VIRY.CZ

každý den sa mi niekolko krát stane že mi vyhodí tabulku Windows explorer vyskitol sa problém .... a možnosti sú odoslať alebo neodoslať

Logfile of random's system information tool 1.08 (written by random/random)
Run by owner at 2011-02-05 17:41:08
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 280 GB (59%) free of 477 GB
Total RAM: 2038 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:41:40, on 5.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\RTHDCPL.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Folding@Home #01\Folding@Home #01\FAH-Console.exe
C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\windows\system32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\windows\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\windows\explorer.exe
C:\Documents and Settings\owner\Desktop\RSIT.exe
C:\Program Files\trend micro\owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: PowerReg Scheduler V3.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: PowerReg Scheduler V3.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stahnou vse FlashGet3 - C:\Documents and Settings\owner\Application Data\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Stahnout FlashGet3 - C:\Documents and Settings\owner\Application Data\FlashGetBHO\GetUrl.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Folding Service #01 (FAH-01) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #01\FAH-Console.exe
O23 - Service: Folding Service #02 (FAH-02) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: XTM - Unknown owner - C:\DOCUME~1\owner\LOCALS~1\Temp\XTM.exe (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/owner/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 7003 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
AC-Pro - C:\Program Files\AutocompletePro\AutocompletePro.dll [2010-06-14 97760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-24 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\windows\RTHDCPL.EXE [2008-10-28 17331200]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2009-09-17 153608]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]
"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2009-06-10 13758464]
"MSConfig"=C:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE [2008-04-14 169984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-01-13 2424560]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-12 1414144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]

C:\Documents and Settings\owner\Start Menu\Programs\Startup
PowerReg Scheduler V3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\windows\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=181
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Codemasters\DiRT2\dirt2_game.exe"="C:\Program Files\Codemasters\DiRT2\dirt2_game.exe:*:Enabled:DiRT2"
"C:\Program Files\Saints Row 2\SR2_pc.exe"="C:\Program Files\Saints Row 2\SR2_pc.exe:*:Disabled:SR2_pc"
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe"="C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Activision\Blur(TM)\Blur.exe"="C:\Program Files\Activision\Blur(TM)\Blur.exe:*:Disabled:Blur"
"C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe"="C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe:*:Disabled:iw4mp"
"C:\Program Files\Left 4 Dead 2\left4dead2.exe"="C:\Program Files\Left 4 Dead 2\left4dead2.exe:*:Disabled:left4dead2"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Program Files\Activision\Prototype\prototypef.exe"="C:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype(TM)"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe"="C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe:*:Disabled:BlackOps"
"C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\Launcher.exe"="C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit"
"C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\NFS11.exe"="C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\NFS11.exe:*:Disabled:Need for Speed(TM) Hot Pursuit Application"
"C:\Program Files\Electronic Arts\Medal of Honor\MP\mohmpgame.exe"="C:\Program Files\Electronic Arts\Medal of Honor\MP\mohmpgame.exe:*:Disabled:Medal of Honor: Multiplayer"
"C:\Program Files\Electronic Arts\Medal of Honor\Binaries\moh.exe"="C:\Program Files\Electronic Arts\Medal of Honor\Binaries\moh.exe:*:Disabled:Medal of Honor™"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"
"C:\Program Files\FlashGet Network1\FlashGet 3\FlashGet3.exe"="C:\Program Files\FlashGet Network1\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"
"C:\Program Files\Deep Silver\Nail'd\Naild_x86.exe"="C:\Program Files\Deep Silver\Nail'd\Naild_x86.exe:*:Disabled:Nail'd"
"C:\Program Files\EA Sports\FIFA 11\Game\fifa.exe"="C:\Program Files\EA Sports\FIFA 11\Game\fifa.exe:*:Disabled:FIFA 11"
"C:\Program Files\Activision\James Bond 007(TM) - Blood Stone\Bond.exe"="C:\Program Files\Activision\James Bond 007(TM) - Blood Stone\Bond.exe:*:Enabled:James Bond 007(TM) - Blood Stone"
"c:\program files\relevantknowledge\rlvknlg.exe"="c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-01-30 21:41:27 ----D---- C:\Documents and Settings\owner\Application Data\TuneUp Software
2011-01-30 21:41:00 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2011-01-30 21:40:04 ----SHD---- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-01-30 21:16:37 ----A---- C:\windows\system32\uxtheme.dll.backup
2011-01-30 21:13:21 ----D---- C:\Documents and Settings\owner\Application Data\SUPERAntiSpyware.com
2011-01-30 21:13:21 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-30 21:13:14 ----D---- C:\Program Files\SUPERAntiSpyware
2011-01-25 23:42:12 ----HD---- C:\windows\system32\GroupPolicy
2011-01-18 13:39:44 ----A---- C:\windows\system32\fmod.dll
2011-01-16 17:42:18 ----D---- C:\Documents and Settings\owner\Application Data\BlackBean
2011-01-15 16:18:06 ----D---- C:\Documents and Settings\owner\Application Data\Leadertech
2011-01-15 16:13:42 ----D---- C:\Program Files\EA Sports
2011-01-15 15:05:13 ----D---- C:\Program Files\BlackBeanGames
2011-01-15 14:26:38 ----A---- C:\windows\system32\drivers\lirsgt.sys
2011-01-15 14:26:38 ----A---- C:\windows\system32\drivers\atksgt.sys
2011-01-15 14:23:37 ----D---- C:\Program Files\Deep Silver
2011-01-14 19:30:30 ----D---- C:\Program Files\FlashGet Network1
2011-01-14 19:27:09 ----D---- C:\Program Files\FlashGet Network
2011-01-14 19:21:19 ----A---- C:\windows\libem.INI
2011-01-14 19:21:09 ----A---- C:\windows\system32\ssubtmr6.dll
2011-01-14 19:21:08 ----D---- C:\Program Files\Smarty Uninstaller Pro
2011-01-14 19:20:54 ----D---- C:\Documents and Settings\owner\Application Data\FlashGet
2011-01-14 19:20:54 ----D---- C:\Documents and Settings\owner\Application Data\BITS
2011-01-14 19:20:51 ----D---- C:\Documents and Settings\owner\Application Data\FlashGetBHO
2011-01-14 17:44:16 ----D---- C:\Program Files\FileHippo.com
2011-01-14 17:18:49 ----D---- C:\windows\ERDNT
2011-01-14 14:24:04 ----D---- C:\Documents and Settings\owner\Application Data\skypePM
2011-01-14 13:49:39 ----RD---- C:\Program Files\Skype
2011-01-14 13:49:39 ----D---- C:\Documents and Settings\owner\Application Data\Skype
2011-01-14 13:49:35 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2011-01-13 20:37:26 ----A---- C:\windows\system32\mfc45.dll
2011-01-13 20:28:44 ----D---- C:\Documents and Settings\owner\Application Data\iolo
2011-01-13 20:28:44 ----D---- C:\Documents and Settings\All Users\Application Data\iolo
2011-01-12 19:50:23 ----D---- C:\Documents and Settings\owner\Application Data\Xilisoft
2011-01-12 19:14:48 ----D---- C:\Download
2011-01-12 19:13:41 ----D---- C:\tmpDownload
2011-01-12 13:31:03 ----D---- C:\Documents and Settings\owner\Application Data\Quest3D
2011-01-12 13:31:02 ----D---- C:\Documents and Settings\owner\Application Data\Roaming
2011-01-12 13:23:23 ----D---- C:\Program Files\Paradox Interactive
2011-01-11 16:27:44 ----D---- C:\Fraps

======List of files/folders modified in the last 1 months======

2011-02-05 17:41:35 ----D---- C:\Program Files\trend micro
2011-02-05 17:41:17 ----D---- C:\windows\Prefetch
2011-02-05 17:39:20 ----D---- C:\windows\Temp
2011-02-05 17:35:12 ----A---- C:\windows\NeroDigital.ini
2011-02-05 13:42:34 ----A---- C:\windows\avisplitter.INI
2011-02-05 13:10:21 ----D---- C:\windows\system32\CatRoot2
2011-02-05 07:13:54 ----D---- C:\WINDOWS
2011-02-04 21:46:40 ----A---- C:\windows\SchedLgU.Txt
2011-02-04 16:37:34 ----D---- C:\Program Files\Activision
2011-02-04 16:08:35 ----SHD---- C:\windows\Installer
2011-02-02 12:38:24 ----D---- C:\Program Files\Bethesda Softworks
2011-02-01 13:42:21 ----D---- C:\windows\system32\DirectX
2011-02-01 13:42:20 ----HD---- C:\windows\inf
2011-02-01 13:42:07 ----RSD---- C:\windows\assembly
2011-01-30 21:48:42 ----D---- C:\Program Files
2011-01-30 21:48:31 ----D---- C:\windows\system32
2011-01-30 21:41:53 ----D---- C:\windows\system32\config
2011-01-30 21:16:37 ----A---- C:\windows\system32\uxtheme.dll
2011-01-30 20:56:19 ----A---- C:\windows\win.ini
2011-01-30 20:56:19 ----A---- C:\windows\system.ini
2011-01-22 19:57:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-01-22 19:57:30 ----D---- C:\windows\system32\drivers
2011-01-22 18:44:45 ----RSHDC---- C:\windows\system32\dllcache
2011-01-22 18:44:38 ----D---- C:\windows\Help
2011-01-22 18:44:24 ----RSD---- C:\windows\Fonts
2011-01-17 17:26:52 ----D---- C:\windows\WinSxS
2011-01-17 17:13:39 ----HD---- C:\Program Files\InstallShield Installation Information
2011-01-17 16:48:35 ----D---- C:\Program Files\DAEMON Tools Toolbar
2011-01-17 16:45:11 ----D---- C:\Program Files\Common Files
2011-01-15 14:23:11 ----D---- C:\Documents and Settings\All Users\Application Data\Solidshield
2011-01-14 19:46:17 ----D---- C:\Program Files\Electronic Arts
2011-01-14 17:18:49 ----AD---- C:\Qoobox
2011-01-13 21:14:32 ----D---- C:\Program Files\Codemasters
2011-01-13 20:42:43 ----D---- C:\Program Files\Ashampoo
2011-01-13 09:47:32 ----A---- C:\windows\system32\aswBoot.exe
2011-01-11 10:49:45 ----D---- C:\Program Files\Kalypso
2011-01-10 18:01:05 ----SD---- C:\windows\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 d347bus;d347bus; C:\windows\system32\DRIVERS\d347bus.sys [2004-08-22 155136]
R0 d347prt;d347prt; C:\windows\System32\Drivers\d347prt.sys [2004-08-22 5248]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\windows\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\windows\System32\drivers\sfdrv01.sys [2006-03-26 51200]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\windows\System32\drivers\sfhlp02.sys [2006-03-13 6656]
R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:\windows\System32\drivers\sfsync04.sys [2006-03-24 50176]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2010-10-10 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\windows\system32\drivers\Aavmker4.sys [2011-01-13 29392]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 InCDPass;Nero InCDPass; C:\windows\system32\drivers\InCDPass.sys [2008-02-18 36648]
R1 incdrm;Nero InCD MRW Remapper; C:\windows\system32\drivers\InCDRm.sys [2008-02-18 38312]
R1 intelppm;Intel Processor Driver; C:\windows\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMon2;avast! Standard Shield Support; C:\windows\system32\drivers\aswMon2.sys [2011-01-13 100176]
R2 atksgt;atksgt; C:\windows\system32\DRIVERS\atksgt.sys [2011-01-15 281760]
R2 lirsgt;lirsgt; C:\windows\system32\DRIVERS\lirsgt.sys [2011-01-15 25888]
R3 Arp1394;1394 ARP Client Protocol; C:\windows\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RtkHDAud.sys [2008-10-31 4942336]
R3 mouhid;Mouse HID Driver; C:\windows\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\windows\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2009-06-10 8087712]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\windows\system32\DRIVERS\Rtenicxp.sys [2008-09-25 115328]
R3 USBSTOR;USB Mass Storage Driver; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\windows\system32\drivers\WmBEnum.sys [2009-09-11 22792]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\windows\system32\drivers\WmVirHid.sys [2009-09-11 14984]
R3 WmXlCore;Logitech Translation Layer Driver; C:\windows\system32\drivers\WmXlCore.sys [2009-09-11 66056]
R4 InCDfs;Nero InCD File System; C:\windows\system32\drivers\InCDFs.sys [2008-02-18 118952]
S3 agr1k3ep;agr1k3ep; C:\windows\system32\drivers\agr1k3ep.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 nmwcd;Nokia USB Phone Parent; C:\windows\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\windows\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\windows\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\windows\system32\drivers\WmFilter.sys [2009-09-11 35592]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 FAH-01;Folding Service #01; C:\Program Files\Folding@Home #01\Folding@Home #01\FAH-Console.exe [2008-06-30 253952]
R2 FAH-02;Folding Service #02; C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [2008-06-30 253952]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2008-02-18 1553704]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-12 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-01-24 73728]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-06-10 168004]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-06-10 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2004-08-03 14336]
S1 InCDrec;Nero InCD File System Recognizer; C:\windows\system32\drivers\InCDRec.sys [2008-02-18 16040]
S2 NeroRegInCDSrv;Nero Registry InCD Service; C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe []
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 XTM;XTM; C:\DOCUME~1\owner\LOCALS~1\Temp\XTM.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Zapol som ComboFix a vypísalo mi :
http://www.uloz.to/7649713/screenpart-2 ... -09-02-jpg

Tam v tej tabulke som dal nie a po chvili prišiel log :
Vymazalo mi to nejaké 2 zložky

ComboFix 11-01-31.01 - owner 05.02.2011 20:16:33.3.8 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2038.1476 [GMT 1:00]
Running from: c:\documents and settings\owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk
C:\install.exe
c:\program files\AutocompletePro
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-05 to 2011-02-05 )))))))))))))))))))))))))))))))
.

2011-02-05 19:07 . 2011-02-05 19:09 -------- d-----w- c:\program files\ScreenParts
2011-02-02 12:08 . 2011-02-02 12:08 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\FalloutNV
2011-01-30 20:42 . 2011-01-30 20:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací
2011-01-30 20:41 . 2011-01-30 20:41 -------- d-----w- c:\documents and settings\owner\Application Data\TuneUp Software
2011-01-30 20:41 . 2011-01-30 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2011-01-30 20:40 . 2011-01-30 20:40 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-01-30 20:16 . 2004-08-03 22:56 218624 ----a-w- c:\windows\system32\uxtheme.dll.backup
2011-01-30 20:13 . 2011-01-30 20:13 -------- d-----w- c:\documents and settings\owner\Application Data\SUPERAntiSpyware.com
2011-01-30 20:13 . 2011-01-30 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-30 20:13 . 2011-01-30 20:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-25 22:42 . 2011-01-25 22:42 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-01-18 12:39 . 2011-01-16 18:55 162816 ----a-w- c:\windows\system32\fmod.dll
2011-01-17 16:52 . 2011-01-17 16:52 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\bizarre creations
2011-01-16 16:42 . 2011-01-16 16:42 -------- d-----w- c:\documents and settings\owner\Application Data\BlackBean
2011-01-15 15:18 . 2011-01-15 15:18 -------- d-----w- c:\documents and settings\owner\Application Data\Leadertech
2011-01-15 15:13 . 2011-02-01 12:42 -------- d-----w- c:\program files\EA Sports
2011-01-15 14:05 . 2011-01-15 14:05 -------- d-----w- c:\program files\BlackBeanGames
2011-01-15 13:26 . 2011-01-15 13:26 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-01-15 13:26 . 2011-01-15 13:26 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-01-15 13:23 . 2011-01-15 13:23 -------- d-----w- c:\program files\Deep Silver
2011-01-14 18:27 . 2011-01-14 18:27 -------- d-----w- c:\program files\FlashGet Network
2011-01-14 18:21 . 2009-03-24 11:52 614992 ----a-w- c:\windows\system32\comctl32.ocx
2011-01-14 18:21 . 2009-03-24 11:52 218432 ----a-w- c:\windows\system32\RICHTX32.OCX
2011-01-14 18:21 . 2007-08-15 11:09 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2011-01-14 18:21 . 2011-01-17 15:46 -------- d-----w- c:\program files\Smarty Uninstaller Pro
2011-01-14 18:21 . 2007-08-15 11:09 167683 ----a-w- c:\windows\system32\COMCT232.OCX
2011-01-14 18:20 . 2011-01-14 18:40 -------- d-----w- c:\documents and settings\owner\Application Data\BITS
2011-01-14 18:20 . 2011-01-14 18:20 -------- d-----w- c:\documents and settings\owner\Application Data\FlashGet
2011-01-14 18:03 . 2011-01-14 18:04 -------- d-sh--w- c:\documents and settings\owner\Local Settings\Application Data\.#
2011-01-14 16:44 . 2011-01-14 16:47 -------- d-----w- c:\program files\FileHippo.com
2011-01-14 13:24 . 2011-01-14 15:04 -------- d-----w- c:\documents and settings\owner\Application Data\skypePM
2011-01-14 12:49 . 2011-01-17 15:45 -------- d-----w- c:\documents and settings\owner\Application Data\Skype
2011-01-14 12:49 . 2011-01-17 15:45 -------- d-----r- c:\program files\Skype
2011-01-14 12:49 . 2011-01-14 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-01-13 19:37 . 2011-01-13 19:37 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-01-13 19:28 . 2011-01-14 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2011-01-13 19:28 . 2011-01-13 19:28 -------- d-----w- c:\documents and settings\owner\Application Data\iolo
2011-01-12 18:51 . 2011-01-12 18:51 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Xilisoft
2011-01-12 18:50 . 2011-01-14 18:47 -------- d-----w- c:\documents and settings\owner\Application Data\Xilisoft
2011-01-12 18:14 . 2011-01-12 18:38 -------- d-----w- C:\Download
2011-01-12 18:13 . 2011-01-12 18:30 -------- d-----w- C:\tmpDownload
2011-01-12 12:31 . 2011-01-12 12:31 -------- d-----w- c:\documents and settings\owner\Application Data\Quest3D
2011-01-12 12:31 . 2011-01-12 12:31 -------- d-----w- c:\documents and settings\owner\Application Data\Roaming
2011-01-12 12:23 . 2011-01-12 12:23 -------- d-----w- c:\program files\Paradox Interactive
2011-01-11 15:27 . 2011-01-30 20:52 -------- d-----w- C:\Fraps

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-30 20:16 . 2004-08-03 22:56 218624 ----a-w- c:\windows\system32\uxtheme.dll
2011-01-13 08:47 . 2010-12-05 17:01 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-12-05 17:01 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-12-05 17:02 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-12-05 17:01 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-12-05 17:01 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-12-05 17:01 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-12-05 17:02 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-12-05 17:01 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-12-05 17:02 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-12 17:53 . 2010-12-27 09:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2010-12-27 09:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2424560]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\owner\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2010-6-18 225280]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-12 11:34 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-11-14 12:35 305064 ----a-r- c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Saints Row 2\\SR2_pc.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Activision\\Blur(TM)\\Blur.exe"=
"c:\\Program Files\\Left 4 Dead 2\\left4dead2.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Activision\\Prototype\\prototypef.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\Launcher.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\NFS11.exe"=
"c:\\Program Files\\Deep Silver\\Nail'd\\Naild_x86.exe"=
"c:\\Program Files\\EA Sports\\FIFA 11\\Game\\fifa.exe"=
"c:\\Program Files\\Activision\\James Bond 007(TM) - Blood Stone\\Bond.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [9. 6. 2010 20:29 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [9. 6. 2010 20:29 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10. 10. 2010 10:21 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5. 12. 2010 18:02 294608]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17. 2. 2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10. 5. 2010 19:41 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5. 12. 2010 18:02 17744]
R2 FAH-01;Folding Service #01;c:\program files\Folding@Home #01\Folding@Home #01\FAH-Console.exe [30. 6. 2008 19:38 253952]
R2 FAH-02;Folding Service #02;c:\program files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [30. 6. 2008 19:38 253952]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
S3 XTM;XTM;c:\docume~1\owner\LOCALS~1\Temp\XTM.exe --> c:\docume~1\owner\LOCALS~1\Temp\XTM.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-01-24 10:30 451872 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stahnou vse FlashGet3 - c:\documents and settings\owner\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Stahnout FlashGet3 - c:\documents and settings\owner\Application Data\FlashGetBHO\GetUrl.htm
IE: ????3?? - c:\documents and settings\owner\Application Data\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\owner\Application Data\FlashGetBHO\GetAllUrl.htm
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Gadwin PrintScreen - c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe
AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-05 20:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2025429265-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\owner\\Application Data\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-2025429265-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\owner\\Application Data\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3

[HKEY_USERS\S-1-5-21-2025429265-1659004503-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3B3CD5C3-4E09-89B3-E236-305DCE356F6C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2025429265-1659004503-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:7d,f1,5a,d0,13,3b,5f,0d,a8,25,8d,5e,83,66,8a,95,8d,a4,c5,71,72,
a0,b3,92,96,32,aa,78,53,97,ad,b9,e1,94,e9,c8,4b,de,e5,2d,f8,9c,cc,c0,d1,ea,\
"rkeysecu"=hex:2d,6e,a1,56,bd,a5,86,46,4c,12,2b,d4,6f,8c,5a,b0

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\MPR.dll
.
Completion time: 2011-02-05 20:21:09
ComboFix-quarantined-files.txt 2011-02-05 19:21

Pre-Run: 293 015 379 968 bytes free
Post-Run: 293 001 359 360 bytes free

- - End Of File - - FEB37C0DA66C9BDD0507C51E1FB3696E

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\documents and settings\owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
c:\docume~1\owner\LOCALS~1\Temp\XTM.exe

Driver::
XTM

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Vykonané. Čo dalej ?

ComboFix 11-01-31.01 - owner 06.02.2011 11:51:14.4.8 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2038.1551 [GMT 1:00]
Running from: c:\documents and settings\owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\owner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -

file zipped: c:\documents and settings\owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-06 to 2011-02-06 )))))))))))))))))))))))))))))))
.

2011-02-05 19:07 . 2011-02-05 19:09 -------- d-----w- c:\program files\ScreenParts
2011-02-02 12:08 . 2011-02-02 12:08 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\FalloutNV
2011-01-30 20:42 . 2011-01-30 20:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací
2011-01-30 20:41 . 2011-01-30 20:41 -------- d-----w- c:\documents and settings\owner\Application Data\TuneUp Software
2011-01-30 20:41 . 2011-01-30 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2011-01-30 20:40 . 2011-01-30 20:40 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-01-30 20:16 . 2004-08-03 22:56 218624 ----a-w- c:\windows\system32\uxtheme.dll.backup
2011-01-30 20:13 . 2011-01-30 20:13 -------- d-----w- c:\documents and settings\owner\Application Data\SUPERAntiSpyware.com
2011-01-30 20:13 . 2011-01-30 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-30 20:13 . 2011-01-30 20:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-25 22:42 . 2011-01-25 22:42 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-01-18 12:39 . 2011-01-16 18:55 162816 ----a-w- c:\windows\system32\fmod.dll
2011-01-17 16:52 . 2011-01-17 16:52 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\bizarre creations
2011-01-16 16:42 . 2011-01-16 16:42 -------- d-----w- c:\documents and settings\owner\Application Data\BlackBean
2011-01-15 15:18 . 2011-01-15 15:18 -------- d-----w- c:\documents and settings\owner\Application Data\Leadertech
2011-01-15 15:13 . 2011-02-01 12:42 -------- d-----w- c:\program files\EA Sports
2011-01-15 14:05 . 2011-01-15 14:05 -------- d-----w- c:\program files\BlackBeanGames
2011-01-15 13:26 . 2011-01-15 13:26 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-01-15 13:26 . 2011-01-15 13:26 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-01-15 13:23 . 2011-01-15 13:23 -------- d-----w- c:\program files\Deep Silver
2011-01-14 18:27 . 2011-01-14 18:27 -------- d-----w- c:\program files\FlashGet Network
2011-01-14 18:21 . 2009-03-24 11:52 614992 ----a-w- c:\windows\system32\comctl32.ocx
2011-01-14 18:21 . 2009-03-24 11:52 218432 ----a-w- c:\windows\system32\RICHTX32.OCX
2011-01-14 18:21 . 2007-08-15 11:09 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2011-01-14 18:21 . 2011-01-17 15:46 -------- d-----w- c:\program files\Smarty Uninstaller Pro
2011-01-14 18:21 . 2007-08-15 11:09 167683 ----a-w- c:\windows\system32\COMCT232.OCX
2011-01-14 18:20 . 2011-01-14 18:40 -------- d-----w- c:\documents and settings\owner\Application Data\BITS
2011-01-14 18:20 . 2011-01-14 18:20 -------- d-----w- c:\documents and settings\owner\Application Data\FlashGet
2011-01-14 18:03 . 2011-01-14 18:04 -------- d-sh--w- c:\documents and settings\owner\Local Settings\Application Data\.#
2011-01-14 16:44 . 2011-01-14 16:47 -------- d-----w- c:\program files\FileHippo.com
2011-01-14 13:24 . 2011-01-14 15:04 -------- d-----w- c:\documents and settings\owner\Application Data\skypePM
2011-01-14 12:49 . 2011-01-17 15:45 -------- d-----w- c:\documents and settings\owner\Application Data\Skype
2011-01-14 12:49 . 2011-01-17 15:45 -------- d-----r- c:\program files\Skype
2011-01-14 12:49 . 2011-01-14 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-01-13 19:37 . 2011-01-13 19:37 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-01-13 19:28 . 2011-01-14 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2011-01-13 19:28 . 2011-01-13 19:28 -------- d-----w- c:\documents and settings\owner\Application Data\iolo
2011-01-12 18:51 . 2011-01-12 18:51 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Xilisoft
2011-01-12 18:50 . 2011-01-14 18:47 -------- d-----w- c:\documents and settings\owner\Application Data\Xilisoft
2011-01-12 18:14 . 2011-01-12 18:38 -------- d-----w- C:\Download
2011-01-12 18:13 . 2011-01-12 18:30 -------- d-----w- C:\tmpDownload
2011-01-12 12:31 . 2011-01-12 12:31 -------- d-----w- c:\documents and settings\owner\Application Data\Quest3D
2011-01-12 12:31 . 2011-01-12 12:31 -------- d-----w- c:\documents and settings\owner\Application Data\Roaming
2011-01-12 12:23 . 2011-01-12 12:23 -------- d-----w- c:\program files\Paradox Interactive
2011-01-11 15:27 . 2011-01-30 20:52 -------- d-----w- C:\Fraps

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-30 20:16 . 2004-08-03 22:56 218624 ----a-w- c:\windows\system32\uxtheme.dll
2011-01-13 08:47 . 2010-12-05 17:01 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-12-05 17:01 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-12-05 17:02 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-12-05 17:01 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-12-05 17:01 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-12-05 17:01 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-12-05 17:02 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-12-05 17:01 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-12-05 17:02 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-12 17:53 . 2010-12-27 09:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2010-12-27 09:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-02-05_19.19.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-06 10:27 . 2011-02-06 10:27 16384 c:\windows\Temp\Perflib_Perfdata_8ec.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2424560]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-12 11:34 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-11-14 12:35 305064 ----a-r- c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Saints Row 2\\SR2_pc.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Activision\\Blur(TM)\\Blur.exe"=
"c:\\Program Files\\Left 4 Dead 2\\left4dead2.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Activision\\Prototype\\prototypef.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\Launcher.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\NFS11.exe"=
"c:\\Program Files\\Deep Silver\\Nail'd\\Naild_x86.exe"=
"c:\\Program Files\\EA Sports\\FIFA 11\\Game\\fifa.exe"=
"c:\\Program Files\\Activision\\James Bond 007(TM) - Blood Stone\\Bond.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [9. 6. 2010 20:29 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [9. 6. 2010 20:29 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10. 10. 2010 10:21 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5. 12. 2010 18:02 294608]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17. 2. 2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10. 5. 2010 19:41 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5. 12. 2010 18:02 17744]
R2 FAH-01;Folding Service #01;c:\program files\Folding@Home #01\Folding@Home #01\FAH-Console.exe [30. 6. 2008 19:38 253952]
R2 FAH-02;Folding Service #02;c:\program files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [30. 6. 2008 19:38 253952]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
S3 XTM;XTM;c:\docume~1\owner\LOCALS~1\Temp\XTM.exe --> c:\docume~1\owner\LOCALS~1\Temp\XTM.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-01-24 10:30 451872 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stahnou vse FlashGet3 - c:\documents and settings\owner\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Stahnout FlashGet3 - c:\documents and settings\owner\Application Data\FlashGetBHO\GetUrl.htm
IE: ????3?? - c:\documents and settings\owner\Application Data\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\owner\Application Data\FlashGetBHO\GetAllUrl.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-06 11:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2025429265-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\owner\\Application Data\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-2025429265-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\owner\\Application Data\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3

[HKEY_USERS\S-1-5-21-2025429265-1659004503-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3B3CD5C3-4E09-89B3-E236-305DCE356F6C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2025429265-1659004503-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:7d,f1,5a,d0,13,3b,5f,0d,a8,25,8d,5e,83,66,8a,95,8d,a4,c5,71,72,
a0,b3,92,96,32,aa,78,53,97,ad,b9,e1,94,e9,c8,4b,de,e5,2d,f8,9c,cc,c0,d1,ea,\
"rkeysecu"=hex:2d,6e,a1,56,bd,a5,86,46,4c,12,2b,d4,6f,8c,5a,b0

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2011-02-06 11:54:10
ComboFix-quarantined-files.txt 2011-02-06 10:54
ComboFix2.txt 2011-02-05 19:21

Pre-Run: 292 691 795 968 bytes free
Post-Run: 292 676 587 520 bytes free

- - End Of File - - 24D40C4F54986F9F03D7765DCF7C59C4

Stáhněte nový ComboFix, ten váš má již prošlou expiraci a spusťte jej tímto skriptem:

Collect::
c:\docume~1\owner\LOCALS~1\Temp\XTM.exe

Driver::
XTM

Vypísalo mi tam po tom stage ked dokončilo niečo že warning !!! a niečo reboot manualy neviem neskoro som prišiel pri počítač,reštarovalo ho pri načítavani windowsu sa seklo tak som ho reštartol znova i išiel

ComboFix 11-01-31.02 - owner 06.02.2011 16:13:15.5.8 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2038.1511 [GMT 1:00]
Running from: c:\documents and settings\owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\owner\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XTM
-------\Service_XTM

((((((((((((((((((((((((( Files Created from 2011-01-06 to 2011-02-06 )))))))))))))))))))))))))))))))
.

2011-02-05 19:07 . 2011-02-05 19:09 -------- d-----w- c:\program files\ScreenParts
2011-02-02 12:08 . 2011-02-02 12:08 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\FalloutNV
2011-01-30 20:42 . 2011-01-30 20:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací
2011-01-30 20:41 . 2011-01-30 20:41 -------- d-----w- c:\documents and settings\owner\Application Data\TuneUp Software
2011-01-30 20:41 . 2011-01-30 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2011-01-30 20:40 . 2011-01-30 20:40 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-01-30 20:16 . 2004-08-03 22:56 218624 ----a-w- c:\windows\system32\uxtheme.dll.backup
2011-01-30 20:13 . 2011-01-30 20:13 -------- d-----w- c:\documents and settings\owner\Application Data\SUPERAntiSpyware.com
2011-01-30 20:13 . 2011-01-30 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-30 20:13 . 2011-01-30 20:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-25 22:42 . 2011-01-25 22:42 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-01-18 12:39 . 2011-01-16 18:55 162816 ----a-w- c:\windows\system32\fmod.dll
2011-01-17 16:52 . 2011-01-17 16:52 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\bizarre creations
2011-01-16 16:42 . 2011-01-16 16:42 -------- d-----w- c:\documents and settings\owner\Application Data\BlackBean
2011-01-15 15:18 . 2011-01-15 15:18 -------- d-----w- c:\documents and settings\owner\Application Data\Leadertech
2011-01-15 15:13 . 2011-02-01 12:42 -------- d-----w- c:\program files\EA Sports
2011-01-15 14:05 . 2011-01-15 14:05 -------- d-----w- c:\program files\BlackBeanGames
2011-01-15 13:26 . 2011-01-15 13:26 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-01-15 13:26 . 2011-01-15 13:26 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-01-15 13:23 . 2011-01-15 13:23 -------- d-----w- c:\program files\Deep Silver
2011-01-14 18:27 . 2011-01-14 18:27 -------- d-----w- c:\program files\FlashGet Network
2011-01-14 18:21 . 2009-03-24 11:52 614992 ----a-w- c:\windows\system32\comctl32.ocx
2011-01-14 18:21 . 2009-03-24 11:52 218432 ----a-w- c:\windows\system32\RICHTX32.OCX
2011-01-14 18:21 . 2007-08-15 11:09 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2011-01-14 18:21 . 2011-01-17 15:46 -------- d-----w- c:\program files\Smarty Uninstaller Pro
2011-01-14 18:21 . 2007-08-15 11:09 167683 ----a-w- c:\windows\system32\COMCT232.OCX
2011-01-14 18:20 . 2011-01-14 18:40 -------- d-----w- c:\documents and settings\owner\Application Data\BITS
2011-01-14 18:20 . 2011-01-14 18:20 -------- d-----w- c:\documents and settings\owner\Application Data\FlashGet
2011-01-14 18:03 . 2011-01-14 18:04 -------- d-sh--w- c:\documents and settings\owner\Local Settings\Application Data\.#
2011-01-14 16:44 . 2011-01-14 16:47 -------- d-----w- c:\program files\FileHippo.com
2011-01-14 13:24 . 2011-01-14 15:04 -------- d-----w- c:\documents and settings\owner\Application Data\skypePM
2011-01-14 12:49 . 2011-01-17 15:45 -------- d-----w- c:\documents and settings\owner\Application Data\Skype
2011-01-14 12:49 . 2011-01-17 15:45 -------- d-----r- c:\program files\Skype
2011-01-14 12:49 . 2011-01-14 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-01-13 19:37 . 2011-01-13 19:37 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-01-13 19:28 . 2011-01-14 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2011-01-13 19:28 . 2011-01-13 19:28 -------- d-----w- c:\documents and settings\owner\Application Data\iolo
2011-01-12 18:51 . 2011-01-12 18:51 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Xilisoft
2011-01-12 18:50 . 2011-01-14 18:47 -------- d-----w- c:\documents and settings\owner\Application Data\Xilisoft
2011-01-12 18:14 . 2011-01-12 18:38 -------- d-----w- C:\Download
2011-01-12 18:13 . 2011-01-12 18:30 -------- d-----w- C:\tmpDownload
2011-01-12 12:31 . 2011-01-12 12:31 -------- d-----w- c:\documents and settings\owner\Application Data\Quest3D
2011-01-12 12:31 . 2011-01-12 12:31 -------- d-----w- c:\documents and settings\owner\Application Data\Roaming
2011-01-12 12:23 . 2011-01-12 12:23 -------- d-----w- c:\program files\Paradox Interactive
2011-01-11 15:27 . 2011-01-30 20:52 -------- d-----w- C:\Fraps

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-06 13:06 . 2010-06-17 11:44 107888 -c--a-w- c:\windows\system32\CmdLineExt.dll
2011-01-30 20:16 . 2004-08-03 22:56 218624 ----a-w- c:\windows\system32\uxtheme.dll
2011-01-13 08:47 . 2010-12-05 17:01 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-12-05 17:01 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-12-05 17:02 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-12-05 17:01 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-12-05 17:01 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-12-05 17:01 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-12-05 17:02 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-12-05 17:01 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-12-05 17:02 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-12 17:53 . 2010-12-27 09:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2010-12-27 09:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2424560]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-12 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-12 11:34 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-11-14 12:35 305064 ----a-r- c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Codemasters\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Saints Row 2\\SR2_pc.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Activision\\Blur(TM)\\Blur.exe"=
"c:\\Program Files\\Left 4 Dead 2\\left4dead2.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Activision\\Prototype\\prototypef.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\Launcher.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\NFS11.exe"=
"c:\\Program Files\\Deep Silver\\Nail'd\\Naild_x86.exe"=
"c:\\Program Files\\EA Sports\\FIFA 11\\Game\\fifa.exe"=
"c:\\Program Files\\Activision\\James Bond 007(TM) - Blood Stone\\Bond.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [9. 6. 2010 20:29 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [9. 6. 2010 20:29 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10. 10. 2010 10:21 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5. 12. 2010 18:02 294608]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17. 2. 2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10. 5. 2010 19:41 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5. 12. 2010 18:02 17744]
R2 FAH-01;Folding Service #01;c:\program files\Folding@Home #01\Folding@Home #01\FAH-Console.exe [30. 6. 2008 19:38 253952]
R2 FAH-02;Folding Service #02;c:\program files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [30. 6. 2008 19:38 253952]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-01-24 10:30 451872 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stahnou vse FlashGet3 - c:\documents and settings\owner\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Stahnout FlashGet3 - c:\documents and settings\owner\Application Data\FlashGetBHO\GetUrl.htm
IE: ????3?? - c:\documents and settings\owner\Application Data\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\owner\Application Data\FlashGetBHO\GetAllUrl.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-06 16:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2025429265-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\owner\\Application Data\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-2025429265-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\owner\\Application Data\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3

[HKEY_USERS\S-1-5-21-2025429265-1659004503-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3B3CD5C3-4E09-89B3-E236-305DCE356F6C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2025429265-1659004503-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:7d,f1,5a,d0,13,3b,5f,0d,a8,25,8d,5e,83,66,8a,95,8d,a4,c5,71,72,
a0,b3,92,96,32,aa,78,53,97,ad,b9,e1,94,e9,c8,4b,de,e5,2d,f8,9c,cc,c0,d1,ea,\
"rkeysecu"=hex:2d,6e,a1,56,bd,a5,86,46,4c,12,2b,d4,6f,8c,5a,b0

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(1948)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\program files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Opera\Opera.exe
.
**************************************************************************
.
Completion time: 2011-02-06 16:24:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-06 15:24
ComboFix2.txt 2011-02-06 10:54

Pre-Run: 304 125 472 768 bytes free
Post-Run: 304 119 394 304 bytes free

- - End Of File - - 743E7AF026943B9200E72B828AB05ACD

Smazáno, log již vypadá čistý. Nastala nějaká změna?

No explorer už nepadá, takže áno. Dakujem za čas a rady

Nemáte zač!

VIRY.CZ

Windows explorer

Windows explorer

Re: Windows explorer

Re: Windows explorer

Re: Windows explorer

Re: Windows explorer

Re: Windows explorer

Re: Windows explorer

Re: Windows explorer

Re: Windows explorer

Re: Windows explorer

Re: Windows explorer