VIRY.CZ

Dobry den . Dostal som facebookovy virus. http://www.viry.cz/forum/viewtopic.php?f=13&t=113441
toto som si precital , stiahol som si ten RSIT a ked to spustim , tak mi to vypisuje : Line 8055 (File"C:\Dokuments and Settings\Jakub Jahic\Desktop\RSIT.exe"): Error : Variable used without being declared.
mam windows XP . Skusal som si aj pomocou malware fighter robit kontroly naslo mi to 5 virusov , vsetkych som dal opravit . Stale ten virus mam , nereaguje mi ten antivirus moj a ani fb.

Zdravim
Nestahovat ziaden program, ziaden fihgter a podobne veci, rob co len piseme
Pouzi tnto navod od bodu 3 3:Odstránime ,nastavenie miestnej siete(LAN).az po AVPTOOL, AVPTOOL nerob.
http://virusstell.blogspot.com/2011/07/ ... t-vir.html
logy vkladaj sem do fora.

dali ste mi asi zly link . nereaguje mi to

Tak spravil som vsetky kroky .. dufam , ze spravne .. mam len vypisy od Rkillera .. lebo malwarebytes sa mi vymazal ked som dal obnovu systemu
RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Jakub Jahic [Admin rights]
Mode: Scan -- Date : 07/24/2011 14:57:53

Bad processes: 0

Registry Entries: 3
[SUSP PATH] HKLM\[...]\Run : systemup ("C:\WINDOWS\systemup.exe" stand) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Jakub Jahic [Admin rights]
Mode: Remove -- Date : 07/24/2011 15:06:09

Bad processes: 0

Registry Entries: 3
[SUSP PATH] HKLM\[...]\Run : systemup ("C:\WINDOWS\systemup.exe" stand) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]


Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Jakub Jahic [Admin rights]
Mode: HOSTSFix -- Date : 07/24/2011 15:07:52

Bad processes: 0

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Jakub Jahic [Admin rights]
Mode: ProxyFix -- Date : 07/24/2011 15:08:37

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Jakub Jahic [Admin rights]
Mode: DNSFix -- Date : 07/24/2011 15:09:09

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

robil som asi aj to AVP TOOL ... som na to zabudol , ze ste mi napisali , ze to nemam robit.. ;(

Avptool, ok,

ked som dal obnovu systemu

A preco si obnovoval system??, kde to je pisane??
Obnovy systemu trebalo vypnut a po restrte zapnut, treba citat pozorne co pisem.
No nic spust combofix
PROSIM CITAJTE POZORNE NAVOD!!!,

Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.

ComboFix 11-07-23.04 - Jakub Jahic 24.07.2011 16:27:00.1.2 - x86
Running from: c:\documents and settings\Jakub Jahic\Desktop\hicoŔo.com.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jakub Jahic\Application Data\facemoods.com
c:\documents and settings\Jakub Jahic\Application Data\facemoods.com\facemoods\us\20101003\kywrds.tat
c:\documents and settings\Jakub Jahic\Application Data\facemoods.com\facemoods\us\20101003\kywrds.ttr
c:\documents and settings\Jakub Jahic\Application Data\Jakub Jahic3SQLite3.dll
c:\documents and settings\Jakub Jahic\Application Data\Jakub Jahiclog.dat
c:\documents and settings\Jakub Jahic\Application Data\PriceGong
c:\documents and settings\Jakub Jahic\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Jakub Jahic\WINDOWS
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\rpcminer.rar
c:\windows\services32.exe
c:\windows\system32\_000003_.tmp.dll
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000015_.tmp.dll
c:\windows\system32\_000025_.tmp.dll
c:\windows\system32\_000026_.tmp.dll
c:\windows\system32\_000027_.tmp.dll
c:\windows\system32\_000028_.tmp.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\install
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.5.0
c:\windows\update.tray-7-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
.
.
((((((((((((((((((((((((( Files Created from 2011-06-24 to 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-24 13:54 . 2011-07-24 14:00 -------- d-----w- c:\windows\LastGood.Tmp
2011-07-24 13:19 . 2011-07-24 13:19 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-24 13:19 . 2011-07-24 13:19 -------- d-----w- c:\windows\rpcminer
2011-07-24 11:34 . 2011-07-24 11:34 -------- d-----w- C:\rsit
2011-07-23 22:53 . 2011-07-23 22:53 -------- d-----w- c:\documents and settings\Jakub Jahic\AppData
2011-07-23 22:53 . 2011-07-23 22:53 -------- d-----w- c:\documents and settings\Jakub Jahic\Application Data\imeshbandmltbpi
2011-07-23 19:40 . 2011-07-23 19:40 -------- d-----w- C:\Temp
2011-07-23 19:35 . 2011-07-23 19:35 -------- d-----w- c:\windows\ufa
2011-07-23 19:35 . 2011-07-23 19:35 -------- d-----w- c:\windows\phoenix
2011-07-23 19:32 . 2011-07-23 19:35 246272 ----a-w- c:\windows\unrar.exe
2011-07-23 19:27 . 2011-07-23 19:27 -------- d-----w- c:\windows\av_ico
2011-07-23 19:26 . 2011-07-24 14:30 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-23 19:26 . 2011-07-23 19:26 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-15 13:47 . 2011-05-30 13:42 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-07-15 13:47 . 2011-05-23 07:49 143872 ----a-w- c:\windows\system32\xvid.ax
2011-07-15 13:47 . 2011-05-23 07:46 645632 ----a-w- c:\windows\system32\xvidcore.dll
2011-07-15 13:47 . 2011-07-15 13:47 -------- d-----w- c:\program files\Xvid
2011-07-15 12:52 . 2011-07-15 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2011-07-15 12:02 . 2011-07-23 22:59 -------- d-----w- c:\documents and settings\Jakub Jahic\Application Data\mediabarim
2011-07-15 12:01 . 2011-07-15 12:02 -------- d-----w- c:\program files\iMesh Applications
2011-07-15 12:01 . 2011-07-15 12:01 -------- d-----w- c:\documents and settings\All Users\Application Data\iMesh
2011-07-15 12:01 . 2011-07-15 12:03 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{0ACE0403-C75D-488C-A403-7A57E9848B62}
2011-07-05 19:56 . 2004-06-25 18:05 7110656 ----a-w- c:\program files\Microsoft Games\Age of Mythology\aomx.exe
2011-07-05 15:23 . 2011-07-05 15:23 -------- d-----w- c:\documents and settings\All Users\Microsoft
2011-07-05 15:21 . 2011-07-05 15:21 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-07-05 10:01 . 2011-07-05 10:01 -------- d-----w- c:\windows\system32\winrm
2011-07-05 10:01 . 2011-07-05 10:01 -------- d-----w- c:\windows\system32\GroupPolicy
2011-07-05 10:01 . 2011-07-05 10:01 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-07-05 09:40 . 2011-07-05 09:40 -------- d-----w- c:\documents and settings\Jakub Jahic\Application Data\Search Settings
2011-07-05 09:40 . 2011-07-05 09:40 -------- d-----w- c:\program files\IObit Toolbar
2011-07-05 09:40 . 2011-07-05 09:40 -------- d-----w- c:\program files\Common Files\Spigot
2011-07-05 09:40 . 2011-07-05 09:40 -------- d-----w- c:\program files\Application Updater
2011-07-05 09:39 . 2011-02-23 14:54 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-07-05 09:39 . 2011-02-23 15:04 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-07-05 09:39 . 2011-07-05 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-07-05 09:38 . 2011-07-23 22:53 -------- d-----w- c:\documents and settings\Jakub Jahic\Application Data\IObit
2011-07-05 09:38 . 2011-07-05 09:39 -------- d-----w- c:\program files\IObit
2011-07-02 15:35 . 2011-07-02 15:35 -------- d-----w- c:\program files\Common Files\Java
2011-06-30 20:01 . 2010-12-25 16:30 8276752 ----a-w- c:\program files\Microsoft Games\Age of Mythology\aom10to110.exe
2011-06-27 00:21 . 2011-06-27 00:21 -------- d-----w- c:\program files\Movie Subtitles Searcher
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-30 19:42 . 2010-05-10 19:40 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 02:52 . 2010-07-05 11:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2011-04-13 13:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2009-09-11 19:58 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 14:47 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 14:47 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 14:47 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{50b44494-b902-41f0-97fb-c2f2c0fbf910}"= "c:\program files\Torrents-Search-Engine\tbTorr.dll" [2009-11-09 2331672]
"{65496b53-c8ab-4086-8eb5-47360d8fbf6c}"= "c:\program files\Torrents-Search-Engine-world\tbTorr.dll" [2009-11-09 2331672]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2009-09-23 2261016]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\prxtbTog0.dll" [2011-01-17 175912]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{50b44494-b902-41f0-97fb-c2f2c0fbf910}]
.
[HKEY_CLASSES_ROOT\clsid\{65496b53-c8ab-4086-8eb5-47360d8fbf6c}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ToggleEN\prxtbTog0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 15:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
2011-05-30 13:35 89008 ----a-w- c:\progra~1\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2009-09-23 10:50 2261016 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2011-06-01 17:17 1236360 ----a-w- c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50b44494-b902-41f0-97fb-c2f2c0fbf910}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\Torrents-Search-Engine\tbTorr.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65496b53-c8ab-4086-8eb5-47360d8fbf6c}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\Torrents-Search-Engine-world\tbTorr.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic_English\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
"{50b44494-b902-41f0-97fb-c2f2c0fbf910}"= "c:\program files\Torrents-Search-Engine\tbTorr.dll" [2009-11-09 2331672]
"{65496b53-c8ab-4086-8eb5-47360d8fbf6c}"= "c:\program files\Torrents-Search-Engine-world\tbTorr.dll" [2009-11-09 2331672]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2009-09-23 2261016]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\prxtbTog0.dll" [2011-01-17 175912]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\prxtbSof0.dll" [2011-01-17 175912]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~1\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll" [2011-05-30 89008]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{50b44494-b902-41f0-97fb-c2f2c0fbf910}]
.
[HKEY_CLASSES_ROOT\clsid\{65496b53-c8ab-4086-8eb5-47360d8fbf6c}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{50B44494-B902-41F0-97FB-C2F2C0FBF910}"= "c:\program files\Torrents-Search-Engine\tbTorr.dll" [2009-11-09 2331672]
"{65496B53-C8AB-4086-8EB5-47360D8FBF6C}"= "c:\program files\Torrents-Search-Engine-world\tbTorr.dll" [2009-11-09 2331672]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2009-09-23 2261016]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\prxtbTog0.dll" [2011-01-17 175912]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{50b44494-b902-41f0-97fb-c2f2c0fbf910}]
.
[HKEY_CLASSES_ROOT\clsid\{65496b53-c8ab-4086-8eb5-47360d8fbf6c}]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" [2010-11-07 286720]
.
c:\documents and settings\Jakub Jahic\Start Menu\Programs\Startup\
_uninst_93146139.lnk - c:\documents and settings\Jakub Jahic\Local Settings\Temp\_uninst_93146139.bat [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jakub Jahic^Start Menu^Programs^Startup^GameRanger.lnk]
path=c:\documents and settings\Jakub Jahic\Start Menu\Programs\Startup\GameRanger.lnk
backup=c:\windows\pss\GameRanger.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jakub Jahic^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Jakub Jahic\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cFosSpeed]
2010-09-22 15:34 936152 ----a-r- c:\program files\cFosSpeed\cfosspeed.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeathAdder]
2009-12-15 17:35 244224 ----a-w- c:\program files\Razer\DeathAdder\razerhid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESL Wire]
2010-10-20 08:25 7677440 ----a-w- c:\program files\EslWire\wire.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-04-28 19:25 119608 ----a-w- c:\program files\ICQ7.4\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-01-07 18:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-07-03 08:51 16876032 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-02-19 00:46 2633976 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\Jakub Jahic\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\EslWire\\wire.exe"=
"c:\\Program Files\\EA Sports\\FIFA 11\\Game\\fifa.exe"=
"c:\\Documents and Settings\\Jakub Jahic\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2011 Russian\\fm.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Steam\\steamapps\\5tr45n3\\counter-strike\\hl.exe"=
"c:\\Program Files\\Gomoku\\Gomoku.exe"=
"c:\\Documents and Settings\\Jakub Jahic\\Desktop\\mirc.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\kopy\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\kandynko\\counter-strike\\hl.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\iMesh Applications\\MediaBar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\Program Files\\Steam\\steamapps\\hluper\\counter-strike\\hl.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7795:TCP"= 7795:TCP:jafgwhwu
"94:TCP"= 94:TCP:VRS Recording System TCP/IP Port
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [2011-04-27 239472]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys [2011-03-22 30368]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys [2011-03-22 16080]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2009-12-21 1511936]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2008-04-14 14336]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 13496]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-11 691696]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-06-24 393112]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2010-10-20 841912]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-06-01 821080]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2009-04-21 11136]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-11-11 100456]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2010-04-12 131152]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2010-04-12 91216]
S3 VIACRX86;VIACRX86;c:\windows\system32\DRIVERS\viacr.sys [2008-06-10 59264]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
mrykojmd
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-24 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-07-05 12:46]
.
2011-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-838170752-839522115-1004Core.job
- c:\documents and settings\Jakub Jahic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-18 14:35]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-838170752-839522115-1004UA.job
- c:\documents and settings\Jakub Jahic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-18 14:35]
.
2011-07-24 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-07-05 18:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.imesh.com/
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=393&systemid=1&q={searchTerms}
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
Toolbar-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
Toolbar-{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - (no file)
Toolbar-10 - (no file)
HKLM-Run-Cm108Sound - cm108.cpl
HKLM-Run-wxpdrv - c:\windows\services32.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - c:\windows\update.tray-7-0\svchost.exe
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-sysdriver32.exe - c:\windows\sysdriver32.exe
HKLM-Run-systemup - c:\windows\systemup.exe
MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
MSConfigStartUp-Raptr - c:\progra~1\Raptr\raptrstub.exe
MSConfigStartUp-RayV - c:\program files\RayV\RayV\RayV.exe
MSConfigStartUp-RegDoctor - c:\program files\RegDoctor\RegDoctor.exe
AddRemove-avast! - c:\program files\Alwil Software\Avast4\aswRunDll.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-24 16:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3580)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\hicoc:\WINDOWS\system32\RUNDLL32.EXE
c:\windows\system32\RunDll32.exe
c:\progra~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
c:\program files\cFosSpeed\spd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2011-07-24 16:35:03 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-24 14:35
.
Pre-Run: 93 473 873 920 bytes free
Post-Run: 93 427 802 112 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=AlwaysOff /fastdetect /usepmtimer
.
- - End Of File - - 51D6E874C2FF7AFC40742E5A10244E3F

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex: Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log čo ComboFix vytvorí

text bol moc velky , tak som to uploadol : http://www.sendspace.com/file/874xlk

Mas tam AVAST aj Komlpet Nortona, takze AVAST daj prec>.odinstalovat.
Vycistit pc CCleanerom
Vypnut obnovu systemu, restart a zapnut spat, navod mas v mojom blogu, takze nie ze znova miesto vypnutia, obnovis system

Odinstaluj combofix>.do start spustit vloz tento prikaz
combofix /uninstall
a to je vsetko.

v programe pridat nebo odebrat programy tam avast nemam.. a nemam ho ani v program files... teda neviem ako ho mam vymazat

Pouzi od-instalator
http://www.avast.com/cs-cz/uninstall-utility

ked som odinstaloval avast tak som vypol obnovu systemu restartol a zapol s5.. potom som daj combofix / uninstall a vypisalo mi toto
ComboFix 11-07-23.04 - Jakub Jahic 24.07.2011 18:42:58.4.2 - x86
Running from: c:\documents and settings\Jakub Jahic\Desktop\hicoŔo.com.exe
Command switches used :: / uninstall
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-06-24 to 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-24 15:31 . 2011-07-24 15:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-24 13:19 . 2011-07-24 13:19 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-24 11:34 . 2011-07-24 11:34 -------- d-----w- C:\rsit
2011-07-23 22:53 . 2011-07-23 22:53 -------- d-----w- c:\documents and settings\Jakub Jahic\AppData
2011-07-23 19:40 . 2011-07-23 19:40 -------- d-----w- C:\Temp
2011-07-15 13:47 . 2011-05-30 13:42 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-07-15 13:47 . 2011-05-23 07:49 143872 ----a-w- c:\windows\system32\xvid.ax
2011-07-15 13:47 . 2011-05-23 07:46 645632 ----a-w- c:\windows\system32\xvidcore.dll
2011-07-15 13:47 . 2011-07-15 13:47 -------- d-----w- c:\program files\Xvid
2011-07-15 12:52 . 2011-07-15 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2011-07-15 12:02 . 2011-07-23 22:59 -------- d-----w- c:\documents and settings\Jakub Jahic\Application Data\mediabarim
2011-07-15 12:01 . 2011-07-15 12:03 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{0ACE0403-C75D-488C-A403-7A57E9848B62}
2011-07-05 19:56 . 2004-06-25 18:05 7110656 ----a-w- c:\program files\Microsoft Games\Age of Mythology\aomx.exe
2011-07-05 15:23 . 2011-07-05 15:23 -------- d-----w- c:\documents and settings\All Users\Microsoft
2011-07-05 15:21 . 2011-07-05 15:21 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-07-05 10:01 . 2011-07-05 10:01 -------- d-----w- c:\windows\system32\winrm
2011-07-05 10:01 . 2011-07-05 10:01 -------- d-----w- c:\windows\system32\GroupPolicy
2011-07-05 10:01 . 2011-07-05 10:01 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-07-05 09:40 . 2011-07-05 09:40 -------- d-----w- c:\documents and settings\Jakub Jahic\Application Data\Search Settings
2011-07-05 09:39 . 2011-02-23 14:54 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-07-05 09:39 . 2011-02-23 15:04 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-07-02 15:35 . 2011-07-02 15:35 -------- d-----w- c:\program files\Common Files\Java
2011-06-30 20:01 . 2010-12-25 16:30 8276752 ----a-w- c:\program files\Microsoft Games\Age of Mythology\aom10to110.exe
2011-06-27 00:21 . 2011-06-27 00:21 -------- d-----w- c:\program files\Movie Subtitles Searcher
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-30 19:42 . 2010-05-10 19:40 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 02:52 . 2010-07-05 11:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2011-04-13 13:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2009-09-11 19:58 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-24_14.31.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-24 16:41 . 2011-07-24 16:41 16384 c:\windows\temp\Perflib_Perfdata_5a4.dat
- 2004-08-04 12:00 . 2011-07-24 14:33 92892 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2011-07-24 16:45 92892 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2011-07-24 14:33 514554 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2011-07-24 16:45 514554 c:\windows\system32\perfh009.dat
+ 2011-07-24 15:31 . 2011-07-24 15:31 243360 c:\windows\system32\Macromed\Flash\FlashUtil10u_Plugin.exe
+ 2011-07-24 10:53 . 2011-07-24 16:39 319488 c:\windows\system32\config\systemprofile\ntuser.dat
- 2011-07-24 10:53 . 2011-07-24 10:53 319488 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-18 03:21 . 2011-07-24 15:31 6271648 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{50b44494-b902-41f0-97fb-c2f2c0fbf910}"= "c:\program files\Torrents-Search-Engine\tbTorr.dll" [2009-11-09 2331672]
"{65496b53-c8ab-4086-8eb5-47360d8fbf6c}"= "c:\program files\Torrents-Search-Engine-world\tbTorr.dll" [2009-11-09 2331672]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2009-09-23 2261016]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\prxtbTog0.dll" [2011-01-17 175912]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{50b44494-b902-41f0-97fb-c2f2c0fbf910}]
.
[HKEY_CLASSES_ROOT\clsid\{65496b53-c8ab-4086-8eb5-47360d8fbf6c}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ToggleEN\prxtbTog0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2009-09-23 10:50 2261016 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50b44494-b902-41f0-97fb-c2f2c0fbf910}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\Torrents-Search-Engine\tbTorr.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65496b53-c8ab-4086-8eb5-47360d8fbf6c}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\Torrents-Search-Engine-world\tbTorr.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic_English\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{50b44494-b902-41f0-97fb-c2f2c0fbf910}"= "c:\program files\Torrents-Search-Engine\tbTorr.dll" [2009-11-09 2331672]
"{65496b53-c8ab-4086-8eb5-47360d8fbf6c}"= "c:\program files\Torrents-Search-Engine-world\tbTorr.dll" [2009-11-09 2331672]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2009-09-23 2261016]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\prxtbTog0.dll" [2011-01-17 175912]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{50b44494-b902-41f0-97fb-c2f2c0fbf910}]
.
[HKEY_CLASSES_ROOT\clsid\{65496b53-c8ab-4086-8eb5-47360d8fbf6c}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{50B44494-B902-41F0-97FB-C2F2C0FBF910}"= "c:\program files\Torrents-Search-Engine\tbTorr.dll" [2009-11-09 2331672]
"{65496B53-C8AB-4086-8EB5-47360D8FBF6C}"= "c:\program files\Torrents-Search-Engine-world\tbTorr.dll" [2009-11-09 2331672]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2009-09-23 2261016]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\prxtbTog0.dll" [2011-01-17 175912]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{50b44494-b902-41f0-97fb-c2f2c0fbf910}]
.
[HKEY_CLASSES_ROOT\clsid\{65496b53-c8ab-4086-8eb5-47360d8fbf6c}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" [2010-11-07 286720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jakub Jahic^Start Menu^Programs^Startup^GameRanger.lnk]
path=c:\documents and settings\Jakub Jahic\Start Menu\Programs\Startup\GameRanger.lnk
backup=c:\windows\pss\GameRanger.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jakub Jahic^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Jakub Jahic\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cFosSpeed]
2010-09-22 15:34 936152 ----a-r- c:\program files\cFosSpeed\cfosspeed.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeathAdder]
2009-12-15 17:35 244224 ----a-w- c:\program files\Razer\DeathAdder\razerhid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESL Wire]
2010-10-20 08:25 7677440 ----a-w- c:\program files\EslWire\wire.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-04-28 19:25 119608 ----a-w- c:\program files\ICQ7.4\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-01-07 18:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-07-03 08:51 16876032 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\Jakub Jahic\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\EslWire\\wire.exe"=
"c:\\Program Files\\EA Sports\\FIFA 11\\Game\\fifa.exe"=
"c:\\Documents and Settings\\Jakub Jahic\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2011 Russian\\fm.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Steam\\steamapps\\5tr45n3\\counter-strike\\hl.exe"=
"c:\\Program Files\\Gomoku\\Gomoku.exe"=
"c:\\Documents and Settings\\Jakub Jahic\\Desktop\\mirc.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\kopy\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\kandynko\\counter-strike\\hl.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\steamapps\\hluper\\counter-strike\\hl.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"94:TCP"= 94:TCP:VRS Recording System TCP/IP Port
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2009-12-21 1511936]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2008-04-14 14336]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 13496]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-11 691696]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2010-10-20 841912]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2009-04-21 11136]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-11-11 100456]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2010-04-12 131152]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2010-04-12 91216]
S3 VIACRX86;VIACRX86;c:\windows\system32\DRIVERS\viacr.sys [2008-06-10 59264]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=393&systemid=1&q={searchTerms}
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-24 18:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2140)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2011-07-24 18:51:12
ComboFix-quarantined-files.txt 2011-07-24 16:51
ComboFix2.txt 2011-07-24 16:27
ComboFix3.txt 2011-07-24 15:12
ComboFix4.txt 2011-07-24 14:35
.
Pre-Run: 115 531 804 672 bytes free
Post-Run: 115 515 006 976 bytes free
.
- - End Of File - - 7907F02B9737F14217814CB6578F48A6

norton tiez nemam v program files ani nikde