KillAll::

DDS::
uStart Page = hxxp://search.igeared.com/dispatcher.aspx?i=63
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Firefox::
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\a0e17hkh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}

File::
c:\windows\Tasks\AppleSoftwareUpdate.job

Reboot::

pc sa niekolko krat restartoval a potom sa uz zmenilo prihlasenie ako administrator na nastavenie obycajny uzivatel. a tak isto to bolo aj s avastom. po restarte sa zapol a uz som do toho nezasahoval.

ComboFix 11-11-12.02 - Admin 12.11.2011 10:47:21.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.511.226 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Panda Cloud Antivirus *Disabled/Updated* {3C6467D5-0CB7-4322-B2CA-E08614E5D9B5}
.
FILE ::
"c:\windows\Tasks\AppleSoftwareUpdate.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\Application Data\64dlls.exe
c:\documents and settings\Admin\Application Data\intel64.exe
c:\documents and settings\Admin\Application Data\Kernel32.exe
c:\documents and settings\Admin\Application Data\localsys64.exe
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\a0e17hkh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\a0e17hkh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components\SIMAutoCompleteSearch.js
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\a0e17hkh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome.manifest
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\a0e17hkh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar.jar
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\a0e17hkh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\install.rdf
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\a0e17hkh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\manifest.mf
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\a0e17hkh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.rsa
c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\a0e17hkh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.sf
c:\documents and settings\Admin\Application Data\ntos.exe
c:\documents and settings\Admin\Application Data\oembios.exe
c:\documents and settings\Admin\Application Data\sdra64.exe
c:\documents and settings\Admin\Application Data\sdra73.exe
c:\documents and settings\Admin\Application Data\swin32.exe
c:\documents and settings\Admin\Application Data\twex.exe
c:\documents and settings\Admin\Application Data\twext.exe
c:\documents and settings\Admin\Application Data\wsnpoema.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-12 to 2011-11-12 )))))))))))))))))))))))))))))))
.
.
2011-11-09 17:23 . 2011-11-09 17:23 -------- d-s---w- c:\documents and settings\Administrator\UserData
2011-11-09 17:21 . 2011-11-09 17:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Hewlett-Packard
2011-11-09 15:03 . 2011-11-09 18:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitMeter2
2011-11-09 15:02 . 2011-11-09 15:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2011-11-09 14:42 . 2011-11-09 14:42 233469 ----a-w- c:\windows\CQPhone Uninstaller.exe
2011-11-09 14:42 . 2011-11-09 14:42 -------- d-----w- c:\program files\CQPhone
2011-11-09 11:14 . 2011-11-09 15:16 512 ----a-w- C:\PhysicalMBR.bin
2011-11-09 10:56 . 2011-11-09 10:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\STDUViewer
2011-11-08 20:23 . 2011-11-08 20:48 -------- d-----w- C:\rsit
2011-11-08 15:14 . 2003-08-19 11:36 65536 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2011-11-08 15:14 . 2003-08-19 11:36 65536 ----a-w- c:\windows\system32\Audio3D.dll
2011-11-08 15:14 . 2003-08-19 11:36 65536 ----a-w- c:\windows\system32\a3d.dll
2011-11-07 10:31 . 2011-11-07 10:31 -------- d-----w- c:\program files\BSPlayer
2011-11-07 10:12 . 2011-11-07 10:13 -------- d-----w- c:\program files\DivX
2011-11-07 10:06 . 2011-11-07 10:06 -------- d-----r- c:\program files\Kartotéka
2011-11-05 20:45 . 2011-11-05 20:55 -------- d-----w- c:\program files\HijackThis.HJT
2011-11-04 13:20 . 2011-09-09 17:23 2469760 ----a-w- c:\windows\system32\BootMan.exe
2011-11-04 13:20 . 2011-07-29 12:54 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
2011-11-04 13:20 . 2011-07-29 12:54 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2011-11-04 13:20 . 2011-07-29 12:54 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2011-11-04 13:20 . 2011-07-29 12:54 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2011-11-04 13:20 . 2011-11-04 13:20 -------- d-----w- c:\program files\EASEUS
2011-11-04 11:16 . 2011-11-04 11:16 -------- d-----w- c:\program files\HD Tune
2011-11-04 11:09 . 2011-11-04 11:09 -------- d-----w- c:\program files\FreshDevices
2011-11-03 16:03 . 2011-11-03 16:03 -------- d-----w- c:\program files\Common Files\Apple
2011-11-03 16:03 . 2011-11-03 16:03 -------- d-----w- c:\program files\Apple Software Update
2011-11-03 16:03 . 2011-11-03 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-23 09:42 . 2011-10-23 09:42 -------- d-----w- c:\program files\Common Files\Java
2011-10-22 21:02 . 2011-10-22 21:02 -------- d-----w- c:\documents and settings\Admin\temp
2011-10-19 05:53 . 2011-10-19 05:53 -------- d-----w- c:\program files\Microsoft Silverlight
2011-10-18 06:26 . 2003-07-16 12:27 43264 ------w- c:\windows\system32\drivers\ser2pl.sys
2011-10-16 09:16 . 2003-06-02 01:19 45056 ----a-r- c:\windows\system32\usbmonit.exe
2011-10-16 09:16 . 2003-05-21 01:27 139264 ----a-r- c:\windows\system32\geneicon.dll
2011-10-16 09:16 . 2003-03-07 03:52 36864 ----a-r- c:\windows\system32\deluidrv.exe
2011-10-16 09:16 . 2002-03-05 02:10 32768 ----a-r- c:\windows\system32\delentry.exe
2011-10-16 09:16 . 2003-06-02 01:31 24720 ----a-r- c:\windows\system32\drivers\geneuide.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-08 16:53 . 2010-11-19 15:42 60 ----a-w- c:\windows\rafazon.bat
2011-10-03 03:06 . 2010-11-02 10:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2011-07-27 20:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-06 20:45 . 2010-11-19 16:34 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-11-19 16:34 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-05-05 06:17 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2010-11-19 16:35 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-11-19 16:35 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-11-19 16:35 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-11-19 16:35 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2010-11-19 16:35 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2010-11-19 16:35 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2010-11-19 16:35 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-31 15:00 . 2010-09-17 08:38 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2001-07-22 19:29 . 2008-02-26 20:31 351744 ----a-w- c:\program files\Salamander.exe
1998-06-17 12:42 . 2010-01-26 08:17 602624 ----a-w- c:\program files\w95sstv.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-10_22.17.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-12 10:04 . 2011-11-12 10:04 16384 c:\windows\temp\Perflib_Perfdata_524.dat
- 2010-12-31 20:17 . 2008-07-08 13:02 26488 c:\windows\SoftwareDistribution\Download\a4c8b51fef38872a7ec62d0a40ca147c\update\spcustom.dll
- 2010-12-31 20:17 . 2008-07-08 13:02 17272 c:\windows\SoftwareDistribution\Download\a4c8b51fef38872a7ec62d0a40ca147c\spmsg.dll
- 2010-12-31 20:17 . 2009-05-26 11:40 382840 c:\windows\SoftwareDistribution\Download\a4c8b51fef38872a7ec62d0a40ca147c\update\updspapi.dll
- 2010-12-31 20:17 . 2009-05-26 11:40 755576 c:\windows\SoftwareDistribution\Download\a4c8b51fef38872a7ec62d0a40ca147c\update\update.exe
- 2010-12-31 20:17 . 2008-07-08 13:02 231288 c:\windows\SoftwareDistribution\Download\a4c8b51fef38872a7ec62d0a40ca147c\spuninst.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2010-12-03 141368]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 67584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2009-6-21 1462272]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bitmeter2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bitmeter2.lnk
backup=c:\windows\pss\Bitmeter2.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Topcom Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Topcom Wireless LAN Utility.lnk
backup=c:\windows\pss\Topcom Wireless LAN Utility.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-03 22:56 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2000-06-26 15:22 905216 ----a-r- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-04 21:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2007-05-10 11:18 835584 ----a-w- c:\windows\vsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-01-05 10:31 424448 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-06-18 08:31 67584 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2007-04-21 07:32 270336 ----a-w- c:\windows\tsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
2006-08-09 13:27 36864 ------w- c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
"wuauserv"=2 (0x2)
"SpyEmrgSrv"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5.5.2011 7:17 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19.11.2010 17:35 320856]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [14.4.2010 10:28 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.11.2010 17:35 20568]
R2 OkiPar;OkiPar;c:\windows\system32\drivers\OkiPar.Sys [2.10.2001 10:54 40192]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [25.9.2009 16:10 27632]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [4.11.2011 14:20 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [4.11.2011 14:20 8456]
S3 FlarionDTM;Flarion DTM Network Interface;c:\windows\system32\drivers\FlrnDTM.sys [4.12.2008 18:33 24706]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [20.11.2010 20:49 13224]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [27.2.2010 13:17 19034]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [31.7.2009 18:24 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [31.7.2009 18:24 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [31.7.2009 18:24 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [31.7.2009 18:24 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [31.7.2009 18:24 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [31.7.2009 18:24 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [31.7.2009 18:24 109736]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [4.12.2008 22:31 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [4.12.2008 22:34 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [4.12.2008 22:34 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [4.12.2008 22:38 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [4.12.2008 22:45 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [4.12.2008 22:37 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [4.12.2008 22:40 110120]
S3 se26nd3;Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (NDIS);c:\windows\system32\drivers\se26nd3.sys [14.11.2009 13:52 18208]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [1.2.2011 10:28 155344]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 195.91.0.17 194.154.227.17
TCP: Interfaces\{DE0F6CE3-562F-4790-A186-468AE3F02BA4}: NameServer = 194.154.230.80,195.91.78.80
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\a0e17hkh.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-12 11:04
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(984)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\StkASv2K.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
.
**************************************************************************
.
Completion time: 2011-11-12 11:12:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-12 10:12
ComboFix2.txt 2011-11-11 16:04
ComboFix3.txt 2011-11-10 22:44
.
Pre-Run: 7 254 224 896 bytes free
Post-Run: 7 655 174 144 voľných bajtov
.
- - End Of File - - 301612E892E685EAB77D4ED99FDC4D45

Pac je tam bordelu jak...

Tohle vypada OK, pustte tam jeste CureIt http://www.viry.cz/forum/viewtopic.php?f=29&t=47721

tak skenovanie sa konecne skoncilo, spustil som program v rezime rozsirenej ochrany a zadal som uplnu kontrolu a tak skenovanie trvalo cely den. naslo este 21 virusov a vsetky som dal vymazat. teraz to uz snad bude v poriadku.

!!!velmi pekne dakujem za pomoc a prajem pekný zbytok vikendu!!!

forum podporim cez paypal

este raz DAKUJEM!

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A je to vse

Za podporu fora jmenem celeho tymu dekuji

platba na mejl podporte@forum.viry.cz sa uskutocnila pred chvilou prostrednictvom paypalu.

prajem pekný den.

Jeste jednou dekuji jmene celeho tymu

dobry den,
bol som par tyzdnov prec mimo domu a po navrate som zistil ze sa mi niekto vrtal v hdd. pc nebol zapnuty, ale hdd mam v sufliku a volakto s nim manipuloval.
vedeli by ste mi poradit ci tam niekto nenainstaloval nejaky skodlivy softver?

dakujem.

VIRY.CZ

MBAM opakovane hlasi Hijack.WindowsUpdates

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Re: MBAM opakovane hlasi Hijack.WindowsUpdates