Prosím o preventívnu kontrolu logu Vyřešeno

[redvo]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:40:05, on 9. 2. 2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\tsnp325.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\vsnp325.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\mmrtkrnl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\FixCamera.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=66022
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = "řxn
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [S3Trayp] S3Trayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 8823 bytes

[Reklama]

[jaro3]

Odinstaluj : MyWebSearch
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe


Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[redvo]

lenže ja ten MyWebSearch nainštalovaný nemám...na začiatku (pri štarte PC) mi to aj vyhadzuje Error že sa nepodarilo nájsť nejakú zložku Mywebsearch.dll, alebo také niečo

[jaro3]

tak stáhni a rozjeď MbAM.

[redvo]

A rád by som aj vedel ako sa zbaviť toho MWS lebo ma to už dlhšiu dobu štve

Malwarebytes' Anti-Malware 1.33
Verzia databázy: 1742
Windows 5.1.2600 Service Pack 3

9. 2. 2009 21:37:24
mbam-log-2009-02-09 (21-37-14).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 56459
Uplynutý cas: 3 minute(s), 55 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 10
Infikovaných registracných hodnôt: 4
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 0

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Infikovaných registracných hodnôt:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar (Adware.MyWebSearch) -> No action taken.

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
(Žiadne škodlivé položky)

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Poté:
Vypni rez. ochranu u Avastu.+Kerio
vypni rez. ochranu u SpyBota:
- spusť Spybot - Search & Destroy
- nahoře v menu zvol: Režim => Pro pokročilé
- objeví se ti varovné okno kde zvol Ano
- okno programu se ti přepne do pokročilého zobrazení a tam zvol: Nástroje => Rezidentní
- tam zruš zatržení pokud bude u položky: Rezidentní program "TeaTimer" (Ochrana ...)
- zavři program
Restartuj PC.
Po té si stáhni ResetTeaTimer.bat(viz. Poznámka)
a ulož si ho na disku.
- spusť ho a po vyzvání zmáčkni libovolnou klávesu
- po proběhnutí a výzvě opět zmáčkni libovolnou klávesu a program se zavře.
Poznámka:
- pokud používáš Operu, tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit cíl odkazu jako...
- pokud používáš Firefox tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit odkaz jako...

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Zítra se podívám na log.

[redvo]

MbAM

Windows 5.1.2600 Service Pack 3

9. 2. 2009 21:50:43
mbam-log-2009-02-09 (21-50-43).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 56322
Uplynutý cas: 3 minute(s), 54 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 10
Infikovaných registracných hodnôt: 4
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 0

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infikovaných registracných hodnôt:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
(Žiadne škodlivé položky)

[redvo]

Mám trošku problém s tým ResetTeaTimer.bat, stiahne mi to len nejaký dokument a to sa nedá spustiť(( aspoň neviem ako)

[jaro3]

Je tam napsána poznámka...Neklikej na odkaz levým , ale pravým a z menu vyber uložit cíl...podle druhu prohlížeče.

[redvo]

hej robim..kliknem pravým a mám slovenskú mozilu takže s ukladaním tam mám jedine : Uložiť cieľ odkazu ako...tak dám, uložím na plochu..Ale uloží sa mi to ako textový dokument..

[jaro3]

Na Mozzile to mám takto: uložit odkaz jako...
Nech to a deaktivuj Spybot úplně a proveď ComboFix.

[redvo]

Ahoj, ospravedlňujem sa za čakanie. Prikladám log z CF a s tým súborom neviem. Ono to má síce príponu ResetTeaTimer.bat, ale ja som to pozeral tuším vo vlastnostiach súboru a celé je to ResetTeaTimer.bat.txt, takže neviem...A dnes tu už asi nebudem, ale zajtra do školy nejdem, takže tu budem asi celé doobedie.

ComboFix 09-02-08.02 - Lukáš 2009-02-10 17:59:29.7 - NTFSx86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1033.18.766.405 [GMT 1:00]
Running from: c:\documents and settings\Lukáš\Desktop\ComboFix.exe
AV: avast! antivirus 4.7.1098 [VPS 090209-0] *On-access scanning disabled* (Updated)
FW: Kerio Personal Firewall *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-01-10 to 2009-02-10 )))))))))))))))))))))))))))))))
.

2009-02-10 14:52 . 2009-02-10 14:52 <DIR> d-------- c:\program files\TuneUp Utilities 2008
2009-02-10 14:52 . 2009-02-10 14:52 <DIR> d-------- c:\documents and settings\Lukáš\Application Data\TuneUp Software
2009-02-10 14:52 . 2009-02-10 14:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-02-10 14:52 . 2009-02-10 14:52 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-02-10 14:52 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
2009-02-09 21:22 . 2009-02-09 21:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-09 21:22 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-09 21:22 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-08 08:22 . 2009-02-08 08:22 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Blizzard
2009-02-07 19:42 . 2009-02-07 19:42 32 --a--c--- c:\documents and settings\All Users\Application Data\ezsid.dat
2009-02-07 19:09 . 2009-02-08 15:57 <DIR> d-------- c:\program files\FlashGet
2009-02-01 17:19 . 2009-02-01 17:19 36,734 --a------ c:\windows\system32\OggDSuninst.exe
2009-02-01 16:49 . 2009-02-01 16:49 <DIR> d-------- c:\program files\Trymedia
2009-01-31 12:35 . 2009-02-10 15:23 <DIR> d-------- c:\program files\TuxPaint
2009-01-31 12:35 . 2009-01-31 13:03 <DIR> d-------- c:\documents and settings\Lukáš\Application Data\TuxPaint
2009-01-30 14:59 . 2009-01-30 16:18 <DIR> d-------- c:\program files\Alawar
2009-01-30 14:59 . 2009-01-30 14:59 <DIR> d----c--- c:\documents and settings\All Users\Application Data\FarmFrenzy2
2009-01-30 14:59 . 2009-01-30 14:59 <DIR> d----c--- c:\documents and settings\All Users\Application Data\AlawarWrapper
2009-01-30 14:12 . 2009-01-30 14:12 0 --a------ c:\windows\popcreg.dat
2009-01-30 14:12 . 2009-01-30 14:12 0 --a------ c:\windows\popcinfot.dat
2009-01-28 17:50 . 2009-01-28 17:50 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-28 17:34 . 2009-01-28 17:50 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-28 08:26 . 2009-01-28 08:27 <DIR> d-------- c:\program files\GIMPPortable
2009-01-27 18:00 . 2009-01-27 18:00 <DIR> d-------- c:\program files\CCleaner
2009-01-26 11:50 . 2009-01-26 11:50 <DIR> d-------- c:\documents and settings\Lukáš\Application Data\Malwarebytes
2009-01-26 11:50 . 2009-01-26 11:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-26 08:50 . 2009-01-26 08:50 <DIR> d-------- c:\program files\Trend Micro
2009-01-19 15:20 . 2009-01-30 14:04 <DIR> d-------- c:\program files\TallStick
2009-01-19 14:38 . 2009-01-19 14:38 <DIR> d-------- c:\documents and settings\Lukáš\Application Data\Music Recognition
2009-01-12 15:57 . 2008-08-29 13:59 3,883,008 --a------ c:\windows\system32\Tropix2.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 16:31 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-10 13:51 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-09 20:44 --------- d-----w c:\documents and settings\Lukáš\Application Data\Skype
2009-02-09 17:55 --------- d-----w c:\documents and settings\Lukáš\Application Data\skypePM
2009-02-09 05:14 --------- d-----w c:\program files\SUPERAntiSpyware
2009-02-08 16:10 --------- d-----w c:\program files\3DO
2009-02-08 15:21 17,333 ----a-w c:\windows\system32\drivers\fwdrv.err
2009-02-08 07:29 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-02-02 17:38 --------- d-----w c:\documents and settings\Lukáš\Application Data\ICQ
2009-01-31 11:32 --------- d-----w c:\documents and settings\Lukáš\Application Data\uTorrent
2009-01-30 13:09 --------- d-----w c:\program files\Valve
2009-01-30 13:06 --------- d-----w c:\program files\Zylom Games
2009-01-30 13:05 --------- d-----w c:\program files\Tower Bloxx Deluxe
2009-01-30 13:05 --------- d-----w c:\program files\Image-Line
2009-01-30 13:04 --------- d-----w c:\program files\Sony Ericsson
2009-01-30 13:03 --------- dc----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-30 13:02 --------- d-----w c:\program files\Ranch Rush
2009-01-30 12:59 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-30 12:59 --------- d-----w c:\program files\MagicISO
2009-01-30 12:59 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-30 12:57 --------- d-----w c:\program files\VstPlugins
2009-01-30 12:57 --------- d-----w c:\program files\Farm Mania
2009-01-30 12:43 --------- d-----w c:\program files\Alice Greenfingers 2
2009-01-28 16:50 --------- d-----w c:\program files\Java
2009-01-27 17:08 --------- d-----w c:\documents and settings\Lukáš\Application Data\Chessmaster Challenge
2009-01-26 21:22 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-01-21 20:28 --------- d-----w c:\program files\Counter-Strike 1.6
2009-01-12 14:57 --------- d-----w c:\documents and settings\Lukáš\Application Data\Zylom
2009-01-05 20:03 --------- d-----w c:\program files\EA GAMES
2009-01-05 19:14 --------- d-----w c:\program files\DAMN NFO Viewer
2009-01-04 14:59 --------- d-----w c:\program files\MagicDisc
2008-12-31 18:50 --------- d-----w c:\documents and settings\Lukáš\Application Data\Microsoft Games
2008-12-31 18:30 --------- d-----w c:\program files\Microsoft Games
2008-12-31 16:56 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Games
2008-12-30 19:54 --------- d-----w c:\program files\Doggie Dash
2008-12-30 19:53 --------- d-----w c:\program files\Snapshot Adventures
2008-12-30 19:53 --------- d-----w c:\program files\Risk
2008-12-30 14:20 --------- d-----w c:\program files\Puzzle Quest
2008-12-30 13:06 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-30 09:03 --------- d-----w c:\documents and settings\Lukáš\Application Data\PlayFirst
2008-12-30 09:03 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-12-29 13:20 --------- d-----w c:\documents and settings\Lukáš\Application Data\iWin
2008-12-29 08:38 --------- dc----w c:\documents and settings\All Users\Application Data\FreshGames
2008-12-29 07:32 --------- d-----w c:\program files\Family Feud Dream Home
2008-12-29 07:31 --------- d-----w c:\program files\Pet Shop Hop
2008-12-29 07:31 --------- d-----w c:\program files\Jet Jumper
2008-12-29 07:31 --------- d-----w c:\program files\Farm Frenzy
2008-12-28 15:24 --------- d-----w c:\documents and settings\All Users\Application Data\InterAction studios
2008-12-28 15:13 --------- d-----w c:\documents and settings\All Users\Application Data\VirtualFarm
2008-12-28 13:48 --------- d-----w c:\documents and settings\Lukáš\Application Data\GetRightToGo
2008-12-27 18:00 --------- d-----w c:\program files\Rollercoaster Rush
2008-12-27 18:00 --------- d-----w c:\program files\Crazy Penguin Catapult
2008-12-27 17:53 --------- d-----w c:\program files\Heavy Weapon
2008-12-27 17:52 --------- d-----w c:\program files\Sallys Salon
2008-12-27 17:52 --------- d-----w c:\program files\Farm Craft
2008-12-27 17:52 --------- d-----w c:\program files\Cooking Academy
2008-12-27 17:51 --------- d-----w c:\program files\Puppy Luv
2008-12-27 16:41 --------- dc----w c:\documents and settings\All Users\Application Data\Fugazo
2008-12-27 13:49 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-27 13:49 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-12-27 08:10 --------- d-----w c:\documents and settings\All Users\Application Data\NevoSoft Games
2008-12-26 13:02 --------- d-----w c:\documents and settings\Lukáš\Application Data\Reflexive Ashtons Family Resort
2008-12-26 13:02 --------- d-----w c:\documents and settings\All Users\Application Data\Reflexive Ashtons Family Resort
2008-12-24 20:53 --------- d-----w c:\program files\Media Art
2008-12-18 18:15 --------- d-----w c:\program files\uTorrent
2008-12-18 18:06 --------- d-----w c:\documents and settings\Lukáš\Application Data\DAEMON Tools Pro
2008-12-18 18:06 --------- d-----w c:\documents and settings\Lukáš\Application Data\DAEMON Tools Lite
2008-12-18 18:06 --------- d-----w c:\documents and settings\Lukáš\Application Data\DAEMON Tools
2008-12-18 18:05 --------- dc----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2008-12-18 18:05 --------- d-----w c:\program files\DAEMON Tools Lite
2008-12-17 19:32 --------- d-----w c:\documents and settings\Lukáš\Application Data\Hide IP NG
2008-12-17 14:32 1,880 ----a-w c:\documents and settings\Lukáš\Application Data\mindhabits.dat
2008-12-17 08:19 --------- dc----w c:\documents and settings\All Users\Application Data\DigitalChocolate
2008-12-17 07:50 --------- d-----w c:\program files\Google
2008-12-16 09:35 --------- d-----w c:\program files\Xilisoft
2008-12-15 09:43 --------- d-----w c:\program files\1C
2008-12-14 17:53 --------- d-----w c:\program files\DVDVideoSoft
2008-12-13 08:07 --------- d-----w c:\program files\Eidos
2008-12-12 07:06 --------- d-----w c:\program files\DivX
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 08:21 --------- d-----w c:\program files\Glamus
2008-12-04 12:49 2,864 ----a-w c:\windows\system32\winsock.dll
2008-11-29 09:52 161 ----a-w c:\program files\setuplog.txt
2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-11-17 06:59 2,798 ----a-w c:\windows\system32\ealregsnapshot1.reg
2003-08-29 14:13 1,435,648 ----a-w c:\documents and settings\Lukáš\TeamSpeak.exe
2003-08-29 14:13 1,435,648 ----a-w c:\documents and settings\Lukáš\TeamSpeak.exe
2007-09-26 15:13 80 --sh--r c:\windows\system32\AEE61F1FA7.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"avast! service GUI component"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2007-12-04 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tsnp325"="c:\windows\tsnp325.exe" [2006-10-10 270336]
"snp325"="c:\windows\vsnp325.exe" [2006-10-10 827392]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-28 136600]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"S3Trayp"="S3Trayp.exe" [2005-10-31 c:\windows\system32\S3Trayp.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 c:\windows\RTHDCPL.EXE]
"VTTimer"="VTTimer.exe" [2006-06-16 c:\windows\system32\VTTimer.exe]
"Realtime Audio Engine"="mmrtkrnl.exe" [2007-07-18 c:\windows\system32\mmrtkrnl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-21 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-02-09 06:14 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ |˜„/Řű-Řk˜t/DţĂÍÖM\0ţĂÚÖM\0DţĂ\ţĂł×M\0DţĂ˜t/0Kl<F

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-11-30 14:41 172792 c:\program files\ICQ6.5\ICQ.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-08-22 11264]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2005-12-15 274432]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2005-12-15 81920]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 55024]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2006-02-28 69120]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2007-08-22 808448]
R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [2007-12-24 10251904]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys --> c:\windows\system32\DRIVERS\pfc027.sys [?]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\drivers\s716bus.sys [2008-06-07 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\drivers\s716mdfl.sys [2008-06-07 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\drivers\s716mdm.sys [2008-06-07 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s716mgmt.sys [2008-06-07 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\system32\drivers\s716nd5.sys [2008-06-07 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\system32\drivers\s716obex.sys [2008-06-07 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\system32\drivers\s716unic.sys [2008-06-07 98952]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2008-06-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\drivers\w200mdfl.sys [2008-06-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\drivers\w200mdm.sys [2008-06-07 97056]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\drivers\w200obex.sys [2008-06-07 86368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-02-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
mLocal Page = "řxn
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
uInternet Settings,ProxyServer = socks=
FF - ProfilePath - c:\documents and settings\Lukáš\Application Data\Mozilla\Firefox\Profiles\bo8yv69j.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 18:04:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-861567501-1229272821-725345543-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4d,c9,a8,cb,de,87,cb,49,f6,8b,07,31,db,51,08,49,54,b4,7b,27,d9,2b,02,
88,25,ed,72,bb,c2,9a,aa,ab,e5,eb,b9,b9,77,38,11,a2,17,9a,62,74,e5,9d,80,a9,\
"??"=hex:a6,39,de,02,d4,53,e5,2f,bd,7f,e5,e3,ce,0a,49,e4
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2009-02-10 18:07:58
ComboFix-quarantined-files.txt 2009-02-10 17:07:53

Pre-Run: 159,147,626,496 bytes free
Post-Run: 19 adresárov, 159,142,649,856 voľných bajtov

256 --- E O F --- 2009-01-14 06:23:36