VIRY.CZ

Zdravim,

Mam problem s vyskakovanim okna s nazvom digital protection (falosny antispyware) a dole v taskbare mam dve polozky, jedna sa tvari ako security center a je tam akoze vsetko vypnute (firewall, antivirus, antimalware, atd), ale v tom pravom mam vsetko zapnute.

Mohli by ste sa prosim pozriet na moj log?

Logfile of random's system information tool 1.06 (written by random/random)
Run by Funkye at 2010-04-20 18:30:27
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 5 GB (4%) free of 135 GB
Total RAM: 2045 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:42, on 20/04/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Funkye\internet\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\Funkye.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3863046564-3505499076-1678226595-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Cee')
O4 - HKUS\S-1-5-21-3863046564-3505499076-1678226595-1001\..\Run: [mcexecwin] rundll32.exe C:\Users\Cee\AppData\Local\Temp\qxv3fk3n.dll, RestoreWindows (User 'Cee')
O4 - HKUS\S-1-5-21-3863046564-3505499076-1678226595-1001\..\Run: [hsf87sdhfush87fsufhuie3fddf] C:\Users\Cee\AppData\Local\Temp\frdn55hdu.exe (User 'Cee')
O4 - HKUS\S-1-5-21-3863046564-3505499076-1678226595-1001\..\Run: [MSWINSCK.exe] C:\Users\Cee\AppData\Local\Temp\MSWINSCK.exe (User 'Cee')
O4 - HKUS\S-1-5-21-3863046564-3505499076-1678226595-1001\..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\Users\Cee\AppData\Local\Temp\avp.exe (User 'Cee')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: GOXYK - Sysinternals - http://www.sysinternals.com - C:\Users\Funkye\AppData\Local\Temp\GOXYK.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OAKDFRCUZIBPCF - Sysinternals - http://www.sysinternals.com - C:\Users\Funkye\AppData\Local\Temp\OAKDFRCUZIBPCF.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TH - Sysinternals - http://www.sysinternals.com - C:\Users\Funkye\AppData\Local\Temp\TH.exe
O23 - Service: XJTXKVBMWU - Sysinternals - http://www.sysinternals.com - C:\Users\Funkye\AppData\Local\Temp\XJTXKVBMWU.exe
O23 - Service: ZRAHNXB - Sysinternals - http://www.sysinternals.com - C:\Users\Funkye\AppData\Local\Temp\ZRAHNXB.exe

--
End of file - 9096 bytes

======Scheduled tasks folder======

C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job
C:\Windows\tasks\User_Feed_Synchronization-{75E510F4-2765-4E31-926D-BBB7707FF5D9}.job
C:\Windows\tasks\User_Feed_Synchronization-{978E7386-49DA-4433-B715-24320B4B6D49}.job
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-10-02 246800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-11-04 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-10 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-06-16 13793824]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2009-06-16 92704]
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2007-05-09 36864]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-09-07 405504]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2009-06-17 55824]
"DELL Webcam Manager"=C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-07-02 159744]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"NokiaOviSuite2"=C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2010-02-24 385928]
""= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-02-28 63048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2010-02-24 385928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
oobefldr.dll,ShowWelcomeCenter []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Funkye^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
C:\PROGRA~1\COMMON~1\Logishrd\eReg\SetPoint\eReg.exe [2008-11-07 517384]

C:\Users\Funkye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5197e35f-d495-11de-aafa-001f3ae2565f}]
shell\AutoRun\command - G:\Setup.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-04-20 18:30:27 ----D---- C:\rsit
2010-04-19 23:09:56 ----A---- C:\Windows\ntbtlog.txt
2010-04-19 22:46:57 ----D---- C:\Program Files\Trend Micro
2010-04-19 22:19:32 ----A---- C:\Windows\BDTSupport.dll.old
2010-04-19 22:19:32 ----A---- C:\Windows\BDTSupport.dll
2010-04-19 22:19:31 ----A---- C:\Windows\SGDetectionTool.dll
2010-04-19 22:19:31 ----A---- C:\Windows\PCTBDRes.dll
2010-04-19 22:19:31 ----A---- C:\Windows\PCTBDCore.dll.old
2010-04-19 22:19:31 ----A---- C:\Windows\PCTBDCore.dll
2010-04-19 22:17:26 ----D---- C:\Users\Funkye\AppData\Roaming\PC Tools
2010-04-19 22:17:26 ----D---- C:\ProgramData\PC Tools
2010-04-19 22:17:26 ----D---- C:\Program Files\Spyware Doctor
2010-04-19 22:17:26 ----D---- C:\Program Files\Common Files\PC Tools
2010-04-19 22:04:54 ----A---- C:\TDSSKiller.2.2.8.1_19.04.2010_22.04.54_log.txt
2010-04-19 21:50:06 ----A---- C:\TDSSKiller.2.2.8.1_19.04.2010_21.50.06_log.txt
2010-04-19 21:32:42 ----A---- C:\TDSSKiller.2.2.8.1_19.04.2010_21.32.42_log.txt
2010-04-19 21:28:12 ----A---- C:\TDSSKiller.2.2.8.1_19.04.2010_21.28.12_log.txt
2010-04-14 20:00:05 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-04-14 20:00:04 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-04-14 20:00:01 ----A---- C:\Windows\system32\vbscript.dll
2010-04-14 19:59:52 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-04-13 18:08:58 ----A---- C:\Windows\system32\wintrust.dll
2010-04-13 18:08:54 ----A---- C:\Windows\system32\cabview.dll
2010-04-10 22:27:49 ----D---- C:\Users\Funkye\AppData\Roaming\WinRAR
2010-04-10 20:04:25 ----D---- C:\Program Files\JDownloader
2010-04-10 20:03:52 ----A---- C:\Windows\system32\javaws.exe
2010-04-10 20:03:52 ----A---- C:\Windows\system32\javaw.exe
2010-04-10 20:03:52 ----A---- C:\Windows\system32\java.exe
2010-04-10 20:03:52 ----A---- C:\Windows\system32\deploytk.dll
2010-04-10 20:02:11 ----D---- C:\Program Files\Java
2010-04-09 20:21:20 ----D---- C:\Program Files\Citrix
2010-03-31 16:22:52 ----A---- C:\Windows\system32\mshtml.dll
2010-03-31 16:22:51 ----A---- C:\Windows\system32\ieframe.dll
2010-03-31 16:22:50 ----A---- C:\Windows\system32\wininet.dll
2010-03-31 16:22:50 ----A---- C:\Windows\system32\urlmon.dll
2010-03-31 16:22:50 ----A---- C:\Windows\system32\occache.dll
2010-03-31 16:22:50 ----A---- C:\Windows\system32\msfeeds.dll
2010-03-31 16:22:50 ----A---- C:\Windows\system32\iertutil.dll
2010-03-31 16:22:49 ----A---- C:\Windows\system32\mstime.dll
2010-03-31 16:22:49 ----A---- C:\Windows\system32\msfeedssync.exe
2010-03-31 16:22:49 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-03-31 16:22:49 ----A---- C:\Windows\system32\jsproxy.dll
2010-03-31 16:22:49 ----A---- C:\Windows\system32\ieUnatt.exe
2010-03-31 16:22:49 ----A---- C:\Windows\system32\ieui.dll
2010-03-31 16:22:49 ----A---- C:\Windows\system32\iesysprep.dll
2010-03-31 16:22:49 ----A---- C:\Windows\system32\iesetup.dll
2010-03-31 16:22:49 ----A---- C:\Windows\system32\iernonce.dll
2010-03-31 16:22:49 ----A---- C:\Windows\system32\iepeers.dll
2010-03-31 16:22:49 ----A---- C:\Windows\system32\iedkcs32.dll
2010-03-31 16:22:49 ----A---- C:\Windows\system32\ie4uinit.exe
2010-03-30 19:21:57 ----A---- C:\Windows\system32\GEARAspi.dll
2010-03-30 19:21:30 ----D---- C:\Program Files\Songbird
2010-03-27 09:25:17 ----D---- C:\Program Files\PC Connectivity Solution
2010-03-22 21:54:33 ----D---- C:\Program Files\Common Files\Skype

======List of files/folders modified in the last 1 months======

2010-04-20 18:30:29 ----D---- C:\Windows\Temp
2010-04-20 18:26:33 ----D---- C:\Windows\System32
2010-04-20 18:26:33 ----D---- C:\Windows\inf
2010-04-20 18:26:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-20 18:20:59 ----D---- C:\Windows
2010-04-20 18:20:45 ----AD---- C:\ProgramData\TEMP
2010-04-19 23:03:38 ----D---- C:\Funkye
2010-04-19 22:55:07 ----D---- C:\Windows\system32\Tasks
2010-04-19 22:55:06 ----D---- C:\Windows\Tasks
2010-04-19 22:54:43 ----D---- C:\Windows\Prefetch
2010-04-19 22:46:57 ----RD---- C:\Program Files
2010-04-19 22:18:40 ----SHD---- C:\Windows\Installer
2010-04-19 22:18:37 ----D---- C:\Windows\winsxs
2010-04-19 22:17:52 ----D---- C:\Windows\system32\drivers
2010-04-19 22:17:26 ----HD---- C:\ProgramData
2010-04-19 22:17:26 ----D---- C:\Program Files\Common Files
2010-04-17 23:55:04 ----SHD---- C:\System Volume Information
2010-04-16 15:40:04 ----D---- C:\Windows\system32\catroot
2010-04-16 15:37:49 ----D---- C:\Program Files\Windows Mail
2010-04-15 19:03:03 ----D---- C:\Windows\system32\catroot2
2010-04-09 19:30:13 ----SD---- C:\Users\Funkye\AppData\Roaming\Microsoft
2010-04-09 19:30:13 ----SD---- C:\ProgramData\Microsoft
2010-04-08 22:00:15 ----D---- C:\Windows\system32\LogFiles
2010-04-06 18:52:54 ----A---- C:\Windows\system32\mrt.exe
2010-04-02 09:53:41 ----D---- C:\Program Files\Mozilla Firefox
2010-04-02 09:49:39 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-04-01 19:31:02 ----D---- C:\Program Files\McAfee
2010-03-31 18:08:18 ----D---- C:\Program Files\Internet Explorer
2010-03-31 18:08:16 ----D---- C:\Windows\system32\migration
2010-03-27 09:29:09 ----D---- C:\Program Files\Common Files\Nokia
2010-03-27 09:26:13 ----DC---- C:\Windows\system32\DRVSTORE
2010-03-27 09:24:43 ----D---- C:\ProgramData\OviInstallerCache
2010-03-21 11:03:49 ----D---- C:\ProgramData\Roxio

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-11-04 214664]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2009-07-16 130424]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2008-08-11 47640]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2008-02-15 46592]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-25 155136]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-12-23 15664]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2008-02-28 10144]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-11-04 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-11-04 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-11-04 40552]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-06-16 9768640]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-09-07 330240]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2007-04-03 46992]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 ap618moh;ap618moh; C:\Windows\system32\drivers\ap618moh.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-11-04 34248]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2010-01-21 18048]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-12-30 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2009-12-30 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2007-08-29 73728]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-10-29 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-11-04 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-10-02 26640]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-06-16 211488]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-09-07 102400]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-11-04 606736]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 GOXYK;GOXYK; C:\Users\Funkye\AppData\Local\Temp\GOXYK.exe [2010-04-19 490368]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-10-28 365072]
S3 OAKDFRCUZIBPCF;OAKDFRCUZIBPCF; C:\Users\Funkye\AppData\Local\Temp\OAKDFRCUZIBPCF.exe [2010-04-19 416640]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2010-01-18 1141712]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-12-02 74384]
S3 TH;TH; C:\Users\Funkye\AppData\Local\Temp\TH.exe [2010-04-19 510848]
S3 XJTXKVBMWU;XJTXKVBMWU; C:\Users\Funkye\AppData\Local\Temp\XJTXKVBMWU.exe [2010-04-19 555904]
S3 ZRAHNXB;ZRAHNXB; C:\Users\Funkye\AppData\Local\Temp\ZRAHNXB.exe [2010-04-19 535424]
S4 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-09-28 116032]
S4 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-02-28 63040]

-----------------EOF-----------------

Zdravím, tohle fixni v HJT :

O4 - HKUS\S-1-5-21-3863046564-3505499076-1678226595-1001\..\Run: [mcexecwin] rundll32.exe C:\Users\Cee\AppData\Local\Temp\qxv3fk3n.dll, RestoreWindows (User 'Cee')
O4 - HKUS\S-1-5-21-3863046564-3505499076-1678226595-1001\..\Run: [hsf87sdhfush87fsufhuie3fddf] C:\Users\Cee\AppData\Local\Temp\frdn55hdu.exe (User 'Cee')
O4 - HKUS\S-1-5-21-3863046564-3505499076-1678226595-1001\..\Run: [MSWINSCK.exe] C:\Users\Cee\AppData\Local\Temp\MSWINSCK.exe (User 'Cee')
O4 - HKUS\S-1-5-21-3863046564-3505499076-1678226595-1001\..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\Users\Cee\AppData\Local\Temp\avp.exe (User 'Cee')

HJT najdeš zde :

C:\Program Files\Trend Micro\HijackThis\Funkye.exe

Fix znamená že spustíš HJT

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

Čištění registru je třeba několikrát zopakovat !


Stáhni a ulož na plochu ComboFix,

spusť aplikaci pod účtem s administrátorským oprávněním a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

tak som tu s tym log-om z combo fix

ComboFix 10-04-19.08 - Funkye 20/04/2010 19:48:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.1277 [GMT 1:00]
Running from: c:\users\Funkye\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\users\Cee\AppData\Roaming\sdra64.exe
c:\users\Cee\Favorites\_favdata.dat
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((( Files Created from 2010-03-20 to 2010-04-20 )))))))))))))))))))))))))))))))
.

2010-04-20 18:58 . 2010-04-20 18:58 -------- d-----w- c:\users\Funkye\AppData\Local\temp
2010-04-20 18:58 . 2010-04-20 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-20 18:58 . 2010-04-20 18:58 -------- d-----w- c:\users\Dee\AppData\Local\temp
2010-04-20 18:58 . 2010-04-20 18:58 -------- d-----w- c:\users\Cee\AppData\Local\temp
2010-04-20 18:20 . 2010-04-20 18:22 16940 ----a-w- c:\users\Funkye\cc_20100420_191957.reg
2010-04-20 18:12 . 2010-04-20 18:12 -------- d-----w- c:\program files\CCleaner
2010-04-20 17:30 . 2010-04-20 17:30 -------- d-----w- C:\rsit
2010-04-19 21:46 . 2010-04-19 21:46 -------- d-----w- c:\program files\Trend Micro
2010-04-19 21:17 . 2010-04-19 21:17 -------- d-----w- c:\users\Funkye\AppData\Roaming\PC Tools
2010-04-19 21:17 . 2010-04-19 21:17 -------- d-----w- c:\programdata\PC Tools
2010-04-19 20:00 . 2010-04-19 20:00 -------- d-----w- c:\users\Cee\AppData\Roaming\BED70DBEF1EF02A10FC90FD8DE3DDB23
2010-04-16 18:03 . 2010-04-16 18:03 680 ----a-w- c:\users\Cee\AppData\Local\d3d9caps.dat
2010-04-15 22:11 . 2010-04-20 18:38 -------- d-sh--w- c:\users\Cee\AppData\Roaming\lowsec
2010-04-14 19:00 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 19:00 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 19:00 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 19:00 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 19:00 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 19:00 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 18:59 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 18:59 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 18:59 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-13 17:08 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-13 17:08 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-10 19:04 . 2010-04-19 18:20 -------- d-----w- c:\program files\JDownloader
2010-04-10 19:03 . 2010-04-10 19:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-10 19:02 . 2010-04-10 19:02 -------- d-----w- c:\program files\Java
2010-04-09 19:21 . 2010-04-09 19:21 -------- d-----w- c:\program files\Citrix
2010-04-09 19:21 . 2010-04-09 19:21 -------- d-----w- c:\users\Funkye\AppData\Local\Citrix
2010-03-30 18:24 . 2009-12-20 21:32 394600 ----a-w- c:\users\Cee\AppData\Roaming\Songbird2\Profiles\dnlp5mb4.default\extensions\cd-rip@songbirdnest.com\lib\gwrks32.dll
2010-03-30 18:22 . 2010-03-30 18:22 -------- d-----w- c:\users\Cee\AppData\Local\Songbird2
2010-03-30 18:22 . 2010-03-30 18:22 -------- d-----w- c:\users\Cee\AppData\Roaming\Songbird2
2010-03-30 18:21 . 2009-12-23 11:03 15664 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-30 18:21 . 2009-12-23 11:03 109360 ----a-w- c:\windows\system32\GEARAspi.dll
2010-03-30 18:21 . 2010-03-30 18:21 -------- d-----w- c:\program files\Songbird
2010-03-27 08:26 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-03-27 08:25 . 2010-03-27 08:25 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-27 08:24 . 2010-03-27 08:24 77824 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-03-27 08:24 . 2010-03-27 08:24 50000 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-03-27 08:24 . 2010-03-11 07:17 64164264 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\NokiaOviSuite2Installer.exe
2010-03-22 20:54 . 2010-03-22 20:54 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-20 18:42 . 2009-11-18 22:36 303941 ----a-w- c:\programdata\nvModes.dat
2010-04-20 18:33 . 2009-11-19 05:39 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-20 18:18 . 2009-11-19 23:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-19 21:26 . 2010-04-19 21:17 -------- d-----w- c:\program files\Spyware Doctor
2010-04-19 21:19 . 2010-04-19 21:17 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-19 18:56 . 2009-11-21 11:28 1 ----a-w- c:\users\Cee\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-18 20:30 . 2009-11-21 20:15 -------- d-----w- c:\users\Cee\AppData\Roaming\Skype
2010-04-18 19:51 . 2009-11-21 20:16 -------- d-----w- c:\users\Cee\AppData\Roaming\skypePM
2010-04-18 16:59 . 2009-12-16 14:11 -------- d-----w- c:\users\Dee\AppData\Roaming\Skype
2010-04-18 15:06 . 2009-12-17 11:54 -------- d-----w- c:\users\Dee\AppData\Roaming\skypePM
2010-04-16 14:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-09 17:55 . 2009-11-18 22:00 71752 ----a-w- c:\users\Funkye\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-02 08:49 . 2009-11-19 23:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-01 18:31 . 2009-11-19 22:24 -------- d-----w- c:\program files\McAfee
2010-03-27 08:29 . 2009-12-01 21:28 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-27 08:24 . 2009-12-01 21:21 -------- d-----w- c:\programdata\OviInstallerCache
2010-03-21 10:03 . 2009-11-20 20:15 -------- d-----w- c:\programdata\Roxio
2010-03-15 12:34 . 2010-03-15 12:34 -------- d-----w- c:\users\Cee\AppData\Roaming\Goodsol
2010-03-12 10:40 . 2010-03-12 10:40 1 ----a-w- c:\users\Dee\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-12 10:39 . 2010-03-12 10:39 -------- d-----w- c:\users\Dee\AppData\Roaming\OpenOffice.org
2010-03-11 20:57 . 2010-03-11 20:57 -------- d-----w- c:\programdata\Easy CD-DA Extractor
2010-03-11 20:57 . 2010-03-11 20:57 -------- d-----w- c:\program files\Easy CD-DA Extractor 12
2010-03-11 20:53 . 2010-03-11 20:53 -------- d-----w- c:\programdata\FreeRIP
2010-03-11 20:31 . 2010-03-11 20:31 -------- d-----w- c:\users\Cee\AppData\Roaming\Roxio
2010-03-11 07:17 . 2010-02-15 14:13 64164264 ----a-w- c:\users\Funkye\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2010-03-02 21:48 . 2009-12-01 21:21 -------- d-----w- c:\program files\Nokia
2010-02-15 14:13 . 2010-02-15 14:13 64099864 ----a-w- c:\users\Cee\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2010-02-13 15:11 . 2010-02-13 14:37 1 ----a-w- c:\users\Funkye\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-12 10:32 . 2010-03-14 09:40 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-05 08:25 . 2010-04-19 21:17 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-05 08:18 . 2010-04-19 21:17 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-02-05 08:17 . 2010-04-19 21:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-25 12:00 . 2010-02-24 13:24 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 13:24 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 13:24 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 13:24 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 13:24 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 13:24 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 13:24 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 13:24 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 13:24 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 13:24 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-21 23:21 . 2010-04-19 21:19 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-21 23:21 . 2010-04-19 21:19 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-21 23:21 . 2010-04-19 21:19 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-01-21 23:21 . 2010-04-19 21:19 767952 ----a-w- c:\windows\BDTSupport.dll
2010-01-21 14:53 . 2010-01-21 14:53 18048 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2006-06-15 20:33 . 2009-11-24 21:41 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 18:43 . 2009-11-24 21:41 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 14:41 . 2009-11-24 21:41 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 13:10 . 2009-11-24 21:41 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 12:19 . 2009-11-24 21:40 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 18:35 . 2009-11-24 21:41 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 11:10 . 2009-11-24 21:40 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 11:42 . 2009-11-24 21:40 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 11:22 . 2009-11-24 21:40 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 11:21 . 2009-11-24 21:40 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2009-11-24 21:41 . 2009-11-24 21:41 76 --sh--r- c:\windows\CT4CET.bin
2007-02-21 19:49 . 2007-02-21 19:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]

c:\users\Funkye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Funkye^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Funkye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 10:04 39792 ----a-r- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-02-28 15:31 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-02-24 21:17 385928 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 16:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c1,0e,5d,44,5a,69,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3863046564-3505499076-1678226595-1000]
"EnableNotificationsRef"=dword:00000002
"EnableNotifications"=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-19 691696]
R3 GOXYK;GOXYK;c:\users\Funkye\AppData\Local\Temp\GOXYK.exe [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-12-30 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320]
R3 OAKDFRCUZIBPCF;OAKDFRCUZIBPCF;c:\users\Funkye\AppData\Local\Temp\OAKDFRCUZIBPCF.exe [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
R3 TH;TH;c:\users\Funkye\AppData\Local\Temp\TH.exe [x]
R3 XJTXKVBMWU;XJTXKVBMWU;c:\users\Funkye\AppData\Local\Temp\XJTXKVBMWU.exe [x]
R3 ZRAHNXB;ZRAHNXB;c:\users\Funkye\AppData\Local\Temp\ZRAHNXB.exe [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-21 112592]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-19 12:22]

2010-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-19 12:22]

2010-04-19 c:\windows\Tasks\User_Feed_Synchronization-{75E510F4-2765-4E31-926D-BBB7707FF5D9}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]

2010-04-20 c:\windows\Tasks\User_Feed_Synchronization-{978E7386-49DA-4433-B715-24320B4B6D49}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\Funkye\AppData\Roaming\Mozilla\Firefox\Profiles\ldovujhz.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-20 19:58
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-04-20 20:02:56
ComboFix-quarantined-files.txt 2010-04-20 19:02

Pre-Run: 4,353,527,808 bytes free
Post-Run: 4,414,054,400 bytes free

- - End Of File - - E77C9AA90DEAF254385C50D0D82808BE

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

Tak som urobil, co si mi povedal, tu je log:


ComboFix 10-04-19.08 - Funkye 21/04/2010 18:26:39.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.1359 [GMT 1:00]
Running from: c:\users\Funkye\Desktop\ComboFix.exe
Command switches used :: c:\users\Funkye\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active


FILE ::
"c:\users\Funkye\AppData\Local\Temp\GOXYK.exe"
"c:\users\Funkye\AppData\Local\Temp\OAKDFRCUZIBPCF.exe"
"c:\users\Funkye\AppData\Local\Temp\TH.exe"
"c:\users\Funkye\AppData\Local\Temp\XJTXKVBMWU.exe"
"c:\users\Funkye\AppData\Local\Temp\ZRAHNXB.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GOXYK
-------\Service_OAKDFRCUZIBPCF
-------\Service_TH
-------\Service_XJTXKVBMWU
-------\Service_ZRAHNXB


((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))))
.

2010-04-21 17:36 . 2010-04-21 17:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-21 17:36 . 2010-04-21 17:51 -------- d-----w- c:\users\Funkye\AppData\Local\temp
2010-04-21 17:36 . 2010-04-21 17:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-21 17:36 . 2010-04-21 17:36 -------- d-----w- c:\users\Dee\AppData\Local\temp
2010-04-21 17:36 . 2010-04-21 17:36 -------- d-----w- c:\users\Cee\AppData\Local\temp
2010-04-20 19:16 . 2010-04-20 19:16 -------- d-----w- c:\users\Cee\AppData\Local\Easy CD-DA Extractor
2010-04-20 18:20 . 2010-04-20 18:22 16940 ----a-w- c:\users\Funkye\cc_20100420_191957.reg
2010-04-20 18:12 . 2010-04-20 18:12 -------- d-----w- c:\program files\CCleaner
2010-04-20 17:30 . 2010-04-20 17:30 -------- d-----w- C:\rsit
2010-04-19 21:46 . 2010-04-19 21:46 -------- d-----w- c:\program files\Trend Micro
2010-04-19 21:17 . 2010-04-19 21:17 -------- d-----w- c:\users\Funkye\AppData\Roaming\PC Tools
2010-04-19 21:17 . 2010-04-19 21:17 -------- d-----w- c:\programdata\PC Tools
2010-04-19 20:00 . 2010-04-19 20:00 -------- d-----w- c:\users\Cee\AppData\Roaming\BED70DBEF1EF02A10FC90FD8DE3DDB23
2010-04-16 18:03 . 2010-04-16 18:03 680 ----a-w- c:\users\Cee\AppData\Local\d3d9caps.dat
2010-04-15 22:11 . 2010-04-20 18:38 -------- d-sh--w- c:\users\Cee\AppData\Roaming\lowsec
2010-04-14 19:00 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 19:00 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 19:00 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 19:00 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 19:00 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 19:00 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 18:59 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 18:59 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 18:59 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-13 17:08 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-13 17:08 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-10 19:04 . 2010-04-19 18:20 -------- d-----w- c:\program files\JDownloader
2010-04-10 19:03 . 2010-04-10 19:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-10 19:02 . 2010-04-10 19:02 -------- d-----w- c:\program files\Java
2010-04-09 19:21 . 2010-04-09 19:21 -------- d-----w- c:\program files\Citrix
2010-04-09 19:21 . 2010-04-09 19:21 -------- d-----w- c:\users\Funkye\AppData\Local\Citrix
2010-03-30 18:24 . 2009-12-20 21:32 394600 ----a-w- c:\users\Cee\AppData\Roaming\Songbird2\Profiles\dnlp5mb4.default\extensions\cd-rip@songbirdnest.com\lib\gwrks32.dll
2010-03-30 18:22 . 2010-03-30 18:22 -------- d-----w- c:\users\Cee\AppData\Local\Songbird2
2010-03-30 18:22 . 2010-03-30 18:22 -------- d-----w- c:\users\Cee\AppData\Roaming\Songbird2
2010-03-30 18:21 . 2009-12-23 11:03 15664 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-30 18:21 . 2009-12-23 11:03 109360 ----a-w- c:\windows\system32\GEARAspi.dll
2010-03-30 18:21 . 2010-03-30 18:21 -------- d-----w- c:\program files\Songbird
2010-03-27 08:26 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-03-27 08:25 . 2010-03-27 08:25 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-27 08:24 . 2010-03-27 08:24 77824 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-03-27 08:24 . 2010-03-27 08:24 50000 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-03-27 08:24 . 2010-03-11 07:17 64164264 ----a-w- c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\NokiaOviSuite2Installer.exe
2010-03-22 20:54 . 2010-03-22 20:54 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 17:50 . 2009-11-18 22:36 303941 ----a-w- c:\programdata\nvModes.dat
2010-04-21 17:37 . 2009-11-19 05:39 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-20 19:04 . 2009-11-18 22:06 -------- d-----w- c:\program files\totalcmd
2010-04-20 19:03 . 2009-11-19 23:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-19 21:26 . 2010-04-19 21:17 -------- d-----w- c:\program files\Spyware Doctor
2010-04-19 21:19 . 2010-04-19 21:17 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-19 18:56 . 2009-11-21 11:28 1 ----a-w- c:\users\Cee\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-18 20:30 . 2009-11-21 20:15 -------- d-----w- c:\users\Cee\AppData\Roaming\Skype
2010-04-18 19:51 . 2009-11-21 20:16 -------- d-----w- c:\users\Cee\AppData\Roaming\skypePM
2010-04-18 16:59 . 2009-12-16 14:11 -------- d-----w- c:\users\Dee\AppData\Roaming\Skype
2010-04-18 15:06 . 2009-12-17 11:54 -------- d-----w- c:\users\Dee\AppData\Roaming\skypePM
2010-04-16 14:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-09 17:55 . 2009-11-18 22:00 71752 ----a-w- c:\users\Funkye\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-02 08:49 . 2009-11-19 23:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-01 18:31 . 2009-11-19 22:24 -------- d-----w- c:\program files\McAfee
2010-03-27 08:29 . 2009-12-01 21:28 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-27 08:24 . 2009-12-01 21:21 -------- d-----w- c:\programdata\OviInstallerCache
2010-03-21 10:03 . 2009-11-20 20:15 -------- d-----w- c:\programdata\Roxio
2010-03-15 12:34 . 2010-03-15 12:34 -------- d-----w- c:\users\Cee\AppData\Roaming\Goodsol
2010-03-12 10:40 . 2010-03-12 10:40 1 ----a-w- c:\users\Dee\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-12 10:39 . 2010-03-12 10:39 -------- d-----w- c:\users\Dee\AppData\Roaming\OpenOffice.org
2010-03-11 20:57 . 2010-03-11 20:57 -------- d-----w- c:\programdata\Easy CD-DA Extractor
2010-03-11 20:57 . 2010-03-11 20:57 -------- d-----w- c:\program files\Easy CD-DA Extractor 12
2010-03-11 20:53 . 2010-03-11 20:53 -------- d-----w- c:\programdata\FreeRIP
2010-03-11 20:31 . 2010-03-11 20:31 -------- d-----w- c:\users\Cee\AppData\Roaming\Roxio
2010-03-11 07:17 . 2010-02-15 14:13 64164264 ----a-w- c:\users\Funkye\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2010-03-02 21:48 . 2009-12-01 21:21 -------- d-----w- c:\program files\Nokia
2010-03-02 21:47 . 2010-03-02 21:47 77824 ----a-w- c:\programdata\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-03-02 21:47 . 2010-03-02 21:47 50000 ----a-w- c:\programdata\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Installer\CommonCustomActions\pcswpc.exe
2010-02-24 20:48 . 2009-11-20 20:42 71752 ----a-w- c:\users\Cee\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 06:39 . 2010-03-31 15:22 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 15:22 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 15:22 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 15:22 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-12 11:53 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-12 11:53 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-12 11:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-15 14:13 . 2010-03-02 21:47 64099864 ----a-w- c:\programdata\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\NokiaOviSuite2Installer.exe
2010-02-15 14:13 . 2010-02-15 14:13 64099864 ----a-w- c:\users\Cee\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2010-02-13 15:11 . 2010-02-13 14:37 1 ----a-w- c:\users\Funkye\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-12 10:32 . 2010-03-14 09:40 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-05 08:25 . 2010-04-19 21:17 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-05 08:18 . 2010-04-19 21:17 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-02-05 08:17 . 2010-04-19 21:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-25 12:00 . 2010-02-24 13:24 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 13:24 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 13:24 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 13:24 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 13:24 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 13:24 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 13:24 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 13:24 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 13:24 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 13:24 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-21 23:21 . 2010-04-19 21:19 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-21 23:21 . 2010-04-19 21:19 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-21 23:21 . 2010-04-19 21:19 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-01-21 23:21 . 2010-04-19 21:19 767952 ----a-w- c:\windows\BDTSupport.dll
2006-06-15 20:33 . 2009-11-24 21:41 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 18:43 . 2009-11-24 21:41 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 14:41 . 2009-11-24 21:41 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 13:10 . 2009-11-24 21:41 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 12:19 . 2009-11-24 21:40 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 18:35 . 2009-11-24 21:41 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 11:10 . 2009-11-24 21:40 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 11:42 . 2009-11-24 21:40 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 11:22 . 2009-11-24 21:40 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 11:21 . 2009-11-24 21:40 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2009-11-24 21:41 . 2009-11-24 21:41 76 --sh--r- c:\windows\CT4CET.bin
2007-02-21 19:49 . 2007-02-21 19:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]

c:\users\Funkye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Funkye^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Funkye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 10:04 39792 ----a-r- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-02-28 15:31 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-02-24 21:17 385928 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 16:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c1,0e,5d,44,5a,69,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3863046564-3505499076-1678226595-1000]
"EnableNotificationsRef"=dword:00000002
"EnableNotifications"=dword:00000001

R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-12-30 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-19 691696]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-21 112592]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-19 12:22]

2010-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-19 12:22]

2010-04-21 c:\windows\Tasks\User_Feed_Synchronization-{75E510F4-2765-4E31-926D-BBB7707FF5D9}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]

2010-04-20 c:\windows\Tasks\User_Feed_Synchronization-{978E7386-49DA-4433-B715-24320B4B6D49}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\Funkye\AppData\Roaming\Mozilla\Firefox\Profiles\ldovujhz.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-21 18:51
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys >>UNKNOWN [0x8521A1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x883aad24
\Driver\ACPI -> acpi.sys @ 0x805bed68
\Driver\atapi -> 0x8521a1f8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3592)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\windows\system32\STacSV.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-04-21 18:56:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-21 17:56
ComboFix2.txt 2010-04-20 19:02

Pre-Run: 2,385,494,016 bytes free
Post-Run: 1,947,783,168 bytes free

- - End Of File - - EC1DAAE9ACFF4BA1F4B2DC2D5BA9208A

Stáhni Gmer rozbal archiv a spusť

proběhne sken kdy po jeho ukončení na tebe vypadne výsledek

poté klikni na Save tím se log uloží, zkopíruj ho sem.

Pokud není něco jasné je ZDE návod.

Tu je log:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-21 19:42:02
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Funkye\AppData\Local\Temp\pxldapod.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8FBB279E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8FBB2738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8FBB274C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8FBB27DC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8FBB281F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8FBB2710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8FBB2724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8FBB27B2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8FBB2847]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8FBB2833]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8FBB278A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8FBB2776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8FBB280B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8FBB27F2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8FBB27C8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8FBB2762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84E1C1F8

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\fastfat \Fat 9DC531F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.

Pak písni jaký je stav PC.