ASC - odstranení spyware sa zasekne. Vyřešeno

[brano]

Dobrý deň, keď robím dennú údržbu v Advanced SystemCare free, tak sa mi niekedy hneď v prvej položke "odstranení spyware" asi zasekne skenovanie pri Skenuji:Roguel/Easy SpyRemover. Tvári sa, že skenuje,ale pol hodina a stále nič. Pritom Spyboot mi gratuloval, že sa nenašli žiadne špionážne produkty, Eset tiež nič, IObit Sec. 360 Beta 3.1 tiež nič, MbAM aktualizované všetko čisté (robím len sken, iné sa neodvážim bez
inštrukcií). Všetko prečistené TuneUp,Windows Doctor,ASC,CCleaner,FCleaner,Wise. Tak neviem kde je chyba, lebo predtým to skenovalo pár sekúnd. Rozmýšlam, že možno bude najjednoduchšie odinštalovať a znova nainštalovať, ale prosím o radu.

[Reklama]

[Damned]

Jak píše: Easy SpyRemover - rogue.

Je to rogue aplikace, která Spyware neodstraňuje, ale vyzyvá k zakoupení Pro verze, proto Easy SpyRemover odinstaluj.
Pokud ho nemůže celý odstranit, ASC se zasekne.

Pokud nepůjde odinstalovat, vlož sem log z HJT.

[brano]

Nenašiel som to ani v položkách ACS ani cez vyhľadávenie.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:53, on 17.8.2009
Platform: Windows XP SP3, v.5755 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\BurnAware Free\nmsaccessu.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\Laplink Everywhere\ServerProxyService.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Laplink\winShadow\shwSrvc.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zoznam.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66020
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=66020
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: MySpace Toolbar - {28AED1AF-B164-44CD-B435-CF04AA955015} - C:\Program Files\MySpace\Toolbar\1.0.45.0\MySpaceToolbar.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O3 - Toolbar: MySpace Toolbar - {28AED1AF-B164-44CD-B435-CF04AA955015} - C:\Program Files\MySpace\Toolbar\1.0.45.0\MySpaceToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7316118328
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Desktop Manager 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9b074adf011ba) (gupdate1c9b074adf011ba) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\BurnAware Free\nmsaccessu.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: ServerProxyService - Unknown owner - C:\Program Files\Laplink Everywhere\ServerProxyService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: winShadow - OmniCom Technologies - C:\Program Files\Laplink\winShadow\shwSrvc.exe

--
End of file - 12584 bytes

[brano]

To je záhada, nič som nerobil a teraz mi to prebehlo v poriadku. Odstranení spyware není problém. :-) Tak neviem prečo sa to niekedy zasekne a niekedy nie.
Dal som to asi 5x za sebou aj s časovým odstupom a ide to teraz.

[Damned]

Je možně, že tam kousek po něm zbyl. Kde přesně ti to ASC hlásí?

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[brano]

Hlásilo mi to asi tak trošku za polovicou skenovania, vždy keď nabehlo - Skenuji: Rouge/Easy SpyRemover , ale odkedy som sem dal log z HjT tak to ide v poriadku.

Malwarebytes' Anti-Malware 1.40
Verzia databázy: 2643
Windows 5.1.2600 Service Pack 3, v.5755

17.8.2009 22:19:19
mbam-log-2009-08-17 (22-19-19).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 86066
Uplynutý cas: 3 minute(s), 32 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 0

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
(Žiadne škodlivé položky)

[Damned]

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[brano]

ComboFix 09-08-10.06 - PC 17.08.2009 22:53.10.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1303 [GMT 2:00]
Running from: c:\documents and settings\PC\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\PC\LOCALS~1\Temp\install_flash_player.exe
c:\windows\Installer\WMEncoder.msi
c:\windows\SW_Win2146X32.DLL

.
((((((((((((((((((((((((( Files Created from 2009-07-17 to 2009-08-17 )))))))))))))))))))))))))))))))
.

2009-08-14 21:24 . 2009-08-14 21:24 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Help
2009-08-14 12:19 . 2008-01-09 09:28 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2009-08-14 12:18 . 2009-08-14 12:18 148736 ----a-w- c:\documents and settings\All Users\Application Data\hpe1F93.dll
2009-08-13 08:04 . 2009-08-13 08:07 -------- d-----w- c:\program files\Wise Disk Cleaner
2009-08-13 08:02 . 2009-08-13 08:06 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-08-13 08:00 . 2009-08-12 10:50 21192 ----a-w- c:\windows\system32\dopdfmn6.dll
2009-08-13 08:00 . 2009-08-12 10:50 18632 ----a-w- c:\windows\system32\dopdfmi6.dll
2009-08-13 08:00 . 2009-08-13 08:00 -------- d-----w- c:\program files\Softland
2009-08-12 18:02 . 2009-08-12 18:02 0 ----a-w- c:\windows\nsreg.dat
2009-08-11 18:40 . 2009-08-11 18:40 -------- d-----w- c:\windows\system32\Adobe
2009-08-11 17:47 . 2009-08-11 17:47 152576 ----a-w- c:\documents and settings\PC\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-08-11 15:38 . 2009-08-11 15:38 -------- d-----w- c:\program files\Secunia
2009-08-11 13:37 . 2009-08-11 13:37 -------- d-----w- c:\program files\DivX
2009-08-11 13:37 . 2009-08-11 13:37 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-10 11:42 . 2009-08-17 15:28 -------- d-----w- c:\program files\Opera 10 Beta
2009-08-08 09:45 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-08 09:45 . 2009-08-08 09:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-08 09:45 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-07 17:27 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-08-07 17:26 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-08-07 17:26 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-08-07 17:26 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-08-07 17:26 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-08-07 17:26 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-08-07 17:26 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-08-07 17:26 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\divx.dll
2009-08-07 17:26 . 2009-01-07 18:14 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-08-07 17:26 . 2009-08-07 20:57 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-08-06 18:08 . 2009-08-12 14:42 -------- d-----w- c:\windows\Lhsp
2009-08-06 10:52 . 2009-08-07 17:12 -------- d-----w- c:\windows\speech
2009-08-06 10:20 . 2009-08-07 17:12 -------- d-----w- c:\program files\Keepinhead
2009-08-05 09:10 . 2009-08-05 09:10 -------- d-----w- c:\program files\FileHippo.com
2009-08-05 08:44 . 2009-08-05 08:44 152576 ----a-w- c:\documents and settings\PC\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-04 15:15 . 2009-08-04 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\FTWeak
2009-08-04 15:15 . 2009-08-05 09:21 -------- d-----w- c:\program files\FCleaner
2009-08-04 15:13 . 2009-08-04 15:14 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2009-08-01 04:49 . 2009-08-01 04:49 125 ----a-w- c:\documents and settings\PC\Local Settings\Application Data\fusioncache.dat
2009-08-01 04:49 . 2009-08-01 04:50 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\ApplicationHistory
2009-07-31 15:11 . 2009-07-31 15:11 -------- d-----w- c:\windows\system32\URTTEMP
2009-07-29 13:35 . 2009-07-29 13:35 -------- d-----w- c:\program files\CCleaner
2009-07-28 20:05 . 2009-07-28 20:06 -------- dc-h--w- c:\windows\ie8
2009-07-28 20:04 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-28 20:04 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-28 20:02 . 2009-01-07 16:20 134144 -c----w- c:\windows\system32\dllcache\sqmapi.dll
2009-07-28 12:22 . 2009-07-28 12:22 -------- d-----w- c:\program files\BurnAware Free
2009-07-28 12:00 . 2009-08-01 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-24 10:30 . 2009-07-24 10:30 -------- d-----w- c:\program files\Defraggler
2009-07-24 10:28 . 2009-07-24 10:28 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Lingoes
2009-07-24 10:28 . 2009-07-24 10:28 -------- d-----w- c:\documents and settings\PC\Application Data\Lingoes
2009-07-24 10:28 . 2009-07-24 10:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Lingoes
2009-07-24 07:11 . 2009-07-24 07:11 -------- d-----w- c:\documents and settings\PC\Application Data\Docx2Rtf
2009-07-22 17:06 . 2009-07-24 05:24 -------- d-----w- c:\documents and settings\PC\Application Data\Skype
2009-07-22 17:05 . 2009-07-22 17:06 -------- d-----r- c:\program files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 20:52 . 2009-04-30 11:58 -------- d-----w- c:\program files\PeerGuardian2
2009-08-17 18:55 . 2009-03-13 10:36 -------- d-----w- c:\documents and settings\PC\Application Data\AIMP
2009-08-17 15:30 . 2009-03-07 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-17 12:41 . 2008-11-01 14:44 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2009-08-14 19:44 . 2009-08-14 19:44 -------- d-----w- c:\program files\Softinterface, Inc
2009-08-14 19:28 . 2009-03-17 16:26 -------- d-----w- c:\program files\INŠTALÁCIE
2009-08-14 16:28 . 2008-11-01 15:31 1 ----a-w- c:\documents and settings\PC\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-14 12:18 . 2008-11-04 06:53 -------- d-----w- c:\program files\Sony Ericsson
2009-08-14 12:18 . 2008-11-01 20:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-14 08:23 . 2008-12-23 19:56 -------- d-----w- c:\program files\Google
2009-08-13 21:17 . 2008-12-05 16:38 -------- d-----w- c:\program files\Java
2009-08-13 10:57 . 2009-02-13 11:14 -------- d-----w- c:\documents and settings\PC\Application Data\tor
2009-08-11 15:49 . 2009-04-22 15:48 -------- d-----w- c:\documents and settings\PC\Application Data\cspa
2009-08-10 06:20 . 2009-07-04 19:43 -------- d-----w- c:\program files\IObit
2009-08-08 09:42 . 2009-06-15 18:56 -------- d-----w- c:\program files\Trend Micro
2009-08-07 20:57 . 2009-05-07 22:41 -------- d-----w- c:\program files\QuickMediaConverter
2009-08-06 19:44 . 2008-11-03 15:33 17480 ----a-w- c:\documents and settings\PC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 10:19 . 2009-02-04 14:44 -------- d-----w- c:\documents and settings\PC\Application Data\Desktopicon
2009-08-05 09:01 . 2008-02-12 13:59 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:16 . 2009-06-02 21:05 -------- d-----w- c:\documents and settings\PC\Application Data\FTWeak
2009-08-04 15:14 . 2009-02-12 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2009-08-03 21:16 . 2009-06-19 06:19 -------- d-----w- c:\documents and settings\PC\Application Data\vlc
2009-07-31 13:23 . 2008-12-05 16:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-30 14:55 . 2009-05-22 10:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-29 13:33 . 2009-04-25 12:13 -------- d-----w- c:\program files\VideoLAN
2009-07-22 17:05 . 2008-11-22 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-17 19:01 . 2008-02-12 13:58 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 21:35 . 2009-03-13 10:36 -------- d-----w- c:\program files\AIMP2
2009-07-16 15:14 . 2009-08-14 19:44 1720320 ----a-w- c:\windows\system32\beconvlib.dll
2009-07-16 08:50 . 2008-12-13 19:31 -------- d-----w- c:\program files\iTunes
2009-07-16 08:50 . 2009-07-16 08:50 -------- d-----w- c:\program files\iPod
2009-07-16 08:50 . 2008-11-03 18:05 -------- d-----w- c:\program files\Common Files\Apple
2009-07-16 08:44 . 2009-07-16 08:44 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-13 21:43 . 2008-02-12 13:59 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 12:46 . 2009-07-13 12:46 4096 ----a-w- c:\windows\d3dx.dat
2009-07-13 12:37 . 2009-07-13 12:37 -------- d-----w- c:\program files\CPUID
2009-07-13 12:30 . 2009-02-12 18:39 -------- d-----w- c:\program files\data
2009-07-13 12:30 . 2009-07-04 19:43 -------- d-----w- c:\documents and settings\PC\Application Data\IObit
2009-07-13 10:22 . 2008-11-03 18:06 -------- d-----w- c:\documents and settings\PC\Application Data\Apple Computer
2009-07-11 23:22 . 2009-07-11 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-07-11 23:18 . 2009-07-11 23:18 -------- d-----w- c:\program files\VDOWNLOADER
2009-07-11 13:26 . 2009-05-04 15:42 -------- d-----w- c:\documents and settings\PC\Application Data\Smart PC Solutions
2009-07-11 09:19 . 2009-07-11 09:19 -------- d-----w- c:\documents and settings\PC\Application Data\Red Kawa
2009-07-10 19:38 . 2009-07-10 19:38 -------- d-----w- c:\program files\AviSynth 2.5
2009-07-10 19:38 . 2009-07-10 19:38 -------- d-----w- c:\program files\Red Kawa
2009-07-10 14:06 . 2009-07-10 13:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-09 07:59 . 2009-06-20 09:30 -------- d-----w- c:\documents and settings\PC\Application Data\translateclient
2009-07-09 07:58 . 2009-06-20 09:30 -------- d-----w- c:\program files\Translate Client
2009-07-07 18:19 . 2009-06-30 12:34 -------- d-----w- c:\documents and settings\PC\Application Data\UpdateStar
2009-07-05 08:59 . 2009-05-18 20:37 -------- d-----w- c:\program files\Wisdom-soft ScreenHunter 5 Free
2009-07-03 17:09 . 2008-02-12 13:59 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-01 18:48 . 2008-11-01 20:35 -------- d-----w- c:\program files\VIA
2009-07-01 18:06 . 2009-07-01 18:06 -------- d-----w- c:\program files\Common Files\Skype
2009-06-30 13:01 . 2009-08-14 19:44 811008 ----a-w- c:\windows\system32\tx15.dll
2009-06-30 03:30 . 2009-08-14 19:44 577536 ----a-w- c:\windows\system32\tx15_rtf.dll
2009-06-30 01:00 . 2009-08-14 19:44 638976 ----a-w- c:\windows\system32\tx15_htm.dll
2009-06-29 17:59 . 2009-06-29 17:59 -------- d-----w- c:\program files\Belarc
2009-06-25 08:25 . 2008-02-12 13:59 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2008-02-12 13:59 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2008-02-12 13:59 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2008-02-12 13:59 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2008-02-12 13:58 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2008-02-12 13:58 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2008-02-12 02:06 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-23 00:06 . 2009-08-14 19:44 360448 ----a-w- c:\windows\system32\tx15_css.dll
2009-06-20 07:09 . 2009-06-20 07:09 -------- d-----w- c:\documents and settings\PC\Application Data\MySpace
2009-06-20 07:09 . 2009-06-20 07:09 -------- d-----w- c:\program files\MySpace
2009-06-16 14:36 . 2008-02-12 13:59 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2008-02-12 13:58 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2008-02-12 13:59 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2008-02-12 13:59 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2008-02-12 13:58 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:19 . 2008-11-01 20:18 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2008-02-12 13:59 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-08 13:18 . 2009-06-08 13:18 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-08 13:18 . 2009-06-08 13:18 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-05 03:20 . 2009-08-14 19:44 757760 ----a-w- c:\windows\system32\tx15_doc.dll
2009-06-04 23:30 . 2009-08-14 19:44 655360 ----a-w- c:\windows\system32\tx15_pdf.dll
2009-06-04 23:10 . 2009-08-14 19:44 1064960 ----a-w- c:\windows\system32\tx15_dox.dll
2009-06-03 19:09 . 2008-02-12 13:59 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 11:36 . 2009-03-12 22:33 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 11:36 . 2008-11-03 18:05 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-04-11 08:24 . 2009-02-06 10:17 181 ----a-w- c:\program files\TRANSLAT.INI
2009-04-11 08:24 . 2009-02-06 10:17 360448 ----a-w- c:\program files\tx4ole14.ocx
2009-04-11 08:24 . 2009-02-06 10:17 132690 ----a-w- c:\program files\WEBTB.XPI
2009-04-11 08:24 . 2009-02-06 10:17 146598 ----a-w- c:\program files\WEBFF.XPI
2009-04-04 13:00 . 2009-03-22 09:07 93 ----a-w- c:\program files\CZCS.INI
2009-04-04 13:00 . 2009-03-22 09:07 93 ----a-w- c:\program files\ANCS.INI
2009-03-30 18:48 . 2009-02-06 10:14 45346888 ----a-w- c:\program files\ANCS.DBF
2009-03-30 18:47 . 2009-03-22 09:07 93 ----a-w- c:\program files\GRCS.INI
2009-03-07 17:03 . 2009-03-07 17:01 16409960 ----a-w- c:\program files\spybotsd162.exe
2009-02-12 18:41 . 2009-02-12 18:41 630 ----a-w- c:\program files\news.txt
2009-02-06 22:21 . 2009-02-06 22:21 14261 ----a-w- c:\program files\esi-eula.txt
2009-02-06 10:16 . 2009-02-06 10:16 2211840 ----a-w- c:\program files\TRNCOM.DL_
2009-02-06 10:15 . 2009-02-06 10:15 495104 ----a-w- c:\program files\READERN.CDX
2009-02-06 10:14 . 2009-02-06 10:14 17179235 ----a-w- c:\program files\A0.CMP
2008-12-24 10:10 . 2009-02-07 14:35 422170 ----a-w- c:\program files\TU2009v8_0_2000_35CZ.exe
2007-04-22 07:01 . 2009-03-17 15:54 1174 ----a-w- c:\program files\Release.txt
2007-04-20 15:44 . 2009-02-07 14:35 4088 ----a-w- c:\program files\README.TXT
2009-03-28 19:37 . 2009-03-28 17:11 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-03-22 22:10 . 2008-11-29 12:34 88 --sh--w- c:\windows\system32\A97C149DEC.sys
2009-03-22 22:10 . 2008-11-29 12:34 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-29 1432064]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-28 39408]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2009-08-04 1443432]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-02-12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-04-10 29757440]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-08-09 952080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-08-14 30192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-02-12 15360]

c:\documents and settings\PC\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-6-24 803176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"OEXPRESS"=c:\documents and settings\All Users\Application Data\LangSoft\OETRN.EXE
"DAEMON Tools Lite"=c:\program files\DAEMON Tools Lite\daemon.exe
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"HDeck MFC Application"=c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" /background
"FTweakFCleaner"=c:\program files\FCleaner\FCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ASUSGamerOSD"=c:\program files\ASUS\GamerOSD\GamerOSD.exe
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Laplink Everywhere\\LLServerMain2.exe"=
"c:\\Program Files\\Laplink Everywhere\\WSC.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Opera 10 Beta\\opera.exe"=

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [29.4.2009 16:02 40368]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 15:47 731840]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [10.8.2009 8:20 307472]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [14.8.2009 14:18 90112]
R2 ServerProxyService;ServerProxyService;c:\program files\Laplink Everywhere\ServerProxyService.exe [26.8.2005 10:14 131072]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [8.6.2009 15:18 603904]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R2 winShadow;winShadow;c:\program files\Laplink\winShadow\shwSrvc.exe [26.8.2005 11:12 274432]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [14.8.2009 14:19 27632]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [1.7.2009 20:48 222976]
S2 gupdate1c9b074adf011ba;Google Update Service (gupdate1c9b074adf011ba);c:\program files\Google\Update\GoogleUpdate.exe [29.3.2009 15:45 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [18.3.2009 14:44 13224]
S3 GoogleDesktopManager-060409-093314;Google Desktop Manager 5.9.906.4286;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [14.8.2009 10:23 30192]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [15.2.2007 19:48 26624]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2009-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-08-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-28 12:00]

2009-08-16 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-05 07:22]

2009-06-16 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-05-22 13:31]

2009-08-17 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://zoznam.sk/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-17 23:00
Windows 5.1.2600 Service Pack 3, v.5755 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2372)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\BurnAware Free\nmsaccessu.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe
.
**************************************************************************
.
Completion time: 2009-08-17 23:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-17 21:03

Pre-Run: 49 076 932 608 bytes free
Post-Run: 6 adresárov, 48 981 602 304 voľných bajtov

351 --- E O F --- 2009-08-12 06:58

[brano]

Ešte by som sa chcel popri tom opýtať, či môžem odinštalovať Microsoft .NET Frameworky, lebo je ich 5, od 1.1 až po 3.5 SP1, tak či tie staršie môžu ísť preč.

[Damned]

Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

c:\documents and settings\All Users\Application Data\hpe1F93.dll
****************************************************************************************************************************************
NET.Framework ponech tak jak je, i novější verze (3.5) instaluje komponety starších verzí, proto je tak označuje.

[brano]

http://www.virustotal.com/analisis/45a2 ... 1250544633

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\nsreg.dat
c:\windows\d3dx.dat
c:\windows\system32\A97C149DEC.sys
c:\windows\system32\KGyGaAvL.sys

Driver::
A97C149DEC
KGyGaAvL



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování ASC