VIRY.CZ

Mám takýto problém. Po spustení firefoxu/iexploreru/googlechrome mi to vypíše chybu, že sa vyskytol problém s danou aplikáciou a je ju nutné ukončiť. Okno s chybou je stále v popredí a s prehliadačom sa dá normálne pracovať, funguje bez problémov, ak zavriem okno s chybou, zavrie sa prehliadač. Zaujímavé je, že mi tú chybu vyhadzujú všetky prehliadače a aj keď mi to nespôsobuje problém s používaním, je to riadne otravné, lebo vyhadzuje to vždy po každom spustení. Skúšal som malwarebytes antimalware kontrolu a nič nenašlo. Taktiež nič nenašiel ani vundofix. Prosím o pomoc. Tu je log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by SlavoK at 2012-01-21 17:50:43
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (1%) free of 110 GB
Total RAM: 2047 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:45, on 21.1.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\SlavoK\My Documents\Programy\Antivíry\RSIT.exe
C:\Program Files\trend micro\SlavoK.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ost&s={searchTerms}&f=4
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: http://launchpad.patch.station.sony.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1788485312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2066021691
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.mheller.com/mhLbl.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: Windows Live ID Sign-in Assistant (wlidsvc) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (file missing)

--
End of file - 6522 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Driver Robot.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1604221776-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1604221776-725345543-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-23 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-11-23 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
Locked

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LXCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16 []
"lxccmon.exe"=C:\Program Files\Lexmark 3300 Series\lxccmon.exe [2005-07-21 192512]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-10-08 13851752]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-12-24 460872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Configuring]
C:\Program Files\Windows NT\leqbcdjq3.dll,W []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-08-25 1753192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoSMHelp"=01000000
"NoSMMyPictures"=01000000
"NoRecentDocsNetHood"=01000000
"NoSMMyDocs"=01000000
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoAutorun"=
"HonorAutorunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\DOCUME~1\SlavoK\LOCALS~1\Temp\301.exe"="C:\DOCUME~1\SlavoK\LOCALS~1\Temp\301.exe:*:Enabled:test"
"C:\DOCUME~1\SlavoK\LOCALS~1\Temp\58586.exe"="C:\DOCUME~1\SlavoK\LOCALS~1\Temp\58586.exe:*:Enabled:test"
"C:\DOCUME~1\Mama\LOCALS~1\Temp\6370305.exe"="C:\DOCUME~1\Mama\LOCALS~1\Temp\6370305.exe:*:Enabled:test"
"I:\driver\usb\–Ľ‡‘Š•†‘Í€ŚŽ"="I:\driver\usb\–Ľ‡‘Š•†‘Í€ŚŽ:*:Enabled:test"
"C:\qver.exe"="C:\qver.exe:*:Enabled:Windows Services"
"I:\GoogleUpdate\S-1-5-21-3064418335-3760130082-2732123630-1000\GoogleUpdate.exe"="I:\GoogleUpdate\S-1-5-21-3064418335-3760130082-2732123630-1000\GoogleUpdate.exe:*:Enabled:Windows Services"
"C:\DOCUME~1\SlavoK\LOCALS~1\Temp\eraseme_51231.exe"="C:\DOCUME~1\SlavoK\LOCALS~1\Temp\eraseme_51231.exe:*:Enabled:Windows Services"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"E:\Games\Blur\Blur.exe"="E:\Games\Blur\Blur.exe:*:Enabled:Blur"
"F:\GoogleUpdate\S-1-5-21-3064418335-3760130082-2732123630-1000\GoogleUpdate.exe"="F:\GoogleUpdate\S-1-5-21-3064418335-3760130082-2732123630-1000\GoogleUpdate.exe:*:Enabled:Windows Services"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Program Files\Autodesk\3ds Max Design 2011\3dsmax.exe"="E:\Program Files\Autodesk\3ds Max Design 2011\3dsmax.exe:*:Enabled:Autodesk 3ds Max Design 2011 32-bit"
"E:\Program Files\Autodesk\3ds Max Design 2011\mentalimages\satellite\raysat_3dsmax2011_32.exe"="E:\Program Files\Autodesk\3ds Max Design 2011\mentalimages\satellite\raysat_3dsmax2011_32.exe:*:Enabled:mental ray satellite for Autodesk 3ds Max Design 2011 32-bit"
"E:\Program Files\Autodesk\3ds Max Design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe"="E:\Program Files\Autodesk\3ds Max Design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe:*:Enabled:mental ray satellite server for Autodesk 3ds Max Design 2011 32-bit"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\Games\Steam\Steam.exe"="E:\Games\Steam\Steam.exe:*:Enabled:Steam"
"C:\Documents and Settings\SlavoK\Application Data\MSJ-Driver-4532-56324-6224\winrsnbc.exe"="C:\Documents and Settings\SlavoK\Application Data\MSJ-Driver-4532-56324-6224\winrsnbc.exe:*:Enabled:MicrosoftCFGDriver"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"E:\Program Files\Steam\Steam.exe"="E:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"E:\Games\Split Second\SplitSecond.exe"="E:\Games\Split Second\SplitSecond.exe:*:Enabled:Split/Second"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f365be1-dfe4-11de-bf80-001d924358c1}]
shell\AutoRun\command - RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\command - RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa8de425-3c23-11e0-816d-001d924358c1}]
shell\AutoRun\command - F:\APPInst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1c549ac-c8a6-11de-bf5f-001d924358c1}]
shell\AutoRun\command - F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\command - F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1c549ad-c8a6-11de-bf5f-001d924358c1}]
shell\AutoRun\command - G:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\command - G:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa44d1d1-3bbc-11dd-bc81-001d924358c1}]
shell\AutoRun\command - F:\GoogleUpdate\S-1-5-21-3064418335-3760130082-2732123630-1000\GoogleUpdate.exe
shell\open\command - F:\GoogleUpdate\S-1-5-21-3064418335-3760130082-2732123630-1000\GoogleUpdate.exe


======List of files/folders created in the last 1 months======

2012-01-21 17:38:27 ----D---- C:\Documents and Settings\All Users\Application Data\RegCure
2012-01-21 17:27:01 ----D---- C:\VundoFix Backups
2012-01-21 17:27:01 ----A---- C:\VundoFix.txt
2012-01-21 17:09:01 ----A---- C:\WINDOWS\resetlog.txt
2012-01-06 23:59:19 ----D---- C:\Program Files\CDisplay
2012-01-06 23:56:21 ----D---- C:\Documents and Settings\SlavoK\Application Data\Comical
2011-12-26 14:12:17 ----D---- C:\Documents and Settings\SlavoK\Application Data\Trine2
2011-12-24 14:35:42 ----A---- C:\WINDOWS\MegaManager.INI

======List of files/folders modified in the last 1 months======

2012-01-21 17:50:44 ----D---- C:\Program Files\trend micro
2012-01-21 17:49:41 ----RD---- C:\Program Files
2012-01-21 17:49:41 ----D---- C:\WINDOWS\Tasks
2012-01-21 17:49:40 ----D---- C:\WINDOWS\Prefetch
2012-01-21 17:10:36 ----D---- C:\WINDOWS\Temp
2012-01-21 17:10:35 ----D---- C:\WINDOWS\system32\NtmsData
2012-01-21 17:09:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-01-21 17:09:01 ----AD---- C:\WINDOWS
2012-01-21 16:57:55 ----DC---- C:\WINDOWS\system32\dllcache
2012-01-21 16:13:15 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2012-01-21 16:10:17 ----D---- C:\WINDOWS\system32\CatRoot2
2012-01-21 16:09:48 ----D---- C:\WINDOWS\system32\drivers
2012-01-21 15:34:31 ----D---- C:\Program Files\Lx_cats
2012-01-21 09:56:51 ----DC---- C:\WINDOWS\$NtUninstallKB941693$
2012-01-21 09:56:12 ----A---- C:\WINDOWS\winamp.ini
2012-01-21 09:45:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-01-21 09:20:40 ----D---- C:\Program Files\Mozilla Firefox
2012-01-20 18:26:10 ----SHD---- C:\WINDOWS\Installer
2012-01-20 18:26:10 ----HD---- C:\Program Files\InstallShield Installation Information
2012-01-18 12:22:03 ----A---- C:\WINDOWS\WDICT32.INI
2012-01-16 19:39:57 ----D---- C:\Documents and Settings\SlavoK\Application Data\TS3Client
2012-01-16 19:31:36 ----D---- C:\Program Files\TeamSpeak 3 Client
2012-01-16 15:57:17 ----RSH---- C:\boot.ini
2012-01-16 15:57:13 ----D---- C:\WINDOWS\system32\DirectX
2012-01-16 15:57:12 ----D---- C:\WINDOWS\inf
2012-01-16 15:56:50 ----D---- C:\WINDOWS\WinSxS
2012-01-16 15:56:12 ----D---- C:\WINDOWS\system32
2012-01-16 15:56:12 ----D---- C:\Program Files\NVIDIA Corporation
2012-01-08 20:20:37 ----D---- C:\Documents and Settings\SlavoK\Application Data\exe
2012-01-06 23:56:16 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-12-26 13:45:45 ----D---- C:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-10-03 281760]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-10-03 25888]
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-18 4736]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-01-30 4725760]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-10-08 9587776]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-05-26 9856]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-04-14 94592]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S1 7dd362c4;7dd362c4; C:\WINDOWS\System32\drivers\7dd362c4.sys []
S1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
S1 d0c3a864;d0c3a864; C:\WINDOWS\System32\drivers\d0c3a864.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 xwoarh;xwoarh; C:\WINDOWS\system32\drivers\xwoarh.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-04-13 273024]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\SlavoK\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 FIXUSTOR;FIXUSTOR; C:\WINDOWS\system32\DRIVERS\fixustor.sys [2007-06-11 12416]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-06-08 17480]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 PAC207;Trust WB-1400T Webcam; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 508288]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 USTOR2K;USB Mass Storage Windows Driver; C:\WINDOWS\system32\DRIVERS\ustor2k.sys [2009-03-09 28928]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 zlportio;zlportio; \??\E:\Games\UltraStar Deluxe\zlportio.sys []
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sfc;sfc; C:\WINDOWS\system32\drivers\sfc.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-11-23 153376]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 lxcc_device;lxcc_device; C:\WINDOWS\system32\lxcccoms.exe [2005-07-06 466944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe []
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe []
S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe []
S2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe []
S2 UTSCSI;CLCV0; C:\WINDOWS\system32\UTSCSI.EXE []
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-06-12 2837916]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Zdravim a pekny vecer preji

Co tak nejaky antivir, nebyl by

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

• Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
• Spustte a kliknete na Deletion
• Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

Tu je log:
############################## | UsbFix 7.014 | [Deletion]

User: SlavoK (Administrator) # SLAVOK2 [ ]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 18:08:20 | 21/01/2012
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+
CPU 2: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Windows Firewall: Disabled /!\
RAM -> 2047 Mb
C:\ (%systemdrive%) -> Fixed drive # 107 Gb (1 Mb free - 1%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Fixed drive # 125 Gb (14 Mb free - 11%) [] # NTFS
F:\ -> Fixed drive # 298 Gb (220 Mb free - 74%) [SAMSUNG] # NTFS
G:\ -> Fixed drive # 1863 Gb (1461 Mb free - 78%) [SAMSUNG] # NTFS
H:\ -> Removable drive # 7 Gb (2 Mb free - 23%) [] # NTFS

################## | Files # Infected Folders |

Deleted ! G:\Autorun.inf

################## | Registry |

Deleted ! HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SSHNAS
Deleted ! HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SSHNAS
Deleted ! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRecentDocsHistory
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRecentDocsMenu

################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{7f365be1-dfe4-11de-bf80-001d924358c1}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{aa8de425-3c23-11e0-816d-001d924358c1}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{d1c549ac-c8a6-11de-bf5f-001d924358c1}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{fa44d1d1-3bbc-11dd-bc81-001d924358c1}

################## | Listing |

[26/05/2008 - 07:12:03 | A | 0] C:\AUTOEXEC.BAT
[03/04/2010 - 17:28:49 | RASHD ] C:\autorun.inf
[16/01/2012 - 15:57:17 | RSH | 332] C:\boot.ini
[25/10/2001 - 15:00:00 | RASH | 4952] C:\Bootfont.bin
[26/05/2008 - 07:12:03 | A | 0] C:\CONFIG.SYS
[22/10/2010 - 18:59:15 | D ] C:\Documents and Settings
[26/05/2008 - 07:12:03 | RASH | 0] C:\IO.SYS
[07/12/2011 - 23:47:44 | A | 88] C:\lxcc.log
[12/11/2011 - 12:42:15 | A | 2860] C:\LXCCscan.log
[26/05/2008 - 07:12:03 | RASH | 0] C:\MSDOS.SYS
[26/05/2008 - 09:15:50 | RD ] C:\MSOCache
[03/08/2004 - 21:38:34 | RASH | 47564] C:\NTDETECT.COM
[22/10/2010 - 19:36:58 | RASH | 250048] C:\ntldr
[30/09/2010 - 21:44:08 | D ] C:\NVIDIA
[21/01/2012 - 17:10:17 | ASH | 2145386496] C:\pagefile.sys
[21/01/2012 - 17:49:41 | RD ] C:\Program Files
[13/04/2009 - 13:55:46 | RSHD ] C:\Recycled
[21/01/2012 - 18:12:12 | SHD ] C:\RECYCLER
[02/01/2010 - 09:20:25 | RSHD ] C:\RESTORE
[29/10/2011 - 12:17:35 | D ] C:\rsit
[11/12/2009 - 10:07:42 | SHD ] C:\System Volume Information
[08/12/2011 - 13:27:46 | D ] C:\Temp
[21/01/2012 - 18:12:12 | D ] C:\UsbFix
[21/01/2012 - 18:12:15 | A | 1484] C:\UsbFix.txt
[21/01/2012 - 17:27:01 | D ] C:\VundoFix Backups
[21/01/2012 - 17:38:14 | A | 134] C:\VundoFix.txt
[21/01/2012 - 17:09:01 | AD ] C:\WINDOWS
[17/01/2012 - 02:03:54 | A | 183382826] E:\2.Broke.Girls.S01E14.HDTV.XviD-ASAP.avi
[03/04/2010 - 17:28:49 | RASHD ] E:\autorun.inf
[24/10/2011 - 14:46:28 | A | 40400137] E:\BUBLINY01.pdf
[13/01/2012 - 22:04:31 | D ] E:\DC
[11/12/2009 - 10:07:28 | D ] E:\Documents and Settings
[18/01/2012 - 23:24:14 | D ] E:\Downloads
[16/01/2012 - 15:54:04 | D ] E:\Games
[17/01/2012 - 11:02:36 | A | 34131] E:\How.I.Met.Your.Mother.S07E14.HDTV.XviD-LOL.srt
[17/01/2012 - 15:07:32 | A | 183171848] E:\HowIMetYourMother.S07E14.avi
[16/01/2012 - 15:52:54 | D ] E:\Inštalácie
[11/01/2012 - 19:54:54 | D ] E:\jDownload
[18/01/2012 - 19:12:54 | A | 16689194] E:\Moon Knight 009 (2012) (Megan-Empire).cbr
[14/11/2011 - 00:53:10 | HD ] E:\msdownld.tmp
[28/10/2011 - 21:57:01 | ASH | 2145386496] E:\pagefile.sys
[07/01/2012 - 16:19:58 | RD ] E:\Program Files
[10/02/2009 - 06:00:18 | RSHD ] E:\Recycled
[21/01/2012 - 18:12:12 | SHD ] E:\RECYCLER
[11/12/2009 - 10:06:52 | SHD ] E:\System Volume Information
[20/01/2012 - 04:05:04 | N | 31698] E:\The Big Bang Theory - 05x13 - The Recombination Hypothesis.ASAP.English.HI.C.orig.Addic7ed.com - Copy.srt
[20/01/2012 - 10:33:38 | A | 183566996] E:\The.Big.Bang.Theory.S05E13.HDTV.XviD-ASAP.avi
[18/10/2010 - 08:09:41 | D ] E:\WINDOWS
[21/01/2012 - 18:09:55 | SHD ] F:\$RECYCLE.BIN
[05/01/2012 - 21:26:14 | D ] F:\Anim. seriály
[05/01/2012 - 23:44:40 | D ] F:\Inštalácie
[14/11/2011 - 13:44:53 | D ] F:\Komiksy
[14/07/2011 - 11:14:59 | HD ] F:\new
[30/10/2011 - 16:41:00 | D ] F:\Práca
[21/01/2012 - 18:12:12 | SHD ] F:\RECYCLER
[20/03/2011 - 08:18:11 | SHD ] F:\System Volume Information
[19/03/2011 - 23:14:39 | D ] F:\Škola2
[05/01/2012 - 21:20:22 | D ] G:\Animované seriály
[13/01/2012 - 14:28:24 | D ] G:\DC comics
[05/01/2012 - 21:58:07 | D ] G:\Filmy
[05/01/2012 - 22:02:57 | D ] G:\Fotky
[13/01/2012 - 14:29:16 | D ] G:\Inštalácie
[21/01/2012 - 18:12:12 | SHD ] G:\RECYCLER
[16/02/2011 - 16:26:36 | RAH | 82726] G:\SAMSUNG_EHDD.ico
[07/01/2012 - 14:13:42 | D ] G:\Seriály
[26/12/2011 - 13:09:59 | SHD ] G:\System Volume Information
[19/12/2011 - 14:02:22 | A | 1368256512] H:\1-3-3-8.com_sr-trine2.iso
[11/11/2011 - 01:27:22 | RA | 81116634] H:\Catwoman Short - BATMAN_YEAR_ONE.mkv
[21/11/2011 - 18:59:36 | A | 1559359488] H:\Cesta-(2009)---CZ-dabing---Drama,Dobr.,Thriller,-USA-2009,-107-min.avi
[26/12/2011 - 22:31:19 | D ] H:\Dungeons.and.Dragons.Daggerdale.2011.EN
[11/08/2011 - 08:05:10 | D ] H:\FF2011

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
E:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
F:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
G:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
H:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_SLAVOK2.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.

################## | E.O.F |

vyosek píše: Co tak nejaky antivir, nebyl by

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost 2 a potvrte enterem
• Utilita provede svou cinnost a da log - ten sem vlozte
• Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte

Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe

• Ulozte nejlepe na plochu
• Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Report
• Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte

Takže Roguekiller (2) log:

RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: SlavoK [Admin rights]
Mode: Remove -- Date : 01/21/2012 18:21:13

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] c4352aff4ebd1856c5e4ad4fa5342375
[BSP] 8346cc4f917c6df77bb5fd22eea5d195 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 115343 Mo
1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 225279495 | Size: 134705 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 7a37fcf060467777aa7d54424732da6a
[BSP] 6865e083c7d6eb5d5de6c2c800334246 : MaxSS MBR Code!
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 115343 Mo
1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 225279495 | Size: 134705 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt

Roguekiller (3) log:

RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: SlavoK [Admin rights]
Mode: HOSTSFix -- Date : 01/21/2012 18:21:31

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Roguekiller (4) log:

RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: SlavoK [Admin rights]
Mode: ProxyFix -- Date : 01/21/2012 18:21:44

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

MBRScan log:

MBRScan v1.0.6

OS : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR : x86 Family 15 Model 107 Stepping 2, AuthenticAMD
BOOT : Normal Boot
DATE : 2012/01/21 (ISO 8601) at 18:22:14
________________________________________________________________________________

DISK : Device\Harddisk0\DR0 __ST3250410AS (3.AAF)
BUS_TYPE : (0x03) P-ATA
USE_PIO : YES
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0 232.9 Go [Fixed] ==> MaxSS.SST.B MBR Code

MBR_MD5 : 7A37FCF060467777AA7D54424732DA6A
MBR_SHA1 : EDA66D8A34DBD4EC1CB53B315A8DA534284B1294

Device\Harddisk0\Partition1 107.4 Go 0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 125.5 Go 0x07 NTFS / HPFS
________________________________________________________________________________


_____FAKED \Device\Harddisk0\DR0

0x00000000 31 C0 8E D0 BC 00 7C 0E 1F 0E 07 66 60 88 16 00 1À.м.|....f`...
0x00000010 7E C6 06 04 7E 1E B4 48 BE 04 7E CD 13 B0 50 0F ~Æ..~.´H¾.~Í.°P.
0x00000020 82 73 01 83 2E 13 04 14 A1 13 04 C1 E0 06 A3 02 .s......¡..Áà.£.
0x00000030 7E 83 EC 0E 6A 10 89 E5 BE 99 7D B9 05 00 66 31 ~.ì.j..å¾.}¹..f1
0x00000040 DB E8 F7 00 FF 36 02 7E 07 8C 46 06 8C 5E 04 E8 Ûè÷..6.~..F..^.è
0x00000050 08 00 83 C4 10 66 61 06 1E CB 66 60 57 66 FF 36 ...Ä.fa..Ëf`Wf.6
0x00000060 14 7E 66 8F 46 08 66 FF 36 18 7E 66 8F 46 0C 66 .~f.F.f.6.~f.F.f
0x00000070 8B 45 10 66 40 66 29 46 08 66 19 5E 0C 8B 45 14 .E.f@f)F.f.^..E.
0x00000080 89 46 02 B4 42 8A 16 00 7E 89 EE CD 13 B0 52 0F .F.´B...~.îÍ.°R.
0x00000090 82 03 01 31 C0 BA 04 04 BE B4 7D 88 9F 42 7E FE ...1Àº..¾´}..B~þ
0x000000A0 C3 75 F8 8A 8F 42 7E 02 04 E8 7E 00 46 FE CE 75 Ãuø..B~..è~.FþÎu
0x000000B0 04 29 D6 88 D6 FE C3 75 EA 31 C0 89 C3 8B 56 02 .)Ö.ÖþÃuê1À.Ã.V.
0x000000C0 C1 E2 09 8B 76 04 FE C3 8A 8F 42 7E E8 5B 00 00 Áâ..v.þÃ..B~è[..
0x000000D0 E9 30 ED 89 CF 8A 8D 42 7E 26 30 0C 46 4A 75 E6 é0í.Ï..B~&0.FJuæ
0x000000E0 5F 66 8B 4D 18 66 0F B7 56 04 81 F9 FF 7F B0 53 _f.M.f.·V..ù..°S
0x000000F0 0F 87 A2 00 66 FF 75 1C 66 31 C0 66 89 45 1C 66 ..¢.f.u.f1Àf.E.f
0x00000100 F7 D0 26 67 32 02 66 42 B3 08 66 D1 E8 73 06 66 ÷Ð&g2.fB³.fÑès.f
0x00000110 35 20 83 B8 ED FE CB 75 F1 E2 E7 66 F7 D0 66 5B 5 .¸íþËuñâçf÷Ðf[
0x00000120 66 39 D8 B0 43 75 6F 66 61 C3 00 C8 89 C7 8A AD f9Ø°CuofaÃ.È.Ç.­
0x00000130 42 7E 88 AF 42 7E 88 8D 42 7E C3 66 60 BF 00 80 B~.¯B~..B~Ãf`¿..
0x00000140 8C 4E 06 89 7E 04 66 89 D8 40 89 45 14 66 0F B7 .N..~.f.Ø@.E.f.·
0x00000150 06 B2 7D 66 89 45 10 B8 20 00 E8 FD FE 8B 7E 04 .²}f.E.¸ .èýþ.~.
0x00000160 8B 55 18 FC 60 F3 A6 83 7D FE 5C 74 0D E3 0D 61 .U.ü`ó¦.}þ\t.ã.a
0x00000170 01 C7 29 C2 77 EE B0 4E EB 1C 41 4E 5F 83 C4 0E .Ç)Âwî°Në.AN_.Ä.
0x00000180 60 89 FE BF 22 7E 59 57 89 C1 F3 A4 61 E3 02 EB `.þ¿"~YW.Áó¤aã.ë
0x00000190 C9 59 57 66 61 C3 F4 EB FD 5C 62 6F 6F 74 00 00 ÉYWfaÃôëý\boot..
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 DC D7 A1 C3 A4 5A 29 6A 29 6A 00 00 80 01 ..ÜסäZ)j)j....
0x000001C0 01 00 07 FE FF FF 3F 00 00 00 C8 7D 6D 0D 00 00 ...þ..?...È}m...
0x000001D0 C1 FF 0F FE FF FF 07 7E 6D 0D B9 88 AE 0F 00 00 Á..þ...~m.¹.®...
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª

__ORIGINAL \Device\Harddisk0\DR0

0x00000000 33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C 3À.м.|ûP.P.ü¾.|
0x00000010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 ¿..PW¹å.ó¤Ë½¾.±.
0x00000020 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 8n.|.u..Å.âôÍ..õ
0x00000030 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B .Æ.It.8,tö.µ.´..
0x00000040 F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88 ð¬<.tü»..´.Í.ëò.
0x00000050 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B N.èF.s*þF..~..t.
0x00000060 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 .~..t..¶.uÒ.F...
0x00000070 46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB F...V..è!.s..¶.ë
0x00000080 BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 ¼.>þ}Uªt..~..tÈ.
0x00000090 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56 ·.ë©.ü.W.õË¿...V
0x000000A0 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC .´.Í.r#.Á$?..Þ.ü
0x000000B0 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0 0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C .w#r.9F.s.¸..».|
0x000000D0 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A .N..V.Í.sQOtN2ä.
0x000000E0 56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD V.Í.ëä.V.`»ªU´AÍ
0x000000F0 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 .r6.ûUªu0öÁ.t+a`
0x00000100 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A j.j..v..v.j.h.|j
0x00000110 01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B .j.´B.ôÍ.aas.Ot.
0x00000120 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C 2ä.V.Í.ëÖaùÃNepl
0x00000130 61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64 atn. tabulka odd
0x00000140 A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61 ¡l..Chyba pýi na
0x00000150 9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68 .¡t.n¡ opera.n¡h
0x00000160 6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F o syst.mu.Opera.
0x00000170 6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65 n¡ syst.m nenale
0x00000180 7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00 zen.............
0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 00 00 00 2C 44 6A 29 6A 29 6A 00 00 80 01 .....,Dj)j)j....
0x000001C0 01 00 07 FE FF FF 3F 00 00 00 C8 7D 6D 0D 00 00 ...þ..?...È}m...
0x000001D0 C1 FF 0F FE FF FF 07 7E 6D 0D B9 88 AE 0F 00 00 Á..þ...~m.¹.®...
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª

Antivír používam jedine Antimalware. Antivír, ktorý by bol vždy spustený nepoužívam žiadny, mám s nimi len zlé skúsenosti.

MBAM neni antivir - tedy ve sve free verzi = nema ochranu v realnem case, je to jen antiSpy na obcasnou kontrolu

Pak se neni cemu divit, ze mate PC zaliskane jak jete

Jak spatne zkusenosti mate s antiviry obecne? Pripadne jake spatne zkusenosti mate s Avastem Free, ktery mohu jen doporucit

Spomaľujú počítač, vyhadzujú chyby tam, kde chyby nie sú, keď už nejaký problém mám tak počas skenu nič nenájdu (pričom antimalware nájde), zablokujú prístup na USB namiesto toho, aby odstránili to čo sa im nepáči. Antivíry mi vždy spôsobovali viac nervov než samotné víry tak idem bez nich. Môj operačný systém je Windows XP a počítač beží bez problémov už nejakých 5 rokov. Ani raz som nemusel OS preinštalovávať a s každým problémom, ktorý som mal som si vždy nejako poradil.

Zpomaleni PC - takova Avira ma zcela minimalni pozadavky

MBAM miva daleko daleko vice falesnych poplachu nez treba Avast ci MSE

vetsinou, treba Avast, zablokuje pristup na USBecko, smazne bordel a pak se da normalne rozjet

Antivir samotny nedokaze PC zcela ochranit, protoze je to antivir, nikoli antiSpy, jako treba MBAM, kazdy se specializuje na neco jineho

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Už párkrát som combofix spúšťal ale nikdy nepracoval tak dlho. Aj napriek tomu problém s chybami pri spustení prehliadača odstránený nebol, chyby stále vypisuje. Tu je log:

ComboFix 12-01-21.02 - SlavoK 21.01.2012 19:16:42.10.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1466 [GMT 1:00]
Running from: c:\documents and settings\SlavoK\Desktop\ComboFix.exe
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\SlavoK\Application Data\Desktopicon
c:\documents and settings\SlavoK\Application Data\facemoods.com
c:\documents and settings\SlavoK\Local Settings\Application Data\assembly\tmp
c:\documents and settings\SlavoK\WINDOWS
c:\recycled\Recycled
C:\restore
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\_005003_.tmp.dll
c:\windows\system32\_005005_.tmp.dll
c:\windows\system32\_005012_.tmp.dll
c:\windows\system32\_005013_.tmp.dll
c:\windows\system32\_005014_.tmp.dll
c:\windows\system32\_005015_.tmp.dll
c:\windows\system32\_005017_.tmp.dll
c:\windows\system32\_005018_.tmp.dll
c:\windows\system32\_005019_.tmp.dll
c:\windows\system32\_005021_.tmp.dll
c:\windows\system32\_005022_.tmp.dll
c:\windows\system32\_005029_.tmp.dll
c:\windows\system32\_005030_.tmp.dll
c:\windows\system32\_005031_.tmp.dll
c:\windows\system32\_005032_.tmp.dll
c:\windows\system32\_005034_.tmp.dll
c:\windows\system32\_005035_.tmp.dll
c:\windows\system32\_005037_.tmp.dll
c:\windows\system32\_005039_.tmp.dll
c:\windows\system32\_005040_.tmp.dll
c:\windows\system32\_005041_.tmp.dll
c:\windows\system32\_005042_.tmp.dll
c:\windows\system32\_005045_.tmp.dll
c:\windows\system32\_005047_.tmp.dll
c:\windows\system32\_005048_.tmp.dll
c:\windows\system32\_005052_.tmp.dll
c:\windows\system32\_005053_.tmp.dll
c:\windows\system32\_005054_.tmp.dll
c:\windows\system32\_005055_.tmp.dll
c:\windows\system32\_005058_.tmp.dll
c:\windows\system32\_005059_.tmp.dll
c:\windows\system32\_005060_.tmp.dll
c:\windows\system32\_005062_.tmp.dll
c:\windows\system32\_005066_.tmp.dll
c:\windows\system32\_005068_.tmp.dll
c:\windows\system32\_005071_.tmp.dll
c:\windows\system32\_005075_.tmp.dll
c:\windows\system32\_005076_.tmp.dll
c:\windows\system32\_005080_.tmp.dll
c:\windows\system32\_005081_.tmp.dll
c:\windows\system32\_005082_.tmp.dll
c:\windows\system32\_005083_.tmp.dll
c:\windows\system32\_005088_.tmp.dll
c:\windows\system32\_005090_.tmp.dll
c:\windows\system32\ctfmon .exe
c:\windows\system32\kabaker.dll
c:\windows\system32\mswmpdat.tlb
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\SET11DD.tmp
c:\windows\system32\SET1274.tmp
c:\windows\system32\SET14B.tmp
c:\windows\system32\SET14C.tmp
c:\windows\system32\SET14D.tmp
c:\windows\system32\SET14F.tmp
c:\windows\system32\SET150.tmp
c:\windows\system32\SET152.tmp
c:\windows\system32\SET157.tmp
c:\windows\system32\SET158.tmp
c:\windows\system32\SET15B.tmp
c:\windows\system32\SET15D.tmp
c:\windows\system32\SET15E.tmp
c:\windows\system32\SET161.tmp
c:\windows\system32\SET167.tmp
c:\windows\system32\SET168.tmp
c:\windows\system32\SET16A.tmp
c:\windows\system32\SET16B.tmp
c:\windows\system32\SET16C.tmp
c:\windows\system32\SET16D.tmp
c:\windows\system32\SET16E.tmp
c:\windows\system32\SET170.tmp
c:\windows\system32\SET171.tmp
c:\windows\system32\SET173.tmp
c:\windows\system32\SET177.tmp
c:\windows\system32\SET178.tmp
c:\windows\system32\SET17A.tmp
c:\windows\system32\SET17B.tmp
c:\windows\system32\SET17C.tmp
c:\windows\system32\SET17D.tmp
c:\windows\system32\SET17E.tmp
c:\windows\system32\SET180.tmp
c:\windows\system32\SET181.tmp
c:\windows\system32\SET182.tmp
c:\windows\system32\SET183.tmp
c:\windows\system32\SET185.tmp
c:\windows\system32\SET186.tmp
c:\windows\system32\SET187.tmp
c:\windows\system32\SET18E.tmp
c:\windows\system32\SET191.tmp
c:\windows\system32\SET192.tmp
c:\windows\system32\SET195.tmp
c:\windows\system32\SET196.tmp
c:\windows\system32\SET199.tmp
c:\windows\system32\SET19C.tmp
c:\windows\system32\SET19D.tmp
c:\windows\system32\SET19E.tmp
c:\windows\system32\SET19F.tmp
c:\windows\system32\SET1A0.tmp
c:\windows\system32\SET1A2.tmp
c:\windows\system32\SET1A4.tmp
c:\windows\system32\SET1AA.tmp
c:\windows\system32\SET1AC.tmp
c:\windows\system32\SET1AF.tmp
c:\windows\system32\SET1B0.tmp
c:\windows\system32\SET1B3.tmp
c:\windows\system32\SET1B4.tmp
c:\windows\system32\SET1B5.tmp
c:\windows\system32\SET1BA.tmp
c:\windows\system32\SET1BB.tmp
c:\windows\system32\SET1BD.tmp
c:\windows\system32\SET1BE.tmp
c:\windows\system32\SET1BF.tmp
c:\windows\system32\SET1C0.tmp
c:\windows\system32\SET1CB.tmp
c:\windows\system32\SET1CF.tmp
c:\windows\system32\SET1D2.tmp
c:\windows\system32\SET1D3.tmp
c:\windows\system32\SET1D4.tmp
c:\windows\system32\SET1D8.tmp
c:\windows\system32\SET1DF.tmp
c:\windows\system32\SET1E0.tmp
c:\windows\system32\SET1E6.tmp
c:\windows\system32\SET1EB.tmp
c:\windows\system32\SET1ED.tmp
c:\windows\system32\SET1F0.tmp
c:\windows\system32\SET1F1.tmp
c:\windows\system32\SET1F3.tmp
c:\windows\system32\SET1F4.tmp
c:\windows\system32\SET1FB.tmp
c:\windows\system32\SET1FC.tmp
c:\windows\system32\SET1FD.tmp
c:\windows\system32\SET200.tmp
c:\windows\system32\SET201.tmp
c:\windows\system32\SET202.tmp
c:\windows\system32\SET205.tmp
c:\windows\system32\SET206.tmp
c:\windows\system32\SET20E.tmp
c:\windows\system32\SET214.tmp
c:\windows\system32\SET215.tmp
c:\windows\system32\SET216.tmp
c:\windows\system32\SET219.tmp
c:\windows\system32\SET21B.tmp
c:\windows\system32\SET21F.tmp
c:\windows\system32\SET221.tmp
c:\windows\system32\SET223.tmp
c:\windows\system32\SET226.tmp
c:\windows\system32\SET227.tmp
c:\windows\system32\SET229.tmp
c:\windows\system32\SET22A.tmp
c:\windows\system32\SET231.tmp
c:\windows\system32\SET233.tmp
c:\windows\system32\SET234.tmp
c:\windows\system32\SET23C.tmp
c:\windows\system32\SET23D.tmp
c:\windows\system32\SET23F.tmp
c:\windows\system32\SET242.tmp
c:\windows\system32\SET244.tmp
c:\windows\system32\SET248.tmp
c:\windows\system32\SET24E.tmp
c:\windows\system32\SET24F.tmp
c:\windows\system32\SET250.tmp
c:\windows\system32\SET253.tmp
c:\windows\system32\SET259.tmp
c:\windows\system32\SET25A.tmp
c:\windows\system32\SET25B.tmp
c:\windows\system32\SET262.tmp
c:\windows\system32\SET263.tmp
c:\windows\system32\SET266.tmp
c:\windows\system32\SET267.tmp
c:\windows\system32\SET268.tmp
c:\windows\system32\SET269.tmp
c:\windows\system32\SET26A.tmp
c:\windows\system32\SET26C.tmp
c:\windows\system32\SET26D.tmp
c:\windows\system32\SET26E.tmp
c:\windows\system32\SET270.tmp
c:\windows\system32\SET271.tmp
c:\windows\system32\SET272.tmp
c:\windows\system32\SET278.tmp
c:\windows\system32\SET27B.tmp
c:\windows\system32\SET27D.tmp
c:\windows\system32\SET27E.tmp
c:\windows\system32\SET27F.tmp
c:\windows\system32\SET284.tmp
c:\windows\system32\SET285.tmp
c:\windows\system32\SET286.tmp
c:\windows\system32\SET288.tmp
c:\windows\system32\SET28B.tmp
c:\windows\system32\SET28E.tmp
c:\windows\system32\SET292.tmp
c:\windows\system32\SET293.tmp
c:\windows\system32\SET296.tmp
c:\windows\system32\SET298.tmp
c:\windows\system32\SET299.tmp
c:\windows\system32\SET29A.tmp
c:\windows\system32\SET2A2.tmp
c:\windows\system32\SET2A5.tmp
c:\windows\system32\SET2AB.tmp
c:\windows\system32\SET2AC.tmp
c:\windows\system32\SET2AF.tmp
c:\windows\system32\SET2B5.tmp
c:\windows\system32\SET2B6.tmp
c:\windows\system32\SET2B8.tmp
c:\windows\system32\SET2BB.tmp
c:\windows\system32\SET2BC.tmp
c:\windows\system32\SET2C0.tmp
c:\windows\system32\SET2C1.tmp
c:\windows\system32\SET2C2.tmp
c:\windows\system32\SET2C4.tmp
c:\windows\system32\SET2C5.tmp
c:\windows\system32\SET2C6.tmp
c:\windows\system32\SET2C7.tmp
c:\windows\system32\SET2C9.tmp
c:\windows\system32\SET2CA.tmp
c:\windows\system32\SET2CB.tmp
c:\windows\system32\SET2CC.tmp
c:\windows\system32\SET2CD.tmp
c:\windows\system32\SET2CE.tmp
c:\windows\system32\SET2CF.tmp
c:\windows\system32\SET2D1.tmp
c:\windows\system32\SET2D2.tmp
c:\windows\system32\SET2D3.tmp
c:\windows\system32\SET2D4.tmp
c:\windows\system32\SET2D6.tmp
c:\windows\system32\SET2D7.tmp
c:\windows\system32\SET2D8.tmp
c:\windows\system32\SET2DD.tmp
c:\windows\system32\SET2DF.tmp
c:\windows\system32\SET2E0.tmp
c:\windows\system32\SET2E1.tmp
c:\windows\system32\SET2E2.tmp
c:\windows\system32\SET2E5.tmp
c:\windows\system32\SET2E8.tmp
c:\windows\system32\SET2E9.tmp
c:\windows\system32\SET2EA.tmp
c:\windows\system32\SET2EB.tmp
c:\windows\system32\SET2ED.tmp
c:\windows\system32\SET2F1.tmp
c:\windows\system32\SET2F2.tmp
c:\windows\system32\SET2F3.tmp
c:\windows\system32\SET2F4.tmp
c:\windows\system32\SET2F6.tmp
c:\windows\system32\SET2F9.tmp
c:\windows\system32\SET2FC.tmp
c:\windows\system32\SET2FF.tmp
c:\windows\system32\SET301.tmp
c:\windows\system32\SET307.tmp
c:\windows\system32\SET308.tmp
c:\windows\system32\SET309.tmp
c:\windows\system32\SET30F.tmp
c:\windows\system32\SET313.tmp
c:\windows\system32\SET316.tmp
c:\windows\system32\SET317.tmp
c:\windows\system32\SET318.tmp
c:\windows\system32\SET31E.tmp
c:\windows\system32\SET31F.tmp
c:\windows\system32\SET322.tmp
c:\windows\system32\SET324.tmp
c:\windows\system32\SET32C.tmp
c:\windows\system32\SET32F.tmp
c:\windows\system32\SET330.tmp
c:\windows\system32\SET336.tmp
c:\windows\system32\SET338.tmp
c:\windows\system32\SET339.tmp
c:\windows\system32\SET33A.tmp
c:\windows\system32\SET33B.tmp
c:\windows\system32\SET33F.tmp
c:\windows\system32\SET340.tmp
c:\windows\system32\SET344.tmp
c:\windows\system32\SET348.tmp
c:\windows\system32\SET34E.tmp
c:\windows\system32\SET353.tmp
c:\windows\system32\SET355.tmp
c:\windows\system32\SET356.tmp
c:\windows\system32\SET357.tmp
c:\windows\system32\SET35B.tmp
c:\windows\system32\SET360.tmp
c:\windows\system32\SET363.tmp
c:\windows\system32\SET36A.tmp
c:\windows\system32\SET36B.tmp
c:\windows\system32\SET376.tmp
c:\windows\system32\SET378.tmp
c:\windows\system32\SET379.tmp
c:\windows\system32\SET380.tmp
c:\windows\system32\SET381.tmp
c:\windows\system32\SET386.tmp
c:\windows\system32\SET388.tmp
c:\windows\system32\SET38B.tmp
c:\windows\system32\SET392.tmp
c:\windows\system32\SET394.tmp
c:\windows\system32\SET3A0.tmp
c:\windows\system32\SET3A3.tmp
c:\windows\system32\SET3B4.tmp
c:\windows\system32\SET3B9.tmp
c:\windows\system32\SET3BF.tmp
c:\windows\system32\SET3CD.tmp
c:\windows\system32\SET3E0.tmp
c:\windows\system32\SET3E8.tmp
c:\windows\system32\SET3E9.tmp
c:\windows\system32\SET3EB.tmp
c:\windows\system32\SET3EC.tmp
c:\windows\system32\SET3ED.tmp
c:\windows\system32\SET3EF.tmp
c:\windows\system32\SET3F0.tmp
c:\windows\system32\SET3F2.tmp
c:\windows\system32\SET3F3.tmp
c:\windows\system32\SET3F5.tmp
c:\windows\system32\SET3FA.tmp
c:\windows\system32\SET402.tmp
c:\windows\system32\SET403.tmp
c:\windows\system32\SET408.tmp
c:\windows\system32\SET40C.tmp
c:\windows\system32\SET40F.tmp
c:\windows\system32\SET412.tmp
c:\windows\system32\SET414.tmp
c:\windows\system32\SET417.tmp
c:\windows\system32\SET420.tmp
c:\windows\system32\SET422.tmp
c:\windows\system32\SET428.tmp
c:\windows\system32\SET42C.tmp
c:\windows\system32\SET430.tmp
c:\windows\system32\SET432.tmp
c:\windows\system32\SET436.tmp
c:\windows\system32\SET438.tmp
c:\windows\system32\SET43D.tmp
c:\windows\system32\SET440.tmp
c:\windows\system32\SET445.tmp
c:\windows\system32\SET44B.tmp
c:\windows\system32\SET450.tmp
c:\windows\system32\SET477.tmp
c:\windows\system32\SET47F.tmp
c:\windows\system32\SET480.tmp
c:\windows\system32\SET482.tmp
c:\windows\system32\SET483.tmp
c:\windows\system32\SET484.tmp
c:\windows\system32\SET487.tmp
c:\windows\system32\SET489.tmp
c:\windows\system32\SET48A.tmp
c:\windows\system32\SET48C.tmp
c:\windows\system32\SET491.tmp
c:\windows\system32\SET49F.tmp
c:\windows\system32\SET4A6.tmp
c:\windows\system32\SET4AE.tmp
c:\windows\system32\SET4B7.tmp
c:\windows\system32\SET4B9.tmp
c:\windows\system32\SET4BF.tmp
c:\windows\system32\SET4C3.tmp
c:\windows\system32\SET4C7.tmp
c:\windows\system32\SET4C9.tmp
c:\windows\system32\SET4CF.tmp
c:\windows\system32\SET4D4.tmp
c:\windows\system32\SET4D7.tmp
c:\windows\system32\SET4DC.tmp
c:\windows\system32\SET5D8.tmp
c:\windows\system32\SET5DE.tmp
c:\windows\system32\SET66F.tmp
c:\windows\system32\SET675.tmp
c:\windows\system32\tmp1FD.tmp
c:\windows\system32\tmp1FE.tmp
c:\windows\system32\tmp290.tmp
c:\windows\system32\tmp291.tmp
c:\windows\system32\tmpBE.tmp
c:\windows\system32\tmpE3C.tmp
c:\windows\system32\tmpE3D.tmp
c:\windows\system32\winview.ocx
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SFC
-------\Service_sfc
.
.
((((((((((((((((((((((((( Files Created from 2011-12-21 to 2012-01-21 )))))))))))))))))))))))))))))))
.
.
2012-01-21 17:08 . 2012-01-21 17:12 -------- d-----w- C:\UsbFix
2012-01-21 16:38 . 2012-01-21 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2012-01-21 16:27 . 2012-01-21 16:27 -------- d-----w- C:\VundoFix Backups
2012-01-21 15:25 . 2001-08-17 12:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2012-01-21 15:24 . 2008-04-13 23:10 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2012-01-21 15:23 . 2008-04-13 23:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2012-01-21 15:22 . 2001-08-17 21:36 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2012-01-21 15:21 . 2001-08-17 11:12 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
2012-01-21 15:20 . 2008-04-13 23:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2012-01-21 15:19 . 2001-08-17 12:52 22400 -c--a-w- c:\windows\system32\dllcache\asc3350p.sys
2012-01-21 08:20 . 2011-09-20 18:22 553880 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2012-01-06 22:59 . 2012-01-06 22:59 -------- d-----w- c:\program files\CDisplay
2012-01-06 22:56 . 2012-01-06 22:57 -------- d-----w- c:\documents and settings\SlavoK\Application Data\Comical
2011-12-26 13:12 . 2011-12-26 13:12 -------- d-----w- c:\documents and settings\SlavoK\Application Data\Trine2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-21 17:12 . 2012-01-21 17:12 3296 ----a-w- C:\UsbFix_Upload_Me_SLAVOK2.zip
2012-01-06 22:56 . 2011-08-12 12:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 14:24 . 2009-05-05 18:09 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 16:45 . 2011-11-23 16:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-23 16:45 . 2010-05-21 13:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-28 08:00 . 2011-11-07 14:05 74752 ----a-w- c:\windows\system32\ff_vfw.dll
2007-02-13 15:22 . 2010-01-09 13:34 947472 ----a-w- c:\program files\msjava.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 73728]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 192512]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-08 13851752]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoAutorun"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoSMMyPictures"= 01000000
"NoRecentDocsNetHood"= 01000000
"NoSMMyDocs"= 01000000
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 03:42 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-08-25 22:12 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"i:\\driver\\usb\\–Ľ‡‘Š•†‘Í€ŚŽ"=
"e:\\Games\\Blur\\Blur.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\SlavoK\\Application Data\\MSJ-Driver-4532-56324-6224\\winrsnbc.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"e:\\Games\\Split Second\\SplitSecond.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1828:TCP"= 1828:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.5.2008 17:01 722416]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21.1.2012 9:45 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5.5.2009 19:09 20464]
S1 7dd362c4;7dd362c4;c:\windows\system32\drivers\7dd362c4.sys --> c:\windows\system32\drivers\7dd362c4.sys [?]
S1 d0c3a864;d0c3a864;c:\windows\system32\drivers\d0c3a864.sys --> c:\windows\system32\drivers\d0c3a864.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 xwoarh;xwoarh; [x]
S3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [5.4.2010 18:22 12416]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [8.5.2010 9:37 36608]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [24.2.2005 12:29 508288]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [8.5.2010 9:37 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [8.5.2010 9:37 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [8.5.2010 9:37 121856]
S3 USTOR2K;USB Mass Storage Windows Driver;c:\windows\system32\drivers\ustor2k.sys [5.4.2010 18:17 28928]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S3 zlportio;zlportio;\??\e:\games\UltraStar Deluxe\zlportio.sys --> e:\games\UltraStar Deluxe\zlportio.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: sony.com\launchpad.patch.station
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\SlavoK\Application Data\Mozilla\Firefox\Profiles\ne6hvnge.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Ext: U Flv: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: {7645f4b1-1f19-13dd-2d6b-0200600c2a56}: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: KFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a16}: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: VFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a17}: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: VFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a18} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a18}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a18}: {8675f4b3-2f19-11ed-2d6b-0800600c0a18} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a18}
FF - Ext: Feedback module: {8675f4b3-2f19-11ed-2d6b-0800600c0a19} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a19}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a19}: {8675f4b3-2f19-11ed-2d6b-0800600c0a19} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a19}
FF - Ext: SOE Web Installer: {000F1EA4-5E08-4564-A29B-29076F63A37A} - %profile%\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-Configuring - c:\program files\Windows NT\leqbcdjq3.dll
MSConfigStartUp-egui - c:\program files\ESET\ESET Smart Security\egui.exe
AddRemove-Blend_2.0.1523.0 - c:\program files\Microsoft Expression\Blend 2\Setup\XSetup.exe
AddRemove-Design_5.0.1379.0 - c:\program files\Microsoft Expression\Design 2\Setup\XSetup.exe
AddRemove-QIP Infium JadrisPack 2.6.1 - c:\qip infium jadrispack\Uninstall.exe
AddRemove-WYSIWYG_Web_Builder_5 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-21 20:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1454471165-1604221776-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1454471165-1604221776-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:0f,27,0f,82,b0,d4,0b,0a,7d,c0,e3,0b,81,91,24,99,5f,59,d5,63,84,
aa,5e,af,9c,93,fb,22,76,a9,11,0a,e6,84,cf,01,a5,f6,c3,8e,f6,bc,54,93,8f,e0,\
"rkeysecu"=hex:dc,e3,9b,b6,8f,b8,8b,dc,7e,0c,78,9f,d6,5d,b5,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3096)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\msls31.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\lxcccoms.exe
.
**************************************************************************
.
Completion time: 2012-01-21 20:54:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-21 19:53
.
Pre-Run: 1 437 536 256 bytes free
Post-Run: 1 566 261 248 voľných bajtov
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0C60AF80E4AA0852242BABD6E35A7E9E

Prosim o strpeni, problem konzultuji s kolegy...Mate tam peknou mrchu

To je to nepouzivani antiviru, zaliskane jak jetel od sklepa na pudu

Stahnete aswMBR http://public.avast.com/%7Egmerek/aswMBR.exe a ulozte jej na plochu.

• Utilitu spustte a prikazte ji, at skenuje - klik na Scan
• Po dokonceni skenu kliknutim na Save log ulozte log aswMBR na plochu
• Obsah logu aswMBR mi sem vlozte

Stiahol som, spustil som a nič. Vôbec nič nenabehlo, takže asi sa to spustiť nechce.

Tak Malwarebytes antimalware, vundofix - tie nič nenašli. Potom RSIT, USBFix, Roguekiller, MBRScan a Combofix - všetky tie logy sú tu v tejto téme. ASWMBR sa nechce spustiť.

Ide o stolné PC nie o notebook, je to PC bez značky (skladané)

Dump selected MBR som spravil, lenže tlačidlo FixMBR je sivým, nedá sa na neho kliknúť.