Prosím o kontrolu logu (RSIT a MBAM)

[staso]

Dobrý večer.
Ospravedlňujem sa, že obťažujem v takomto čase (sviatky ...) ale vlastnou nepozornosťou som si nainštaloval trojana(-y) a neviem sa ho zbaviť.
Mám Win XP Prof a AV McAffee VirusScan Enterprise 8.5.0i (legálne), ktorý mi vyhadzuje Sirefef.f. PC je po štarte zatuhnuté cca 2 min. t.j. na nič nereaguje a občas preblikne obrazovka.

Log z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by %Admin!!! at 2011-12-29 23:05:33
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 51 GB (64%) free of 80 GB
Total RAM: 3327 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:05:49, on 29. 12. 2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
I:\Program Files\Tunngle\TnglCtrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe
U:\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\DAEMON Tools Pro\DTAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Documents and Settings\%Admin!!!\My Documents\Preberanie\RSIT.exe
C:\Program Files\trend micro\%Admin!!!.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SKDaemon.exe] C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "U:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Previesť cieľ odkazu do formátu Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Previesť do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Pridať cieľ odkazu do existujúceho súboru PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Pridať do existujúceho súboru PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6108206625
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
O23 - Service: TunngleService - Tunngle.net GmbH - I:\Program Files\Tunngle\TnglCtrl.exe

--
End of file - 8589 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-113007714-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-113007714-839522115-1003UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-113007714-839522115-1007Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-113007714-839522115-1007UA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{B8D6D3E1-4418-42F9-96BC-F153C157816B}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\%Admin!!!\Application Data\Mozilla\Firefox\Profiles\btnqq5xd.default

prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =937811&p="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=U:\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Nero.com/KM]
"Description"=
"Path"=C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5]
"Description"=WebTablet Plugin API
"Path"=C:\Program Files\TabletPlugins\npwacom.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npdjvu.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
yahoo.xml
zoznam-sk.xml

C:\Documents and Settings\%Admin!!!\Application Data\Mozilla\Firefox\Profiles\btnqq5xd.default\extensions\
{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll [2008-01-24 66880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2011-10-22 57224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2008-01-24 111952]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2007-10-25 136512]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-03-26 16859136]
"Six Engine"=C:\Program Files\ASUS\Six Engine\SixEngine.exe [2008-05-14 5958656]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-07-28 98304]
"SKDaemon.exe"=C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe [2010-03-02 253440]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe_ID0ENQBO"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2008-08-15 378224]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2011-07-05 421888]
"iTunesHelper"=U:\iTunes\iTunesHelper.exe [2011-08-19 421736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-05-04 252136]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-12-24 460872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTAgent.exe [2011-08-17 4527424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-07-28 188416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server"
"C:\Documents and Settings\Misko\Local Settings\Application Data\Skype\Phone\Skype.exe"="C:\Documents and Settings\Misko\Local Settings\Application Data\Skype\Phone\Skype.exe:*:Disabled:Skype "
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"U:\iTunes\iTunes.exe"="U:\iTunes\iTunes.exe:*:Enabled:iTunes"
"M:\Program Files\Metin2\metin2client.bin"="M:\Program Files\Metin2\metin2client.bin:*:Disabled:metin2client"
"I:\Program Files\Tunngle\TnglCtrl.exe"="I:\Program Files\Tunngle\TnglCtrl.exe:*:Enabled:Tunngle Service"
"I:\Program Files\Tunngle\Tunngle.exe"="I:\Program Files\Tunngle\Tunngle.exe:*:Enabled:Tunngle Client"
"M:\Program Files\THQ\Saints Row The Third\saintsrowthethird.exe"="M:\Program Files\THQ\Saints Row The Third\saintsrowthethird.exe:*:Enabled:Saints Row: the Third"
"C:\Program Files\Java\jre7\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre7\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\System32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"msacm.dvacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

======List of files/folders created in the last 1 month======

2011-12-29 23:05:34 ----D---- C:\Program Files\trend micro
2011-12-29 23:05:33 ----D---- C:\rsit
2011-12-29 20:06:02 ----D---- C:\Program Files\Ultimate Process Manager
2011-12-29 18:59:11 ----D---- C:\Program Files\CCleaner
2011-12-29 18:53:25 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2011-12-29 15:22:15 ----D---- C:\Documents and Settings\%Admin!!!\Application Data\Malwarebytes
2011-12-29 15:21:28 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-12-29 15:21:28 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-12-29 15:21:27 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-12-29 14:52:56 ----D---- C:\WINDOWS\pss
2011-12-29 12:39:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2447961_WM9L$
2011-12-29 12:38:29 ----D---- C:\WINDOWS\system32\appmgmt
2011-12-29 11:42:56 ----D---- C:\Documents and Settings\%Admin!!!\Application Data\VitySoft
2011-12-27 10:43:23 ----D---- C:\WINDOWS\Minidump
2011-12-24 15:10:58 ----D---- C:\Program Files\Genbox Family History
2011-12-24 14:58:59 ----D---- C:\WINDOWS\system32\windows media
2011-12-24 14:58:52 ----HD---- C:\WINDOWS\msdownld.tmp
2011-12-24 14:58:52 ----D---- C:\WINDOWS\RegisteredPackages
2011-12-24 14:58:46 ----D---- C:\Program Files\Windows Media Components
2011-12-24 14:58:35 ----D---- C:\Program Files\Microsoft WSE
2011-12-24 14:57:56 ----D---- C:\Program Files\Family Tree Maker 2010
2011-12-24 14:57:56 ----D---- C:\Program Files\BCL Technologies
2011-12-24 08:51:45 ----A---- C:\WINDOWS\Progs_.ini
2011-12-19 14:47:32 ----D---- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
2011-12-17 19:25:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2639417$
2011-12-17 19:25:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2624667$
2011-12-17 19:21:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2633952$
2011-12-17 19:21:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$
2011-12-17 19:21:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2618451$
2011-12-17 19:21:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$
2011-12-17 19:20:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2633171$
2011-12-11 00:33:03 ----RASH---- C:\BOOTSECT.BAK
2011-12-11 00:33:02 ----SHD---- C:\Boot
2011-12-11 00:33:02 ----H---- C:\Boot.BAK
2011-12-10 15:51:31 ----SHD---- C:\$RECYCLE.BIN
2011-12-04 00:10:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$
2011-12-04 00:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2641690$
2011-12-04 00:09:18 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2011-12-04 00:08:55 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2011-12-04 00:08:40 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2011-12-04 00:08:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2011-12-03 18:07:01 ----D---- C:\Program Files\SpeedFan

======List of files/folders modified in the last 1 month======

2011-12-29 23:05:34 ----RD---- C:\Program Files
2011-12-29 23:03:36 ----D---- C:\WINDOWS\system32
2011-12-29 23:03:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-12-29 23:01:54 ----D---- C:\WINDOWS\Temp
2011-12-29 22:55:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-12-29 22:42:57 ----D---- C:\QUARANTINE
2011-12-29 22:36:36 ----D---- C:\WINDOWS
2011-12-29 22:05:11 ----D---- C:\WINDOWS\system32\CatRoot2
2011-12-29 22:00:21 ----D---- C:\WINDOWS\system32\drivers
2011-12-29 20:06:13 ----D---- C:\WINDOWS\Prefetch
2011-12-29 20:02:51 ----D---- C:\WINDOWS\system32\Restore
2011-12-29 19:02:54 ----D---- C:\WINDOWS\Logs
2011-12-29 19:02:54 ----D---- C:\WINDOWS\Debug
2011-12-29 18:47:31 ----SHD---- C:\WINDOWS\CSC
2011-12-29 17:28:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2011-12-29 15:55:42 ----RSD---- C:\WINDOWS\assembly
2011-12-29 15:55:42 ----D---- C:\WINDOWS\Microsoft.NET
2011-12-29 15:36:32 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2011-12-29 15:35:21 ----SD---- C:\Documents and Settings\%Admin!!!\Application Data\Microsoft
2011-12-29 15:35:21 ----D---- C:\Documents and Settings\%Admin!!!\Application Data\Adobe
2011-12-29 15:22:58 ----SHD---- C:\WINDOWS\Installer
2011-12-29 15:22:49 ----D---- C:\Program Files\Java
2011-12-29 15:20:48 ----D---- C:\WINDOWS\system32\config
2011-12-29 14:57:54 ----RSH---- C:\boot.ini
2011-12-29 14:57:54 ----A---- C:\WINDOWS\win.ini
2011-12-29 14:57:54 ----A---- C:\WINDOWS\system.ini
2011-12-29 12:41:31 ----D---- C:\WINDOWS\WinSxS
2011-12-29 12:39:13 ----HD---- C:\WINDOWS\inf
2011-12-29 12:38:28 ----D---- C:\Program Files\Mozilla Firefox
2011-12-29 12:37:22 ----D---- C:\Program Files\Common Files
2011-12-27 20:57:03 ----A---- C:\WINDOWS\DUMPf164.tmp
2011-12-27 20:48:27 ----A---- C:\WINDOWS\DUMPf1d2.tmp
2011-12-27 20:46:24 ----A---- C:\WINDOWS\DUMP6c56.tmp
2011-12-27 20:44:34 ----A---- C:\WINDOWS\DUMP6fa2.tmp
2011-12-24 14:59:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-12-24 14:58:35 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2011-12-24 14:58:27 ----HD---- C:\Program Files\InstallShield Installation Information
2011-12-17 19:24:53 ----D---- C:\Program Files\Internet Explorer
2011-12-17 19:24:39 ----HD---- C:\WINDOWS\$hf_mig$
2011-12-17 19:23:19 ----A---- C:\WINDOWS\system32\MRT.exe
2011-12-11 00:33:02 ----RASH---- C:\Boot.ini.saved
2011-12-04 00:10:43 ----D---- C:\WINDOWS\system32\CatRoot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 mv61xx;mv61xx; C:\WINDOWS\system32\DRIVERS\mv61xx.sys [2008-05-19 150568]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2011-03-18 25240]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-11-23 232512]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2008-01-24 52104]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-07-28 7084544]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-03-26 4713472]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller; C:\WINDOWS\System32\DRIVERS\l1e51x86.sys [2008-02-02 36864]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2008-01-24 64232]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-01-24 72936]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-01-24 33960]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-01-24 171400]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\WINDOWS\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
R3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2010-10-25 14120]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\System32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2011-05-10 42496]
S3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-05-25 37664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-07-28 643072]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-07-12 387944]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2011-10-22 161664]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2007-10-25 103744]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe [2008-01-24 144704]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe [2008-01-24 54608]
R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2011-07-22 690472]
R2 TabletServiceWacom;TabletServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 4807536]
R2 TunngleService;TunngleService; I:\Program Files\Tunngle\TnglCtrl.exe [2011-10-14 745832]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-08-19 821096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-09-16 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------


a MBAM:
Malwarebytes Anti-Malware (Skúšobná verzia) 1.60.0.1800
http://www.malwarebytes.org

Verzia databázy: v2011.12.29.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
%Admin!!! :: CM [administrátor]

Ochrana: Zapnuté

29. 12. 2011 19:06:51
mbam-log-2011-12-29 (19-06-51).txt

Typ kontroly: Úplná kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 587445
Uplynutý čas: 2 hod, 50 min, 47 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 9
C:\Documents and Settings\Stano\Local Settings\Application Data\e45d775c\U\800000cf.$ (Backdoor.0Access) -> Pridanie do karantény a zmazanie úspešné.
M:\_Moje dokumenty\Preberanie\photoshop_CS4_keygen.exe (Trojan.Agent) -> Pridanie do karantény a zmazanie úspešné.
M:\System Volume Information\_restore{FD2460E5-A83C-4049-8FDB-03641054CD8B}\RP537\A0312680.exe (HackTool.GamesCheat.Gen) -> Pridanie do karantény a zmazanie úspešné.
S:\Image Win 7 ultimate+programs\windows 7 activator for all version tested work 100%\Windows 7 Activador.exe (Riskware.Tool.CK) -> Pridanie do karantény a zmazanie úspešné.
S:\SW\W7\Image Win 7 ultimate+programs\windows 7 activator for all version tested work 100%\Windows 7 Activador.exe (Riskware.Tool.CK) -> Pridanie do karantény a zmazanie úspešné.
Z:\zuzkin disk\Free Studio Manager 4.2.4.69\Data\Native\STUBEXE\@PROGRAMFILES@\Internet Explorer\iexplore.exe (Trojan.Agent) -> Pridanie do karantény a zmazanie úspešné.
Z:\zuzkin disk\Free Studio Manager 4.2.4.69\Data\Virtual\STUBEXE\@PROGRAMFILES@\DVDVideoSoft\Free Studio\Free YouTube to Mp3 Converter\FreeYouTubeToMP3Converter.exe (Trojan.Agent) -> Pridanie do karantény a zmazanie úspešné.
Z:\zuzkin disk\Free Studio Manager 4.2.4.69\Data\Virtual\STUBEXE\@PROGRAMFILESCOMMON@\DVDVideoSoft\FreeStudioManager.exe (Trojan.Agent) -> Pridanie do karantény a zmazanie úspešné.
Z:\zuzkin disk\Free Studio Manager 4.2.4.69\Data\Virtual\STUBEXE\@PROGRAMFILESCOMMON@\DVDVideoSoft\Dll\ffmpeg.exe (Trojan.Agent) -> Pridanie do karantény a zmazanie úspešné.

(koniec)

Dopredu ďakujem za akúkoľvek pomoc.

S pozdravom

Staso

[stell]

zdravim
1:Podla navodu spust TDSSKILLER, log vloz sem.
TDSSKILLER

2: Podla navodu spust subor Disk.bat, log tiez vloz sem.
diskbat

[staso]

TDSSKILLER:
11:37:30.0000 2476 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
11:37:30.0125 2476 ============================================================
11:37:30.0125 2476 Current date / time: 2011/12/30 11:37:30.0125
11:37:30.0125 2476 SystemInfo:
11:37:30.0125 2476
11:37:30.0125 2476 OS Version: 5.1.2600 ServicePack: 3.0
11:37:30.0125 2476 Product type: Workstation
11:37:30.0125 2476 ComputerName: CM
11:37:30.0125 2476 UserName: %Admin!!!
11:37:30.0125 2476 Windows directory: C:\WINDOWS
11:37:30.0125 2476 System windows directory: C:\WINDOWS
11:37:30.0125 2476 Processor architecture: Intel x86
11:37:30.0125 2476 Number of processors: 2
11:37:30.0125 2476 Page size: 0x1000
11:37:30.0125 2476 Boot type: Normal boot
11:37:30.0125 2476 ============================================================
11:37:33.0640 2476 Initialize success
11:37:40.0781 2816 ============================================================
11:37:40.0781 2816 Scan started
11:37:40.0781 2816 Mode: Manual;
11:37:40.0781 2816 ============================================================
11:37:41.0781 2816 Abiosdsk - ok
11:37:41.0781 2816 abp480n5 - ok
11:37:41.0796 2816 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:37:41.0796 2816 ACPI - ok
11:37:41.0828 2816 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:37:41.0828 2816 ACPIEC - ok
11:37:41.0859 2816 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
11:37:41.0953 2816 adfs - ok
11:37:41.0953 2816 adpu160m - ok
11:37:41.0968 2816 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:37:41.0984 2816 aec - ok
11:37:42.0000 2816 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:37:42.0015 2816 AFD - ok
11:37:42.0015 2816 Aha154x - ok
11:37:42.0015 2816 aic78u2 - ok
11:37:42.0015 2816 aic78xx - ok
11:37:42.0031 2816 AliIde - ok
11:37:42.0031 2816 amsint - ok
11:37:42.0046 2816 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:37:42.0046 2816 Arp1394 - ok
11:37:42.0046 2816 asc - ok
11:37:42.0062 2816 asc3350p - ok
11:37:42.0062 2816 asc3550 - ok
11:37:42.0078 2816 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
11:37:42.0078 2816 AsIO - ok
11:37:42.0109 2816 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:37:42.0109 2816 AsyncMac - ok
11:37:42.0125 2816 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:37:42.0125 2816 atapi - ok
11:37:42.0125 2816 Atdisk - ok
11:37:42.0250 2816 ati2mtag (913da327ad22c6fa44c41d36fd8cc570) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:37:42.0328 2816 ati2mtag - ok
11:37:42.0359 2816 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
11:37:42.0453 2816 AtiHdmiService - ok
11:37:42.0484 2816 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:37:42.0484 2816 Atmarpc - ok
11:37:42.0515 2816 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:37:42.0515 2816 audstub - ok
11:37:42.0546 2816 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:37:42.0562 2816 Beep - ok
11:37:42.0593 2816 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:37:42.0593 2816 cbidf2k - ok
11:37:42.0609 2816 cd20xrnt - ok
11:37:42.0609 2816 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:37:42.0609 2816 Cdaudio - ok
11:37:42.0625 2816 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:37:42.0625 2816 Cdfs - ok
11:37:42.0640 2816 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:37:42.0640 2816 Cdrom - ok
11:37:42.0640 2816 Changer - ok
11:37:42.0656 2816 CmdIde - ok
11:37:42.0671 2816 Cpqarray - ok
11:37:42.0671 2816 dac2w2k - ok
11:37:42.0671 2816 dac960nt - ok
11:37:42.0687 2816 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:37:42.0687 2816 Disk - ok
11:37:42.0718 2816 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:37:42.0734 2816 dmboot - ok
11:37:42.0734 2816 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:37:42.0750 2816 dmio - ok
11:37:42.0750 2816 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:37:42.0765 2816 dmload - ok
11:37:42.0765 2816 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:37:42.0781 2816 DMusic - ok
11:37:42.0812 2816 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
11:37:42.0812 2816 dot4 - ok
11:37:42.0828 2816 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
11:37:42.0875 2816 Dot4Print - ok
11:37:42.0875 2816 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
11:37:42.0921 2816 dot4usb - ok
11:37:42.0937 2816 dpti2o - ok
11:37:42.0937 2816 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:37:42.0937 2816 drmkaud - ok
11:37:42.0968 2816 dtsoftbus01 (c8eb60a182bee9afd6b394c0145a1732) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
11:37:42.0984 2816 dtsoftbus01 - ok
11:37:43.0000 2816 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:37:43.0015 2816 Fastfat - ok
11:37:43.0015 2816 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:37:43.0015 2816 Fdc - ok
11:37:43.0031 2816 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:37:43.0046 2816 Fips - ok
11:37:43.0046 2816 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:37:43.0046 2816 Flpydisk - ok
11:37:43.0078 2816 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:37:43.0078 2816 FltMgr - ok
11:37:43.0078 2816 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:37:43.0093 2816 Fs_Rec - ok
11:37:43.0093 2816 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:37:43.0093 2816 Ftdisk - ok
11:37:43.0125 2816 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:37:43.0171 2816 GEARAspiWDM - ok
11:37:43.0187 2816 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
11:37:43.0265 2816 giveio - ok
11:37:43.0296 2816 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:37:43.0296 2816 Gpc - ok
11:37:43.0312 2816 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:37:43.0312 2816 HDAudBus - ok
11:37:43.0328 2816 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:37:43.0328 2816 hidusb - ok
11:37:43.0343 2816 hpn - ok
11:37:43.0343 2816 hpt3xx - ok
11:37:43.0390 2816 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:37:43.0390 2816 HTTP - ok
11:37:43.0390 2816 i2omgmt - ok
11:37:43.0390 2816 i2omp - ok
11:37:43.0406 2816 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
11:37:43.0406 2816 i8042prt - ok
11:37:43.0421 2816 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:37:43.0421 2816 Imapi - ok
11:37:43.0421 2816 ini910u - ok
11:37:43.0515 2816 IntcAzAudAddService (1824c4894aa438cd06c976e44b9e7353) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:37:43.0531 2816 IntcAzAudAddService - ok
11:37:43.0546 2816 IntelIde - ok
11:37:43.0546 2816 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:37:43.0546 2816 intelppm - ok
11:37:43.0578 2816 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:37:43.0578 2816 ip6fw - ok
11:37:43.0593 2816 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:37:43.0609 2816 IpFilterDriver - ok
11:37:43.0625 2816 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:37:43.0625 2816 IpInIp - ok
11:37:43.0640 2816 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:37:43.0640 2816 IpNat - ok
11:37:43.0640 2816 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:37:43.0640 2816 IPSec - ok
11:37:43.0671 2816 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:37:43.0671 2816 IRENUM - ok
11:37:43.0703 2816 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:37:43.0703 2816 isapnp - ok
11:37:43.0718 2816 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:37:43.0718 2816 Kbdclass - ok
11:37:43.0718 2816 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:37:43.0718 2816 kbdhid - ok
11:37:43.0765 2816 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:37:43.0765 2816 kmixer - ok
11:37:43.0781 2816 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:37:43.0781 2816 KSecDD - ok
11:37:43.0796 2816 L1e (b3a21f963bf315a29e1d5eb376a51078) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
11:37:43.0796 2816 L1e - ok
11:37:43.0796 2816 lbrtfdc - ok
11:37:43.0828 2816 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
11:37:43.0921 2816 MBAMProtector - ok
11:37:43.0953 2816 mfeapfk (4f557e7140124f7dd347e6e6ba11a696) C:\WINDOWS\system32\drivers\mfeapfk.sys
11:37:44.0000 2816 mfeapfk - ok
11:37:44.0015 2816 mfeavfk (5a88fc236667c8c245f19c62a5e18e70) C:\WINDOWS\system32\drivers\mfeavfk.sys
11:37:44.0015 2816 mfeavfk - ok
11:37:44.0031 2816 mfebopk (e0bf92925c2a68662d32439bef5e9c1f) C:\WINDOWS\system32\drivers\mfebopk.sys
11:37:44.0046 2816 mfebopk - ok
11:37:44.0046 2816 mfehidk (9ac9ea61e33af81b60a65cdb71474ea6) C:\WINDOWS\system32\drivers\mfehidk.sys
11:37:44.0062 2816 mfehidk - ok
11:37:44.0062 2816 mfetdik (0371251b81b9898a79a80970be7fadab) C:\WINDOWS\system32\drivers\mfetdik.sys
11:37:44.0062 2816 mfetdik - ok
11:37:44.0078 2816 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:37:44.0078 2816 mnmdd - ok
11:37:44.0093 2816 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:37:44.0109 2816 Modem - ok
11:37:44.0109 2816 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:37:44.0125 2816 Mouclass - ok
11:37:44.0125 2816 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:37:44.0140 2816 mouhid - ok
11:37:44.0140 2816 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:37:44.0156 2816 MountMgr - ok
11:37:44.0156 2816 mraid35x - ok
11:37:44.0156 2816 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:37:44.0171 2816 MRxDAV - ok
11:37:44.0203 2816 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:37:44.0203 2816 MRxSmb - ok
11:37:44.0218 2816 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:37:44.0234 2816 Msfs - ok
11:37:44.0250 2816 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:37:44.0250 2816 MSKSSRV - ok
11:37:44.0281 2816 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:37:44.0281 2816 MSPCLOCK - ok
11:37:44.0312 2816 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:37:44.0312 2816 MSPQM - ok
11:37:44.0328 2816 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:37:44.0328 2816 mssmbios - ok
11:37:44.0343 2816 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
11:37:44.0343 2816 MTsensor - ok
11:37:44.0375 2816 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:37:44.0375 2816 Mup - ok
11:37:44.0390 2816 mv61xx (e6f48050af7548e4bf775f0d83873794) C:\WINDOWS\system32\DRIVERS\mv61xx.sys
11:37:44.0484 2816 mv61xx - ok
11:37:44.0484 2816 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:37:44.0500 2816 NDIS - ok
11:37:44.0500 2816 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:37:44.0500 2816 NdisTapi - ok
11:37:44.0515 2816 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:37:44.0515 2816 Ndisuio - ok
11:37:44.0515 2816 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:37:44.0531 2816 NdisWan - ok
11:37:44.0562 2816 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:37:44.0562 2816 NDProxy - ok
11:37:44.0562 2816 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:37:44.0578 2816 NetBIOS - ok
11:37:44.0578 2816 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:37:44.0593 2816 NetBT - ok
11:37:44.0609 2816 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:37:44.0609 2816 NIC1394 - ok
11:37:44.0609 2816 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:37:44.0609 2816 Npfs - ok
11:37:44.0625 2816 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:37:44.0640 2816 Ntfs - ok
11:37:44.0656 2816 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:37:44.0656 2816 Null - ok
11:37:44.0687 2816 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:37:44.0687 2816 NwlnkFlt - ok
11:37:44.0687 2816 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:37:44.0687 2816 NwlnkFwd - ok
11:37:44.0703 2816 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:37:44.0703 2816 ohci1394 - ok
11:37:44.0718 2816 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
11:37:44.0734 2816 Parport - ok
11:37:44.0734 2816 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:37:44.0734 2816 PartMgr - ok
11:37:44.0765 2816 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:37:44.0765 2816 ParVdm - ok
11:37:44.0765 2816 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:37:44.0781 2816 PCI - ok
11:37:44.0781 2816 PCIDump - ok
11:37:44.0781 2816 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:37:44.0796 2816 PCIIde - ok
11:37:44.0796 2816 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:37:44.0812 2816 Pcmcia - ok
11:37:44.0812 2816 PDCOMP - ok
11:37:44.0812 2816 PDFRAME - ok
11:37:44.0828 2816 PDRELI - ok
11:37:44.0828 2816 PDRFRAME - ok
11:37:44.0828 2816 perc2 - ok
11:37:44.0843 2816 perc2hib - ok
11:37:44.0843 2816 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:37:44.0859 2816 PptpMiniport - ok
11:37:44.0875 2816 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
11:37:44.0875 2816 Processor - ok
11:37:44.0875 2816 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:37:44.0890 2816 PSched - ok
11:37:44.0890 2816 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:37:44.0890 2816 Ptilink - ok
11:37:44.0906 2816 ql1080 - ok
11:37:44.0921 2816 Ql10wnt - ok
11:37:44.0921 2816 ql12160 - ok
11:37:44.0937 2816 ql1240 - ok
11:37:44.0937 2816 ql1280 - ok
11:37:44.0937 2816 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:37:44.0953 2816 RasAcd - ok
11:37:44.0953 2816 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:37:44.0968 2816 Rasl2tp - ok
11:37:44.0968 2816 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:37:44.0968 2816 RasPppoe - ok
11:37:44.0984 2816 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:37:44.0984 2816 Raspti - ok
11:37:45.0000 2816 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:37:45.0000 2816 Rdbss - ok
11:37:45.0000 2816 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:37:45.0015 2816 RDPCDD - ok
11:37:45.0015 2816 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:37:45.0015 2816 rdpdr - ok
11:37:45.0046 2816 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:37:45.0046 2816 RDPWD - ok
11:37:45.0046 2816 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:37:45.0046 2816 redbook - ok
11:37:45.0078 2816 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:37:45.0078 2816 Secdrv - ok
11:37:45.0093 2816 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:37:45.0093 2816 serenum - ok
11:37:45.0093 2816 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:37:45.0093 2816 Serial - ok
11:37:45.0109 2816 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:37:45.0109 2816 Sfloppy - ok
11:37:45.0125 2816 Simbad - ok
11:37:45.0125 2816 Sparrow - ok
11:37:45.0156 2816 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\WINDOWS\system32\speedfan.sys
11:37:45.0203 2816 speedfan - ok
11:37:45.0234 2816 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:37:45.0234 2816 splitter - ok
11:37:45.0234 2816 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\System32\DRIVERS\sr.sys
11:37:45.0234 2816 sr - ok
11:37:45.0265 2816 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:37:45.0265 2816 Srv - ok
11:37:45.0281 2816 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:37:45.0281 2816 swenum - ok
11:37:45.0281 2816 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:37:45.0296 2816 swmidi - ok
11:37:45.0296 2816 symc810 - ok
11:37:45.0312 2816 symc8xx - ok
11:37:45.0312 2816 sym_hi - ok
11:37:45.0312 2816 sym_u3 - ok
11:37:45.0328 2816 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:37:45.0328 2816 sysaudio - ok
11:37:45.0359 2816 tap0901t (b7aee68d2e867cbf69b649b18fcedbbb) C:\WINDOWS\system32\DRIVERS\tap0901t.sys
11:37:45.0406 2816 tap0901t - ok
11:37:45.0421 2816 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:37:45.0437 2816 Tcpip - ok
11:37:45.0453 2816 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:37:45.0453 2816 TDPIPE - ok
11:37:45.0468 2816 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:37:45.0468 2816 TDTCP - ok
11:37:45.0468 2816 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:37:45.0484 2816 TermDD - ok
11:37:45.0484 2816 TosIde - ok
11:37:45.0515 2816 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:37:45.0515 2816 Udfs - ok
11:37:45.0531 2816 ULCDRHlp (a4e07da3ae2078bd96e84d4baa07b71d) C:\WINDOWS\system32\Drivers\ULCDRHlp.sys
11:37:45.0578 2816 ULCDRHlp - ok
11:37:45.0593 2816 ultra - ok
11:37:45.0609 2816 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:37:45.0609 2816 Update - ok
11:37:45.0640 2816 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:37:45.0734 2816 USBAAPL - ok
11:37:45.0750 2816 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:37:45.0750 2816 usbccgp - ok
11:37:45.0781 2816 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:37:45.0781 2816 usbehci - ok
11:37:45.0796 2816 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:37:45.0796 2816 usbhub - ok
11:37:45.0796 2816 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:37:45.0812 2816 USBSTOR - ok
11:37:45.0812 2816 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:37:45.0812 2816 usbuhci - ok
11:37:45.0828 2816 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:37:45.0843 2816 VgaSave - ok
11:37:45.0843 2816 ViaIde - ok
11:37:45.0859 2816 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:37:45.0859 2816 VolSnap - ok
11:37:45.0906 2816 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
11:37:45.0953 2816 wacommousefilter - ok
11:37:45.0984 2816 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
11:37:46.0031 2816 wacomvhid - ok
11:37:46.0031 2816 WacomVKHid - ok
11:37:46.0031 2816 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:37:46.0046 2816 Wanarp - ok
11:37:46.0046 2816 WDICA - ok
11:37:46.0062 2816 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:37:46.0078 2816 wdmaud - ok
11:37:46.0109 2816 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:37:46.0109 2816 WudfPf - ok
11:37:46.0125 2816 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:37:46.0140 2816 WudfRd - ok
11:37:46.0140 2816 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
11:37:46.0156 2816 \Device\Harddisk2\DR2 - ok
11:37:46.0171 2816 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:37:46.0203 2816 \Device\Harddisk0\DR0 - ok
11:37:46.0203 2816 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
11:37:46.0390 2816 \Device\Harddisk1\DR1 - ok
11:37:46.0390 2816 MBR (0x1B8) (180dbde3af7ea48b3db3ac27b1ddf401) \Device\Harddisk3\DR13
11:37:46.0593 2816 \Device\Harddisk3\DR13 - ok
11:37:46.0593 2816 Boot (0x1200) (e2cda4f7147ef205664c185be9a33cd6) \Device\Harddisk2\DR2\Partition0
11:37:46.0593 2816 \Device\Harddisk2\DR2\Partition0 - ok
11:37:46.0593 2816 Boot (0x1200) (fe458a84b13c43ee9d8b4aa1e068fe0d) \Device\Harddisk0\DR0\Partition0
11:37:46.0593 2816 \Device\Harddisk0\DR0\Partition0 - ok
11:37:46.0625 2816 Boot (0x1200) (f576684f3488c7397ca7f1f5a7fa6f35) \Device\Harddisk0\DR0\Partition1
11:37:46.0625 2816 \Device\Harddisk0\DR0\Partition1 - ok
11:37:46.0640 2816 Boot (0x1200) (8d764722e864b0f128c56619bd3e70b1) \Device\Harddisk0\DR0\Partition2
11:37:46.0640 2816 \Device\Harddisk0\DR0\Partition2 - ok
11:37:46.0656 2816 Boot (0x1200) (efbd57f1550e90b8db9a519edcf824bb) \Device\Harddisk0\DR0\Partition3
11:37:46.0656 2816 \Device\Harddisk0\DR0\Partition3 - ok
11:37:46.0671 2816 Boot (0x1200) (806189bcf4e63a90056ff580ed222f45) \Device\Harddisk0\DR0\Partition4
11:37:46.0671 2816 \Device\Harddisk0\DR0\Partition4 - ok
11:37:46.0671 2816 Boot (0x1200) (279eef41e4cd6212f2368bf2015352b6) \Device\Harddisk1\DR1\Partition0
11:37:46.0671 2816 \Device\Harddisk1\DR1\Partition0 - ok
11:37:46.0671 2816 Boot (0x1200) (d75bcc3865c0c636cb234a7dfe56f62f) \Device\Harddisk1\DR1\Partition1
11:37:46.0671 2816 \Device\Harddisk1\DR1\Partition1 - ok
11:37:46.0671 2816 Boot (0x1200) (42e70c331a11f90b6587fa8ba6707ba4) \Device\Harddisk1\DR1\Partition2
11:37:46.0671 2816 \Device\Harddisk1\DR1\Partition2 - ok
11:37:46.0671 2816 Boot (0x1200) (34512f65ec8f0c7fdeb5d9add2ac2669) \Device\Harddisk1\DR1\Partition3
11:37:46.0671 2816 \Device\Harddisk1\DR1\Partition3 - ok
11:37:46.0671 2816 Boot (0x1200) (efe8cb769f5e2e1b939e2df695f8b02b) \Device\Harddisk3\DR13\Partition0
11:37:46.0671 2816 \Device\Harddisk3\DR13\Partition0 - ok
11:37:46.0671 2816 ============================================================
11:37:46.0671 2816 Scan finished
11:37:46.0671 2816 ============================================================
11:37:46.0687 2496 Detected object count: 0
11:37:46.0687 2496 Actual detected object count: 0



DISK.BAT
Model Name Size
SAMSUNG HD322HJ \\.\PHYSICALDRIVE0 320071652352
SAMSUNG HD642JJ \\.\PHYSICALDRIVE1 640132416000
WDC WD40 0BB-32CFC0 SCSI Disk Device \\.\PHYSICALDRIVE2 40015987200
Samsung S2 Portable USB Device \\.\PHYSICALDRIVE3 250056737280
Bootable Name Size Type
TRUE Disk #0, Oblasť pevného disku #0 83887176192 Installable File System
Disk #0, Oblasť pevného disku #1 107373275136 Installable File System
Disk #0, Oblasť pevného disku #2 18412250112 Installable File System
Disk #0, Oblasť pevného disku #3 110398924800 Extended w/Extended Int 13
TRUE Disk #1, Oblasť pevného disku #0 160031015424 Installable File System
Disk #1, Oblasť pevného disku #1 160031047680 Installable File System
Disk #1, Oblasť pevného disku #2 160031047680 Installable File System
Disk #1, Oblasť pevného disku #3 160039272960 Installable File System
TRUE Disk #2, Oblasť pevného disku #0 40015954944 Installable File System
TRUE Disk #3, Oblasť pevného disku #0 250056704512 Installable File System

ak dobre vidím, tak tu nie je žiadna utajená partícia. Počty diskov a partícii zodpovedajú skutočnosti. USB disk je pripojený, lebo bol pripojený v okamihu nákazy.

[stell]

Ano, presne tak ako pises, podla logu MBAM, mal si tam mat Rootkit ZAccess , no nic spust este combofix, a log vloz sem

http://www.bleepingcomputer.com/combofi ... t-combofix

[staso]

Tu je log z ComboFix-u.
Pri behu vo fázach 1-50 mi vyhadzoval, že nebol nájdený súbor NIRKMD.3XE ale po potvrdení OK bežal ďalej.

ComboFix 11-12-29.05 - %Admin!!! . 12. 2011 13:27:15.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3327.2475 [GMT 1:00]
Running from: c:\documents and settings\Admin!!!\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin!!!\Application Data\64dlls.exe
c:\documents and settings\Admin!!!\Application Data\intel64.exe
c:\documents and settings\Admin!!!\Application Data\Kernel32.exe
c:\documents and settings\Admin!!!\Application Data\localsys64.exe
c:\documents and settings\Admin!!!\Application Data\ntos.exe
c:\documents and settings\Admin!!!\Application Data\oembios.exe
c:\documents and settings\Admin!!!\Application Data\sdra64.exe
c:\documents and settings\Admin!!!\Application Data\sdra73.exe
c:\documents and settings\Admin!!!\Application Data\swin32.exe
c:\documents and settings\Admin!!!\Application Data\twex.exe
c:\documents and settings\Admin!!!\Application Data\twext.exe
c:\documents and settings\Admin!!!\Application Data\wsnpoema.exe
c:\documents and settings\Stano\Local Settings\Application Data\e45d775c\U
c:\documents and settings\Stano\Local Settings\Application Data\e45d775c\U\000000c0.@
c:\documents and settings\Stano\Local Settings\Application Data\e45d775c\U\000000cb.@
c:\documents and settings\Stano\Local Settings\Application Data\e45d775c\U\80000000.@
c:\documents and settings\Stano\Local Settings\Application Data\e45d775c\X
c:\documents and settings\Stano\Local Settings\Temporary Internet Files\wtran32.INI
M:\install.exe
O:\setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-29 22:05 . 2011-12-29 22:05 -------- d-----w- c:\program files\trend micro
2011-12-29 22:05 . 2011-12-29 22:05 -------- d-----w- C:\rsit
2011-12-29 19:06 . 2011-12-29 21:11 -------- d-----w- c:\program files\Ultimate Process Manager
2011-12-29 17:59 . 2011-12-29 17:59 -------- d-----w- c:\program files\CCleaner
2011-12-29 17:53 . 2011-11-15 13:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-29 16:48 . 2011-12-29 16:48 -------- d-----w- c:\documents and settings\Stano\Application Data\Malwarebytes
2011-12-29 14:35 . 2011-12-29 14:35 -------- d-----w- c:\documents and settings\%Admin!!!\Local Settings\Application Data\Temp
2011-12-29 14:22 . 2011-12-29 14:22 -------- d-----w- c:\documents and settings\%Admin!!!\Application Data\Malwarebytes
2011-12-29 14:21 . 2011-12-29 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-29 14:21 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-29 14:21 . 2011-12-29 14:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-29 11:25 . 2011-12-30 12:34 -------- d-sh--w- c:\documents and settings\Stano\Local Settings\Application Data\e45d775c
2011-12-29 10:42 . 2011-12-29 10:42 -------- d-----w- c:\documents and settings\%Admin!!!\Application Data\VitySoft
2011-12-27 09:44 . 2011-12-27 09:44 -------- d-----w- c:\documents and settings\Olivia\Application Data\vlc
2011-12-27 09:43 . 2011-12-27 09:43 -------- d-----w- c:\documents and settings\Olivia\Application Data\Search Settings
2011-12-26 18:44 . 2011-12-26 18:44 -------- d-----w- c:\documents and settings\Stano\Application Data\dvdcss
2011-12-25 11:49 . 2011-12-26 15:30 -------- d-----w- c:\documents and settings\Stano\Application Data\FamilyTreeMaker
2011-12-24 14:15 . 2011-12-24 14:15 -------- d-----w- c:\documents and settings\Stano\Local Settings\Application Data\IsolatedStorage
2011-12-24 14:15 . 2011-12-24 14:15 -------- d-----w- c:\documents and settings\Stano\Local Settings\Application Data\Ancestry.com
2011-12-24 14:10 . 2011-12-24 14:11 -------- d-----w- c:\program files\Genbox Family History
2011-12-24 14:01 . 2011-12-24 14:01 -------- d-----w- c:\documents and settings\%Admin!!!\Local Settings\Application Data\IsolatedStorage
2011-12-24 14:00 . 2011-12-24 14:00 -------- d-----w- c:\documents and settings\%Admin!!!\Local Settings\Application Data\Ancestry.com
2011-12-24 13:58 . 2011-12-24 13:58 -------- d-----w- c:\windows\system32\windows media
2011-12-24 13:58 . 2011-12-24 13:59 -------- d--h--w- c:\windows\msdownld.tmp
2011-12-24 13:58 . 2011-12-24 13:58 -------- d-----w- c:\program files\Windows Media Components
2011-12-24 13:58 . 2011-12-24 13:58 -------- d-----w- c:\program files\Microsoft WSE
2011-12-24 13:57 . 2011-12-24 14:00 -------- d-----w- c:\program files\Family Tree Maker 2010
2011-12-24 13:57 . 2011-12-24 13:58 -------- d-----w- c:\program files\BCL Technologies
2011-12-24 07:25 . 2011-12-24 07:25 -------- d-----w- c:\documents and settings\Stano\Application Data\Search Settings
2011-12-22 09:21 . 2011-12-22 09:21 -------- d-----w- c:\documents and settings\Zuzka\Application Data\YouTube Downloader
2011-12-22 07:21 . 2011-12-22 07:21 -------- d-----w- c:\documents and settings\Zuzka\Application Data\Search Settings
2011-12-19 13:47 . 2011-12-19 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\YouTube Downloader
2011-12-10 23:33 . 2011-12-10 21:07 -------- d-----w- C:\Boot
2011-12-03 17:07 . 2011-12-10 21:23 -------- d-----w- c:\program files\SpeedFan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-27 19:57 . 2011-09-15 17:54 94208 ----a-w- c:\windows\DUMPf164.tmp
2011-12-27 19:48 . 2011-09-15 17:54 94208 ----a-w- c:\windows\DUMPf1d2.tmp
2011-12-27 19:46 . 2011-09-15 17:54 94208 ----a-w- c:\windows\DUMP6c56.tmp
2011-12-27 19:44 . 2011-09-15 17:54 94208 ----a-w- c:\windows\DUMP6fa2.tmp
2011-12-03 17:10 . 2011-09-15 19:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 18:52 . 2011-11-23 18:52 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-23 13:25 . 2001-08-23 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2001-08-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2001-08-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2011-09-15 17:12 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2001-08-23 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2001-08-23 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2001-08-23 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2001-08-17 13:48 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-22 18:00 . 2011-10-22 13:34 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-22 18:00 . 2011-09-25 09:57 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-18 11:13 . 2011-09-15 17:12 186880 ------w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2011-09-15 16:07 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-02 12:31 . 2011-10-02 12:31 371272 ----a-r- c:\documents and settings\Zuzka\Application Data\Microsoft\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe
2011-10-30 10:49 . 2011-09-15 19:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-08-17 4527424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-24 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-05-14 5958656]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 98304]
"SKDaemon.exe"="c:\program files\Lenovo\Productivity Keyboard\SKDaemon.exe" [2010-03-02 253440]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="u:\itunes\iTunesHelper.exe" [2011-08-18 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Documents and Settings\\Misko\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"u:\\iTunes\\iTunes.exe"=
"i:\\Program Files\\Tunngle\\TnglCtrl.exe"=
"i:\\Program Files\\Tunngle\\Tunngle.exe"=
"m:\\Program Files\\THQ\\Saints Row The Third\\saintsrowthethird.exe"=
"c:\\Program Files\\Java\\jre7\\launch4j-tmp\\frd.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
.
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [15. 9. 2011 19:19 150568]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [23. 11. 2011 19:52 232512]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29. 12. 2011 15:21 652872]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [22. 7. 2011 13:26 690472]
R2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [16. 9. 2011 13:56 4807536]
R2 TunngleService;TunngleService;i:\program files\Tunngle\TnglCtrl.exe [6. 11. 2011 20:19 745832]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29. 12. 2011 15:21 20464]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [6. 11. 2011 20:19 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 12:16 130384]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15. 8. 2008 4:46 284016]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 12:16 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-113007714-839522115-1003Core.job
- c:\documents and settings\Adm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-15 18:49]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-113007714-839522115-1003UA.job
- c:\documents and settings\Adm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-15 18:49]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-113007714-839522115-1007Core.job
- c:\documents and settings\Zuzka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-19 12:07]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-113007714-839522115-1007UA.job
- c:\documents and settings\Zuzka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-19 12:07]
.
2011-12-30 c:\windows\Tasks\User_Feed_Synchronization-{B8D6D3E1-4418-42F9-96BC-F153C157816B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Previesť cieľ odkazu do formátu Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Previesť do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridať cieľ odkazu do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Pridať do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-uCertify M70-640 - c:\program files\uCertify\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-30 13:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2011-12-30 13:48:28
ComboFix-quarantined-files.txt 2011-12-30 12:48
.
Pre-Run: 53 150 482 432 bytes free
Post-Run: 19 adresárov, 57 686 552 576 voľných bajtov
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /FASTDETECT /NOEXECUTE=OPTIN
.
- - End Of File - - CAA6A7D66A070BEB8E6606A4A67F3F61

[stell]

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý tex:

Kód: Vybrat vše

KILLALL::
Folder::
c:\documents and settings\Stano\Local Settings\Application Data\e45d775c
c:\documents and settings\Olivia\Application Data\Search Settings
c:\documents and settings\Stano\Application Data\Search Settings
c:\documents and settings\Zuzka\Application Data\Search Settings
File::
c:\windows\DUMPf164.tmp
c:\windows\DUMPf1d2.tmp
c:\windows\DUMP6c56.tmp
c:\windows\DUMP6fa2.tmp
ClearJavaCache::

Potom klik na Subor -> Uložiť ako.. .-> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *]všetky súbory
A ulož ho na plochu> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log čo ComboFix vytvori, a napis ako sa chova pc

[staso]

Log z Combofix-u:
Myslel som, že AV mám vypnutý ale pozerám, že rezident bol živý. Skúsim ešte raz?

ComboFix 11-12-29.05 - %Admin!!! . 12. 2011 15:31:21.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3327.2501 [GMT 1:00]
Running from: c:\documents and settings\Admin!!!\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin!!!\Application Data\64dlls.exe
c:\documents and settings\Admin!!!\Application Data\intel64.exe
c:\documents and settings\Admin!!!\Application Data\Kernel32.exe
c:\documents and settings\Admin!!!\Application Data\localsys64.exe
c:\documents and settings\Admin!!!\Application Data\ntos.exe
c:\documents and settings\Admin!!!\Application Data\oembios.exe
c:\documents and settings\Admin!!!\Application Data\sdra64.exe
c:\documents and settings\Admin!!!\Application Data\sdra73.exe
c:\documents and settings\Admin!!!\Application Data\swin32.exe
c:\documents and settings\Admin!!!\Application Data\twex.exe
c:\documents and settings\Admin!!!\Application Data\twext.exe
c:\documents and settings\Admin!!!\Application Data\wsnpoema.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-29 22:05 . 2011-12-29 22:05 -------- d-----w- c:\program files\trend micro
2011-12-29 22:05 . 2011-12-29 22:05 -------- d-----w- C:\rsit
2011-12-29 19:06 . 2011-12-29 21:11 -------- d-----w- c:\program files\Ultimate Process Manager
2011-12-29 17:59 . 2011-12-29 17:59 -------- d-----w- c:\program files\CCleaner
2011-12-29 17:53 . 2011-11-15 13:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-29 16:48 . 2011-12-29 16:48 -------- d-----w- c:\documents and settings\Stano\Application Data\Malwarebytes
2011-12-29 14:35 . 2011-12-29 14:35 -------- d-----w- c:\documents and settings\%Admin!!!\Local Settings\Application Data\Temp
2011-12-29 14:22 . 2011-12-29 14:22 -------- d-----w- c:\documents and settings\%Admin!!!\Application Data\Malwarebytes
2011-12-29 14:21 . 2011-12-29 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-29 14:21 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-29 14:21 . 2011-12-29 14:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-29 11:25 . 2011-12-30 12:34 -------- d-sh--w- c:\documents and settings\Stano\Local Settings\Application Data\e45d775c
2011-12-29 10:42 . 2011-12-29 10:42 -------- d-----w- c:\documents and settings\%Admin!!!\Application Data\VitySoft
2011-12-27 09:44 . 2011-12-27 09:44 -------- d-----w- c:\documents and settings\Olivia\Application Data\vlc
2011-12-27 09:43 . 2011-12-27 09:43 -------- d-----w- c:\documents and settings\Olivia\Application Data\Search Settings
2011-12-26 18:44 . 2011-12-26 18:44 -------- d-----w- c:\documents and settings\Stano\Application Data\dvdcss
2011-12-25 11:49 . 2011-12-26 15:30 -------- d-----w- c:\documents and settings\Stano\Application Data\FamilyTreeMaker
2011-12-24 14:15 . 2011-12-24 14:15 -------- d-----w- c:\documents and settings\Stano\Local Settings\Application Data\IsolatedStorage
2011-12-24 14:15 . 2011-12-24 14:15 -------- d-----w- c:\documents and settings\Stano\Local Settings\Application Data\Ancestry.com
2011-12-24 14:10 . 2011-12-24 14:11 -------- d-----w- c:\program files\Genbox Family History
2011-12-24 14:01 . 2011-12-24 14:01 -------- d-----w- c:\documents and settings\%Admin!!!\Local Settings\Application Data\IsolatedStorage
2011-12-24 14:00 . 2011-12-24 14:00 -------- d-----w- c:\documents and settings\%Admin!!!\Local Settings\Application Data\Ancestry.com
2011-12-24 13:58 . 2011-12-24 13:58 -------- d-----w- c:\windows\system32\windows media
2011-12-24 13:58 . 2011-12-24 13:59 -------- d--h--w- c:\windows\msdownld.tmp
2011-12-24 13:58 . 2011-12-24 13:58 -------- d-----w- c:\program files\Windows Media Components
2011-12-24 13:58 . 2011-12-24 13:58 -------- d-----w- c:\program files\Microsoft WSE
2011-12-24 13:57 . 2011-12-24 14:00 -------- d-----w- c:\program files\Family Tree Maker 2010
2011-12-24 13:57 . 2011-12-24 13:58 -------- d-----w- c:\program files\BCL Technologies
2011-12-24 07:25 . 2011-12-24 07:25 -------- d-----w- c:\documents and settings\Stano\Application Data\Search Settings
2011-12-22 09:21 . 2011-12-22 09:21 -------- d-----w- c:\documents and settings\Zuzka\Application Data\YouTube Downloader
2011-12-22 07:21 . 2011-12-22 07:21 -------- d-----w- c:\documents and settings\Zuzka\Application Data\Search Settings
2011-12-19 13:47 . 2011-12-19 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\YouTube Downloader
2011-12-10 23:33 . 2011-12-10 21:07 -------- d-----w- C:\Boot
2011-12-03 17:07 . 2011-12-10 21:23 -------- d-----w- c:\program files\SpeedFan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-27 19:57 . 2011-09-15 17:54 94208 ----a-w- c:\windows\DUMPf164.tmp
2011-12-27 19:48 . 2011-09-15 17:54 94208 ----a-w- c:\windows\DUMPf1d2.tmp
2011-12-27 19:46 . 2011-09-15 17:54 94208 ----a-w- c:\windows\DUMP6c56.tmp
2011-12-27 19:44 . 2011-09-15 17:54 94208 ----a-w- c:\windows\DUMP6fa2.tmp
2011-12-03 17:10 . 2011-09-15 19:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 18:52 . 2011-11-23 18:52 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-23 13:25 . 2001-08-23 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2001-08-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2001-08-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2011-09-15 17:12 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2001-08-23 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2001-08-23 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2001-08-23 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2001-08-17 13:48 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-22 18:00 . 2011-10-22 13:34 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-22 18:00 . 2011-09-25 09:57 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-18 11:13 . 2011-09-15 17:12 186880 ------w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2011-09-15 16:07 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-02 12:31 . 2011-10-02 12:31 371272 ----a-r- c:\documents and settings\Zuzka\Application Data\Microsoft\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe
2011-10-30 10:49 . 2011-09-15 19:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-30_12.35.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-30 14:29 . 2011-12-30 14:29 16384 c:\windows\Temp\Perflib_Perfdata_19c.dat
+ 2001-08-23 12:00 . 2011-12-30 14:33 77932 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2011-12-30 12:30 77932 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2011-12-30 14:33 461386 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2011-12-30 12:30 461386 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-08-17 4527424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-24 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-05-14 5958656]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 98304]
"SKDaemon.exe"="c:\program files\Lenovo\Productivity Keyboard\SKDaemon.exe" [2010-03-02 253440]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="u:\itunes\iTunesHelper.exe" [2011-08-18 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Documents and Settings\\Misko\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"u:\\iTunes\\iTunes.exe"=
"i:\\Program Files\\Tunngle\\TnglCtrl.exe"=
"i:\\Program Files\\Tunngle\\Tunngle.exe"=
"m:\\Program Files\\THQ\\Saints Row The Third\\saintsrowthethird.exe"=
"c:\\Program Files\\Java\\jre7\\launch4j-tmp\\frd.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
.
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [15. 9. 2011 19:19 150568]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [23. 11. 2011 19:52 232512]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29. 12. 2011 15:21 652872]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [22. 7. 2011 13:26 690472]
R2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [16. 9. 2011 13:56 4807536]
R2 TunngleService;TunngleService;i:\program files\Tunngle\TnglCtrl.exe [6. 11. 2011 20:19 745832]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29. 12. 2011 15:21 20464]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [6. 11. 2011 20:19 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 12:16 130384]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15. 8. 2008 4:46 284016]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 12:16 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-113007714-839522115-1003Core.job
- c:\documents and settings\Adm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-15 18:49]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-113007714-839522115-1003UA.job
- c:\documents and settings\Adm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-15 18:49]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-113007714-839522115-1007Core.job
- c:\documents and settings\Zuzka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-19 12:07]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-113007714-839522115-1007UA.job
- c:\documents and settings\Zuzka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-19 12:07]
.
2011-12-30 c:\windows\Tasks\User_Feed_Synchronization-{B8D6D3E1-4418-42F9-96BC-F153C157816B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Previesť cieľ odkazu do formátu Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Previesť do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridať cieľ odkazu do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Pridať do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-30 15:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2011-12-30 15:40:12
ComboFix-quarantined-files.txt 2011-12-30 14:40
ComboFix2.txt 2011-12-30 12:48
.
Pre-Run: 57 665 331 200 bytes free
Post-Run: 19 adresárov, 57 662 849 024 voľných bajtov
.
- - End Of File - - 5328B3432B9EA5439F955019F5B8B844

[stell]

Toto treba spravit>

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý tex:

Kód: Vybrat vše

KILLALL::
Folder::
c:\documents and settings\Stano\Local Settings\Application Data\e45d775c
c:\documents and settings\Olivia\Application Data\Search Settings
c:\documents and settings\Stano\Application Data\Search Settings
c:\documents and settings\Zuzka\Application Data\Search Settings
File::
c:\windows\DUMPf164.tmp
c:\windows\DUMPf1d2.tmp
c:\windows\DUMP6c56.tmp
c:\windows\DUMP6fa2.tmp
ClearJavaCache::

Potom klik na Subor -> Uložiť ako.. .-> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *]všetky súbory
A ulož ho na plochu> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log čo ComboFix vytvori, a napis ako sa chova pc

[staso]

chvíľku mi trvalo, kým som zrušil rezidentnú časť ale už by to malo byť spravené ta ako treba:

ComboFix 11-12-29.05 - %Admin!!! . 12. 2011 17:19:47.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3327.2733 [GMT 1:00]
Running from: c:\documents and settings\Admin!!!\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin!!!\Application Data\64dlls.exe
c:\documents and settings\Admin!!!\Application Data\intel64.exe
c:\documents and settings\Admin!!!\Application Data\Kernel32.exe
c:\documents and settings\Admin!!!\Application Data\localsys64.exe
c:\documents and settings\Admin!!!\Application Data\ntos.exe
c:\documents and settings\Admin!!!\Application Data\oembios.exe
c:\documents and settings\Admin!!!\Application Data\sdra64.exe
c:\documents and settings\Admin!!!\Application Data\sdra73.exe
c:\documents and settings\Admin!!!\Application Data\swin32.exe
c:\documents and settings\Admin!!!\Application Data\twex.exe
c:\documents and settings\Admin!!!\Application Data\twext.exe
c:\documents and settings\Admin!!!\Application Data\wsnpoema.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-29 22:05 . 2011-12-29 22:05 -------- d-----w- c:\program files\trend micro
2011-12-29 22:05 . 2011-12-29 22:05 -------- d-----w- C:\rsit
2011-12-29 19:06 . 2011-12-29 21:11 -------- d-----w- c:\program files\Ultimate Process Manager
2011-12-29 17:59 . 2011-12-29 17:59 -------- d-----w- c:\program files\CCleaner
2011-12-29 17:53 . 2011-11-15 13:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-29 16:48 . 2011-12-29 16:48 -------- d-----w- c:\documents and settings\Stano\Application Data\Malwarebytes
2011-12-29 14:35 . 2011-12-29 14:35 -------- d-----w- c:\documents and settings\%Admin!!!\Local Settings\Application Data\Temp
2011-12-29 14:22 . 2011-12-29 14:22 -------- d-----w- c:\documents and settings\%Admin!!!\Application Data\Malwarebytes
2011-12-29 14:21 . 2011-12-29 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-29 14:21 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-29 14:21 . 2011-12-29 14:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-29 11:25 . 2011-12-30 12:34 -------- d-sh--w- c:\documents and settings\Stano\Local Settings\Application Data\e45d775c
2011-12-29 10:42 . 2011-12-29 10:42 -------- d-----w- c:\documents and settings\%Admin!!!\Application Data\VitySoft
2011-12-27 09:44 . 2011-12-27 09:44 -------- d-----w- c:\documents and settings\Olivia\Application Data\vlc
2011-12-27 09:43 . 2011-12-27 09:43 -------- d-----w- c:\documents and settings\Olivia\Application Data\Search Settings
2011-12-26 18:44 . 2011-12-26 18:44 -------- d-----w- c:\documents and settings\Stano\Application Data\dvdcss
2011-12-25 11:49 . 2011-12-26 15:30 -------- d-----w- c:\documents and settings\Stano\Application Data\FamilyTreeMaker
2011-12-24 14:15 . 2011-12-24 14:15 -------- d-----w- c:\documents and settings\Stano\Local Settings\Application Data\IsolatedStorage
2011-12-24 14:15 . 2011-12-24 14:15 -------- d-----w- c:\documents and settings\Stano\Local Settings\Application Data\Ancestry.com
2011-12-24 14:10 . 2011-12-24 14:11 -------- d-----w- c:\program files\Genbox Family History
2011-12-24 14:01 . 2011-12-24 14:01 -------- d-----w- c:\documents and settings\%Admin!!!\Local Settings\Application Data\IsolatedStorage
2011-12-24 14:00 . 2011-12-24 14:00 -------- d-----w- c:\documents and settings\%Admin!!!\Local Settings\Application Data\Ancestry.com
2011-12-24 13:58 . 2011-12-24 13:58 -------- d-----w- c:\windows\system32\windows media
2011-12-24 13:58 . 2011-12-24 13:59 -------- d--h--w- c:\windows\msdownld.tmp
2011-12-24 13:58 . 2011-12-24 13:58 -------- d-----w- c:\program files\Windows Media Components
2011-12-24 13:58 . 2011-12-24 13:58 -------- d-----w- c:\program files\Microsoft WSE
2011-12-24 13:57 . 2011-12-24 14:00 -------- d-----w- c:\program files\Family Tree Maker 2010
2011-12-24 13:57 . 2011-12-24 13:58 -------- d-----w- c:\program files\BCL Technologies
2011-12-24 07:25 . 2011-12-24 07:25 -------- d-----w- c:\documents and settings\Stano\Application Data\Search Settings
2011-12-22 09:21 . 2011-12-22 09:21 -------- d-----w- c:\documents and settings\Zuzka\Application Data\YouTube Downloader
2011-12-22 07:21 . 2011-12-22 07:21 -------- d-----w- c:\documents and settings\Zuzka\Application Data\Search Settings
2011-12-19 13:47 . 2011-12-19 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\YouTube Downloader
2011-12-10 23:33 . 2011-12-10 21:07 -------- d-----w- C:\Boot
2011-12-03 17:07 . 2011-12-10 21:23 -------- d-----w- c:\program files\SpeedFan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-27 19:57 . 2011-09-15 17:54 94208 ----a-w- c:\windows\DUMPf164.tmp
2011-12-27 19:48 . 2011-09-15 17:54 94208 ----a-w- c:\windows\DUMPf1d2.tmp
2011-12-27 19:46 . 2011-09-15 17:54 94208 ----a-w- c:\windows\DUMP6c56.tmp
2011-12-27 19:44 . 2011-09-15 17:54 94208 ----a-w- c:\windows\DUMP6fa2.tmp
2011-12-03 17:10 . 2011-09-15 19:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 18:52 . 2011-11-23 18:52 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-23 13:25 . 2001-08-23 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2001-08-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2001-08-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2011-09-15 17:12 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2001-08-23 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2001-08-23 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2001-08-23 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2001-08-17 13:48 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-22 18:00 . 2011-10-22 13:34 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-22 18:00 . 2011-09-25 09:57 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-18 11:13 . 2011-09-15 17:12 186880 ------w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2011-09-15 16:07 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-02 12:31 . 2011-10-02 12:31 371272 ----a-r- c:\documents and settings\Zuzka\Application Data\Microsoft\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe
2011-10-30 10:49 . 2011-09-15 19:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-30_12.35.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-30 16:18 . 2011-12-30 16:18 16384 c:\windows\Temp\Perflib_Perfdata_4e8.dat
+ 2001-08-23 12:00 . 2011-12-30 16:23 77932 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2011-12-30 12:30 77932 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2011-12-30 16:23 461386 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2011-12-30 12:30 461386 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-08-17 4527424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-24 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-05-14 5958656]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 98304]
"SKDaemon.exe"="c:\program files\Lenovo\Productivity Keyboard\SKDaemon.exe" [2010-03-02 253440]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="u:\itunes\iTunesHelper.exe" [2011-08-18 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Documents and Settings\\Misko\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"u:\\iTunes\\iTunes.exe"=
"i:\\Program Files\\Tunngle\\TnglCtrl.exe"=
"i:\\Program Files\\Tunngle\\Tunngle.exe"=
"m:\\Program Files\\THQ\\Saints Row The Third\\saintsrowthethird.exe"=
"c:\\Program Files\\Java\\jre7\\launch4j-tmp\\frd.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
.
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [15. 9. 2011 19:19 150568]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [23. 11. 2011 19:52 232512]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29. 12. 2011 15:21 652872]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [22. 7. 2011 13:26 690472]
R2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [16. 9. 2011 13:56 4807536]
R2 TunngleService;TunngleService;i:\program files\Tunngle\TnglCtrl.exe [6. 11. 2011 20:19 745832]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29. 12. 2011 15:21 20464]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [6. 11. 2011 20:19 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 12:16 130384]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15. 8. 2008 4:46 284016]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 12:16 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-113007714-839522115-1003Core.job
- c:\documents and settings\Adm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-15 18:49]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-113007714-839522115-1003UA.job
- c:\documents and settings\Adm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-15 18:49]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-113007714-839522115-1007Core.job
- c:\documents and settings\Zuzka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-19 12:07]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-113007714-839522115-1007UA.job
- c:\documents and settings\Zuzka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-19 12:07]
.
2011-12-30 c:\windows\Tasks\User_Feed_Synchronization-{B8D6D3E1-4418-42F9-96BC-F153C157816B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Previesť cieľ odkazu do formátu Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Previesť do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridať cieľ odkazu do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Pridať do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-30 17:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2011-12-30 17:26:00
ComboFix-quarantined-files.txt 2011-12-30 16:25
ComboFix2.txt 2011-12-30 14:40
ComboFix3.txt 2011-12-30 12:48
.
Pre-Run: 57 764 761 600 bytes free
Post-Run: 19 adresárov, 57 762 537 472 voľných bajtov
.
- - End Of File - - 58DF9A0D84FEFB4D6FBE0B0F7A289313

Pod adminom to beží bez zaváhania, nie sú zmeny obrazovky ani oneskorenie. Pod užívateľom ešte pretrváva preblikovanie obrazovky ale oneskorenie (tuhnutie) som už nezaregistroval.

[stell]

rozbal.7z

(355 bajtů) Staženo 45 x

No ty stale spustas combofix, a nerobis script tak ako som napisal,
No nic, tu ti dam prilohu, stiahni na plochu, rozbal, uchop myskou CFScript.txt a vloz do ikony combofixu, a postupuj podla pokynov, po skonceni vloz sem log,

[staso]

prepáč, myslel som že postupujem podľa pokynov. Vytvoriť .txt a ten presunúť na combofix. Idem znovu.

[stell]

ok, len kludne.

[staso]

Ak to už teraz nie je v poriadku, tak to neviem spraviť. Môžem nejako identifikovať či postupujem správne?
Log:

ComboFix 11-12-30.01 - %Admin!!! . 12. 2011 19:06:03.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3327.2922 [GMT 1:00]
Running from: c:\combofix\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin!!!\Application Data\64dlls.exe
c:\documents and settings\Admin!!!\Application Data\intel64.exe
c:\documents and settings\Admin!!!\Application Data\Kernel32.exe
c:\documents and settings\Admin!!!\Application Data\localsys64.exe
c:\documents and settings\Admin!!!\Application Data\ntos.exe
c:\documents and settings\Admin!!!\Application Data\oembios.exe
c:\documents and settings\Admin!!!\Application Data\sdra64.exe
c:\documents and settings\Admin!!!\Application Data\sdra73.exe
c:\documents and settings\Admin!!!\Application Data\swin32.exe
c:\documents and settings\Admin!!!\Application Data\twex.exe
c:\documents and settings\Admin!!!\Application Data\twext.exe
c:\documents and settings\Admin!!!\Application Data\wsnpoema.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-29 22:05 . 2011-12-29 22:05 -------- d-----w- c:\program files\trend micro
2011-12-29 22:05 . 2011-12-29 22:05 -------- d-----w- C:\rsit
2011-12-29 19:06 . 2011-12-29 21:11 -------- d-----w- c:\program files\Ultimate Process Manager
2011-12-29 17:59 . 2011-12-29 17:59 -------- d-----w- c:\program files\CCleaner
2011-12-29 17:53 . 2011-11-15 13:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-29 16:48 . 2011-12-29 16:48 -------- d-----w- c:\documents and settings\Stano\Application Data\Malwarebytes
2011-12-29 14:35 . 2011-12-29 14:35 -------- d-----w- c:\documents and settings\%Admin!!!\Local Settings\Application Data\Temp
2011-12-29 14:22 . 2011-12-29 14:22 -------- d-----w- c:\documents and settings\%Admin!!!\Application Data\Malwarebytes
2011-12-29 14:21 . 2011-12-29 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-29 14:21 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-29 14:21 . 2011-12-29 14:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-29 11:25 . 2011-12-30 12:34 -------- d-sh--w- c:\documents and settings\Stano\Local Settings\Application Data\e45d775c
2011-12-29 10:42 . 2011-12-29 10:42 -------- d-----w- c:\documents and settings\%Admin!!!\Application Data\VitySoft
2011-12-27 09:44 . 2011-12-27 09:44 -------- d-----w- c:\documents and settings\Olivia\Application Data\vlc
2011-12-27 09:43 . 2011-12-27 09:43 -------- d-----w- c:\documents and settings\Olivia\Application Data\Search Settings
2011-12-26 18:44 . 2011-12-26 18:44 -------- d-----w- c:\documents and settings\Stano\Application Data\dvdcss
2011-12-25 11:49 . 2011-12-26 15:30 -------- d-----w- c:\documents and settings\Stano\Application Data\FamilyTreeMaker
2011-12-24 14:15 . 2011-12-24 14:15 -------- d-----w- c:\documents and settings\Stano\Local Settings\Application Data\IsolatedStorage
2011-12-24 14:15 . 2011-12-24 14:15 -------- d-----w- c:\documents and settings\Stano\Local Settings\Application Data\Ancestry.com
2011-12-24 14:10 . 2011-12-24 14:11 -------- d-----w- c:\program files\Genbox Family History
2011-12-24 14:01 . 2011-12-24 14:01 -------- d-----w- c:\documents and settings\%Admin!!!\Local Settings\Application Data\IsolatedStorage
2011-12-24 14:00 . 2011-12-24 14:00 -------- d-----w- c:\documents and settings\%Admin!!!\Local Settings\Application Data\Ancestry.com
2011-12-24 13:58 . 2011-12-24 13:58 -------- d-----w- c:\windows\system32\windows media
2011-12-24 13:58 . 2011-12-24 13:59 -------- d--h--w- c:\windows\msdownld.tmp
2011-12-24 13:58 . 2011-12-24 13:58 -------- d-----w- c:\program files\Windows Media Components
2011-12-24 13:58 . 2011-12-24 13:58 -------- d-----w- c:\program files\Microsoft WSE
2011-12-24 13:57 . 2011-12-24 14:00 -------- d-----w- c:\program files\Family Tree Maker 2010
2011-12-24 13:57 . 2011-12-24 13:58 -------- d-----w- c:\program files\BCL Technologies
2011-12-24 07:25 . 2011-12-24 07:25 -------- d-----w- c:\documents and settings\Stano\Application Data\Search Settings
2011-12-22 09:21 . 2011-12-22 09:21 -------- d-----w- c:\documents and settings\Zuzka\Application Data\YouTube Downloader
2011-12-22 07:21 . 2011-12-22 07:21 -------- d-----w- c:\documents and settings\Zuzka\Application Data\Search Settings
2011-12-19 13:47 . 2011-12-19 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\YouTube Downloader
2011-12-10 23:33 . 2011-12-10 21:07 -------- d-----w- C:\Boot
2011-12-03 17:07 . 2011-12-10 21:23 -------- d-----w- c:\program files\SpeedFan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-27 19:57 . 2011-09-15 17:54 94208 ----a-w- c:\windows\DUMPf164.tmp
2011-12-27 19:48 . 2011-09-15 17:54 94208 ----a-w- c:\windows\DUMPf1d2.tmp
2011-12-27 19:46 . 2011-09-15 17:54 94208 ----a-w- c:\windows\DUMP6c56.tmp
2011-12-27 19:44 . 2011-09-15 17:54 94208 ----a-w- c:\windows\DUMP6fa2.tmp
2011-12-03 17:10 . 2011-09-15 19:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 18:52 . 2011-11-23 18:52 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-23 13:25 . 2001-08-23 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2001-08-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2001-08-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2011-09-15 17:12 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2001-08-23 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2001-08-23 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2001-08-23 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2001-08-17 13:48 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-22 18:00 . 2011-10-22 13:34 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-22 18:00 . 2011-09-25 09:57 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-18 11:13 . 2011-09-15 17:12 186880 ------w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2011-09-15 16:07 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-02 12:31 . 2011-10-02 12:31 371272 ----a-r- c:\documents and settings\Zuzka\Application Data\Microsoft\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe
2011-10-30 10:49 . 2011-09-15 19:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-30_12.35.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-30 18:05 . 2011-12-30 18:05 16384 c:\windows\Temp\Perflib_Perfdata_33c.dat
+ 2001-08-23 12:00 . 2011-12-30 18:09 77932 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2011-12-30 12:30 77932 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2011-12-30 18:09 461386 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2011-12-30 12:30 461386 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-08-17 4527424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-24 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-05-14 5958656]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 98304]
"SKDaemon.exe"="c:\program files\Lenovo\Productivity Keyboard\SKDaemon.exe" [2010-03-02 253440]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="u:\itunes\iTunesHelper.exe" [2011-08-18 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Documents and Settings\\Misko\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"u:\\iTunes\\iTunes.exe"=
"i:\\Program Files\\Tunngle\\TnglCtrl.exe"=
"i:\\Program Files\\Tunngle\\Tunngle.exe"=
"m:\\Program Files\\THQ\\Saints Row The Third\\saintsrowthethird.exe"=
"c:\\Program Files\\Java\\jre7\\launch4j-tmp\\frd.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
.
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [15. 9. 2011 19:19 150568]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [23. 11. 2011 19:52 232512]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29. 12. 2011 15:21 652872]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [22. 7. 2011 13:26 690472]
R2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [16. 9. 2011 13:56 4807536]
R2 TunngleService;TunngleService;i:\program files\Tunngle\TnglCtrl.exe [6. 11. 2011 20:19 745832]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29. 12. 2011 15:21 20464]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [6. 11. 2011 20:19 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 12:16 130384]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15. 8. 2008 4:46 284016]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 12:16 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-113007714-839522115-1003Core.job
- c:\documents and settings\Adm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-15 18:49]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-113007714-839522115-1003UA.job
- c:\documents and settings\Adm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-15 18:49]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-113007714-839522115-1007Core.job
- c:\documents and settings\Zuzka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-19 12:07]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-113007714-839522115-1007UA.job
- c:\documents and settings\Zuzka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-19 12:07]
.
2011-12-30 c:\windows\Tasks\User_Feed_Synchronization-{B8D6D3E1-4418-42F9-96BC-F153C157816B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Previesť cieľ odkazu do formátu Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Previesť do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridať cieľ odkazu do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Pridať do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-30 19:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2011-12-30 19:12:07
ComboFix-quarantined-files.txt 2011-12-30 18:12
ComboFix2.txt 2011-12-30 16:26
ComboFix3.txt 2011-12-30 14:40
ComboFix4.txt 2011-12-30 12:48
.
Pre-Run: 57 717 755 904 bytes free
Post-Run: 19 adresárov, 57 714 704 384 voľných bajtov
.
- - End Of File - - 6746681DEBAF65CF29A9DCAB34F56C74

[stell]

Nie, nie je to dobre, ale aj tak sa deje nieco divne , preto ze stale infekcia sa obnovuje, vyzera to tak ze mas tam fileinfectora, bud sality, alebo Virut, Uvidime,,,
Teraz sprav presne to co napisem,
stiahnes OTM na plochu.
http://www.viry.cz/forum/viewtopic.php? ... 05#p572105
podla navodu vlozis do laveho okna tento script, a kliknes na Gombik MOVEIT, log po restarte vloz sem.Potom Otestujeme zopar systemovych suborov.

Kód: Vybrat vše

:processes
explorer.exe
:Files
c:\documents and settings\Stano\Local Settings\Application Data\e45d775c
c:\documents and settings\Olivia\Application Data\Search Settings
c:\documents and settings\Stano\Application Data\Search Settings
c:\documents and settings\Zuzka\Application Data\Search Settings
c:\windows\DUMPf164.tmp
c:\windows\DUMPf1d2.tmp
c:\windows\DUMP6c56.tmp
c:\windows\DUMP6fa2.tmp
ipconfig /flushdns /c
:Commands
[resethosts]
[emptytemp]
[clearallrestorepoints]
[start explorer]
[EMPTYFLASH]
[Reboot]

[staso]

All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
c:\documents and settings\Stano\Local Settings\Application Data\e45d775c folder moved successfully.
c:\documents and settings\Olivia\Application Data\Search Settings\temp folder moved successfully.
c:\documents and settings\Olivia\Application Data\Search Settings\res folder moved successfully.
c:\documents and settings\Olivia\Application Data\Search Settings folder moved successfully.
c:\documents and settings\Stano\Application Data\Search Settings\temp folder moved successfully.
c:\documents and settings\Stano\Application Data\Search Settings\res folder moved successfully.
c:\documents and settings\Stano\Application Data\Search Settings folder moved successfully.
c:\documents and settings\Zuzka\Application Data\Search Settings\temp folder moved successfully.
c:\documents and settings\Zuzka\Application Data\Search Settings\res folder moved successfully.
c:\documents and settings\Zuzka\Application Data\Search Settings folder moved successfully.
c:\windows\DUMPf164.tmp moved successfully.
c:\windows\DUMPf1d2.tmp moved successfully.
c:\windows\DUMP6c56.tmp moved successfully.
c:\windows\DUMP6fa2.tmp moved successfully.
< ipconfig /flushdns /c >
No captured output from command...
C:\Documents and Settings\%Admin!!!\Desktop\cmd.bat deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: %Admin!!!
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 80303384 bytes
->Flash cache emptied: 2908 bytes

User: Adm
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 74465698 bytes
->Google Chrome cache emptied: 27282351 bytes
->Flash cache emptied: 1140 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: Misko
->Temp folder emptied: 133223020 bytes
->Temporary Internet Files folder emptied: 46215989 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 352973848 bytes
->Flash cache emptied: 167672 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Olivia
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 309257639 bytes
->Flash cache emptied: 3096645 bytes

User: Stano
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5540725 bytes
->Java cache emptied: 16824 bytes
->FireFox cache emptied: 186083991 bytes
->Flash cache emptied: 13327 bytes

User: Zuzka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 76867 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 229927058 bytes
->Google Chrome cache emptied: 367346241 bytes
->Flash cache emptied: 16651 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1200075 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 68134 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1 733,00 mb


Restore points cleared and new OTM Restore Point set!

[EMPTYFLASH]

User: %Admin!!!
->Flash cache emptied: 0 bytes

User: Adm
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: Misko
->Flash cache emptied: 0 bytes

User: NetworkService

User: Olivia
->Flash cache emptied: 0 bytes

User: Stano
->Flash cache emptied: 0 bytes

User: Zuzka
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 12302011_195358

Files moved on Reboot...

Registry entries deleted on Reboot...