Prosim o kontrolu - prevence Vyřešeno

[peacoq]

Ahoj.
Pocitac je pravidelne cisten; W Vista Bussines 32bit SP 2, Avira, Zone Alarm, resident Spybot, SAS, Cclaner.
Funguje dobre, ..jen ma obcas problem nacist CD.. coz ale neni stale, a tak spise jen spatne vypalene, apod.
Prosim o kontrolu a doporuceni.
...
HiJack This, MWAW, Malwarebytes (bez zaznamu)
CPU - Procesy

...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:20:04, on 11/06/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\V0250Mon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\totalcmd\TOTALCMD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [V0250Mon.exe] C:\Windows\V0250Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [V0250Cfg.exe] V0250Cfg.exe /d:2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\BurnAware Free\nmsaccessu.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 6250 bytes

...
Nastaveni testu, MWAW verze 10.0.60 Updated
Virus Database Count: 2335246
- Memory/Services
- Registry
- StartUp Folders
- System Folders
- Scan Spyware
- Drive - All Local Drive
- Folder - Include Sub-direstory
- Program Files (tj. mimo polozky Scan All Files, uplny test)
Total Critical Objects: ....8
Total Errors: ...............6

Object "CoreGuardAntivirus2009 Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "CyberSitter Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Spyware.ExpressKeylog Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "DiskKnight Adware" found in File System! Action Taken: No Action Taken.
Object "AntiSpyware Pro XP Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Entry "HKCR\Search.CustomWordbreaker" refers to invalid object "{9E175BB4-F52A-11D8-B9A5-505054503030}". Action Taken: No Action Taken.
Entry "HKCR\Search.CustomWordbreaker.1" refers to invalid object "{9E175BB4-F52A-11D8-B9A5-505054503030}". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""C:\Program Files\Java\jre1.6.0_04\bin\javaws.exe"". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""C:\Program Files\Java\jre1.6.0_07\bin\javaws.exe"". Action Taken: No Action Taken.
...

[Reklama]

[Damned]

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.


Červené soubory zkontroluj na Virustotalu
C:\Program Files\Java\jre1.6.0_07\bin\javaws.exe
C:\Program Files\Java\jre1.6.0_04\bin\javaws.exe

a vlož sem odkaz na výsledky.

[peacoq]

Ahoj.
C:\Program Files\Java\jre1.6.0_07\bin\javaws.exe
C:\Program Files\Java\jre1.6.0_04\bin\javaws.exe
Uvedeny soubor 'jawaws' (velikost 148,888 vytvoren 30/5 2009) neni ve slozce jre1.6.0_04 (vytvorena 14/1 2005, a tam je pouze prazdna pod-slozka 'lib' vytorena 14/5 2009),
ale je pouze ve slozce jre6 (ta je vytvorena 30/5 pri update na Java (TM) 6 Update 14).
A slozka jre1.6.0_07 neexistuje v Program Files.


Malwarebytes je bez nalezu, ...a zapomnel jsem co se zkracenne posuzuje jako vysledek VirusTotal, ...tak to vkladam cele.
...
Malwarebytes' Anti-Malware 1.37
Database version: 2259
Windows 6.0.6002 Service Pack 2

11/06/2009 21:52:11
mbam-log-2009-06-11 (21-52-11).txt

Scan type: Quick Scan
Objects scanned: 72302
Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
...
Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.11 -
AhnLab-V3 5.0.0.2 2009.06.11 -
AntiVir 7.9.0.183 2009.06.11 -
Antiy-AVL 2.0.3.1 2009.06.11 -
Authentium 5.1.2.4 2009.06.10 -
Avast 4.8.1335.0 2009.06.10 -
AVG 8.5.0.339 2009.06.10 -
BitDefender 7.2 2009.06.11 -
CAT-QuickHeal 10.00 2009.06.11 -
ClamAV 0.94.1 2009.06.11 -
Comodo 1316 2009.06.11 -
DrWeb 5.0.0.12182 2009.06.11 -
eSafe 7.0.17.0 2009.06.11 -
eTrust-Vet 31.6.6553 2009.06.11 -
F-Prot 4.4.4.56 2009.06.10 -
F-Secure 8.0.14470.0 2009.06.11 -
Fortinet 3.117.0.0 2009.06.11 -
GData 19 2009.06.11 -
Ikarus T3.1.1.59.0 2009.06.11 -
K7AntiVirus 7.10.760 2009.06.10 -
Kaspersky 7.0.0.125 2009.06.11 -
McAfee 5643 2009.06.11 -
McAfee+Artemis 5643 2009.06.11 -
McAfee-GW-Edition 6.7.6 2009.06.11 -
Microsoft 1.4701 2009.06.11 -
NOD32 4149 2009.06.11 -
Norman 6.01.09 2009.06.11 -
nProtect 2009.1.8.0 2009.06.11 -
Panda 10.0.0.14 2009.06.11 -
PCTools 4.4.2.0 2009.06.11 -
Prevx 3.0 2009.06.11 -
Rising 21.33.32.00 2009.06.11 -
Sophos 4.42.0 2009.06.11 -
Sunbelt 3.2.1858.2 2009.06.11 -
Symantec 1.4.4.12 2009.06.11 -
TheHacker 6.3.4.3.344 2009.06.11 -
TrendMicro 8.950.0.1092 2009.06.11 -
VBA32 3.12.10.7 2009.06.11 -
ViRobot 2009.6.11.1781 2009.06.11 -
VirusBuster 4.6.5.0 2009.06.11 -
Additional information
File size: 148888 bytes
MD5...: 3a984f2da2e264219db86ce6a2d60563
SHA1..: cd1f70cda2d44177698cfe3dd0cba3f6062f076a
SHA256: e749f82a10e23d8c065ba779a3b672c4569e5cc5aba8eed467fda649ff6a6806
ssdeep: -
PEiD..: -
TrID..: File type identification
InstallShield setup (42.6%)
Win32 Executable MS Visual C++ (generic) (37.3%)
Win32 Executable Generic (8.4%)
Win32 Dynamic Link Library (generic) (7.5%)
Generic Win/DOS Executable (1.9%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xa0f1
timedatestamp.....: 0x4a158db5 (Thu May 21 17:21:57 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x12fd1 0x13000 6.63 d02af62164adad8a4ec016238c9e3e83
.rdata 0x14000 0x2536 0x3000 4.36 cf60421f818dc4b2b238fd05ecd091bc
.data 0x17000 0xf598 0x4000 4.96 7c5132aa683c6d33c6cd62ccb6bd4e82
.rsrc 0x27000 0x7e30 0x8000 5.86 a2afae939eab5081d5bd7c91bc9924d5

( 5 imports )
> KERNEL32.dll: WideCharToMultiByte, GlobalAlloc, MultiByteToWideChar, ReadFile, CloseHandle, WaitForSingleObject, CreateProcessA, SetHandleInformation, CreatePipe, CreateDirectoryA, GetSystemWindowsDirectoryA, FindClose, FindFirstFileA, GetModuleHandleA, InterlockedExchange, GetACP, GetLocaleInfoA, GetVersionExA, GetThreadLocale, DeleteCriticalSection, GetLongPathNameA, GetShortPathNameA, GetLastError, CreateFileA, lstrlenW, SetEnvironmentVariableW, GetCurrentDirectoryA, GetFullPathNameA, GetDriveTypeA, FileTimeToLocalFileTime, FileTimeToSystemTime, GetSystemTimeAsFileTime, GetCurrentProcessId, QueryPerformanceCounter, GetTimeZoneInformation, GetModuleFileNameA, GetTickCount, LoadLibraryA, GetProcAddress, InitializeCriticalSection, FreeLibrary, LCMapStringW, LCMapStringA, FlushFileBuffers, SetEnvironmentVariableA, CompareStringW, CompareStringA, GetSystemInfo, VirtualProtect, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, UnhandledExceptionFilter, HeapFree, HeapAlloc, ExitProcess, TerminateProcess, GetCurrentProcess, DeleteFileA, EnterCriticalSection, LeaveCriticalSection, GetFileType, GetStartupInfoA, GetCommandLineA, TlsAlloc, SetLastError, GetCurrentThreadId, TlsFree, TlsSetValue, TlsGetValue, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, GetStringTypeA, GetStringTypeW, WriteFile, SetStdHandle, SetHandleCount, GetStdHandle, GetFileAttributesA, SetEndOfFile, SetFilePointer, RtlUnwind, VirtualQuery, GetOEMCP, GetCPInfo, HeapSize, GetExitCodeProcess
> USER32.dll: DispatchMessageA, TranslateMessage, GetMessageA, SetTimer, CreateWindowExA, RegisterClassA, LoadCursorA, wsprintfA, MessageBoxA, DefWindowProcA
> ADVAPI32.dll: RegCloseKey, RegEnumKeyExA, RegOpenKeyExA, RegQueryValueExA, RegEnumKeyA
> ole32.dll: StringFromCLSID, CoTaskMemFree
> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set

...

[Damned]

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[peacoq]

Vypnul jsem Avira, Spybot Resident, a deaktivoval Zone Alarm, ..odpojil od internetu a spustil z plochy.
Stejne vyskocilo hlaseni o spustenych spyware-programech, ale poodkliknuti se test rozjel.
...
ComboFix 09-06-11.05 - Dell 11/06/2009 22:30.5 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.893.396 [GMT 2:00]
Running from: c:\users\Dell\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2009-05-11 to 2009-06-11 )))))))))))))))))))))))))))))))
.

2009-06-11 20:37 . 2009-06-11 20:37 -------- d-----w- c:\users\Dell\AppData\Local\temp
2009-06-10 23:38 . 2009-06-10 23:38 -------- d---a-w- c:\windows\system32\runouce.exe
2009-06-10 20:55 . 2004-05-04 10:53 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2009-06-09 23:19 . 2009-04-21 11:39 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-08 12:30 . 2007-01-12 08:51 303104 ----a-w- c:\windows\sttray.exe
2009-06-08 12:28 . 2007-01-12 08:52 647680 ----a-w- c:\windows\system32\drivers\stwrt.sys
2009-06-08 12:28 . 2007-01-12 08:51 238592 ----a-w- c:\windows\system32\stapi32.dll
2009-06-08 12:28 . 2009-06-08 12:28 -------- d-----w- c:\program files\SigmaTel
2009-06-08 12:28 . 2006-11-22 12:16 45568 ----a-w- c:\windows\system32\ctppld.dll
2009-06-06 15:22 . 2009-06-06 15:23 -------- d-----w- c:\program files\QuickTime
2009-06-06 15:22 . 2009-06-06 15:22 -------- d-----w- c:\programdata\Apple Computer
2009-05-30 14:26 . 2009-05-30 14:26 -------- d-----w- c:\windows\system32\QuickTime
2009-05-28 16:46 . 2009-05-28 16:48 -------- d-----w- c:\windows\system32\ca-ES
2009-05-28 16:46 . 2009-05-28 16:47 -------- d-----w- c:\windows\system32\eu-ES
2009-05-28 16:46 . 2009-05-28 16:47 -------- d-----w- c:\windows\system32\vi-VN
2009-05-28 16:26 . 2009-05-28 16:26 -------- d-----w- c:\windows\system32\EventProviders
2009-05-28 16:24 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-05-28 16:22 . 2009-04-11 06:28 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-05-28 16:21 . 2009-04-11 06:28 547840 ----a-w- c:\windows\system32\wiaaut.dll
2009-05-28 16:20 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-05-19 17:44 . 2009-05-19 17:46 -------- d-----w- c:\users\Dell\AppData\Local\SeeToo
2009-05-19 17:41 . 2008-12-24 15:46 221184 ----a-w- c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\lsgpyp9t.default\extensions\seetooaddon@seetoo.com\plugins\npSeeTooAddon.dll
2009-05-19 17:27 . 2008-12-18 09:19 1796096 ----a-w- c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\lsgpyp9t.default\extensions\justintvpublisher@justin.tv\platform\WINNT_x86-msvc\plugins\npjustintvpublish.dll
2009-05-17 11:30 . 2009-05-17 11:30 -------- d-----w- c:\program files\TVAnts
2009-05-13 21:24 . 2009-05-13 21:24 -------- d-----w- c:\users\Dell\AppData\Local\Apple Computer
2009-05-13 20:49 . 2009-05-13 20:49 -------- d-----w- c:\program files\Apple Software Update
2009-05-13 20:49 . 2009-05-13 20:49 -------- d-----w- c:\programdata\Apple
2009-05-13 20:49 . 2009-05-13 20:49 -------- d-----w- c:\users\Dell\AppData\Local\Apple
2009-05-13 20:26 . 2009-05-13 20:26 -------- d-----w- c:\users\Dell\AppData\Roaming\GRETECH
2009-05-13 15:23 . 2009-05-16 21:24 -------- d-----w- c:\users\Dell\AppData\Local\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-11 20:25 . 2008-07-18 01:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-11 19:10 . 2009-04-15 10:19 350192 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2009-06-11 15:22 . 2008-10-27 20:23 1 ----a-w- c:\users\Dell\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-11 12:38 . 2008-07-18 02:28 -------- d-----w- c:\users\Dell\AppData\Roaming\Skype
2009-06-11 12:20 . 2008-07-18 02:32 -------- d-----w- c:\users\Dell\AppData\Roaming\skypePM
2009-06-10 23:21 . 2008-12-11 19:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 23:20 . 2009-01-10 00:57 3371383 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-10 20:55 . 2009-02-07 17:23 -------- d-----w- c:\program files\BurnAware Free
2009-06-10 17:50 . 2008-08-04 17:58 -------- d-----w- c:\users\Dell\AppData\Roaming\uTorrent
2009-06-07 13:23 . 2009-03-21 09:14 117760 ----a-w- c:\users\Dell\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-02 18:07 . 2008-07-18 00:59 -------- d-----w- c:\program files\ATI
2009-05-30 20:02 . 2008-12-05 22:58 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-28 16:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-05-28 16:48 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-28 16:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-28 16:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-05-28 16:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-05-28 16:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-28 16:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-05-28 16:46 . 2008-12-11 15:55 -------- d-----w- c:\program files\Microsoft Games
2009-05-28 16:46 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-26 11:20 . 2008-12-11 19:40 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 11:19 . 2008-12-11 19:40 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-22 15:49 . 2009-03-22 17:52 -------- d-----w- c:\program files\Call of Duty
2009-05-13 20:34 . 2009-03-29 21:38 -------- d-----w- c:\program files\Real Alternative
2009-05-13 20:24 . 2009-04-25 13:08 -------- d-----w- c:\program files\GRETECH
2009-05-11 22:15 . 2008-07-20 08:42 -------- d-----w- c:\users\Dell\AppData\Roaming\XnView
2009-05-11 15:28 . 2009-05-11 15:28 -------- d-----w- c:\program files\MSXML 4.0
2009-05-11 15:28 . 2009-05-11 15:28 -------- d-----w- c:\program files\OLYMPUS
2009-05-09 05:50 . 2009-06-09 23:18 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-09 23:18 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-06 13:15 . 2009-05-06 13:15 234 ----a-w- c:\users\Dell\AppData\Roaming\JLC's Software\Internet TV\Update.exe
2009-05-05 19:43 . 2009-01-04 13:46 -------- d-----w- c:\users\Dell\AppData\Roaming\gtk-2.0
2009-04-29 18:37 . 2009-04-29 18:37 -------- d-----w- c:\programdata\Avira
2009-04-29 18:37 . 2009-04-29 18:37 -------- d-----w- c:\program files\Avira
2009-04-23 12:15 . 2009-06-09 23:18 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:14 . 2009-06-09 23:18 623616 ----a-w- c:\windows\system32\localspl.dll
2009-04-11 06:33 . 2009-05-28 16:23 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-11 06:33 . 2009-05-28 16:22 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-11 06:33 . 2009-05-28 16:22 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 06:33 . 2009-05-28 16:23 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-11 06:33 . 2009-05-28 16:23 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-11 06:28 . 2009-05-28 16:22 342528 ----a-w- c:\windows\system32\zipfldr.dll
2009-04-11 06:27 . 2009-05-28 16:23 441344 ----a-w- c:\windows\system32\SearchIndexer.exe
2009-04-11 06:22 . 2009-05-28 16:21 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-11 06:21 . 2009-05-28 16:21 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-11 05:42 . 2009-05-28 16:21 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-11 05:03 . 2009-05-28 16:23 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 04:57 . 2009-05-28 16:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-11 04:54 . 2009-05-28 16:21 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-11 04:52 . 2009-05-28 16:22 248320 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2009-04-11 04:51 . 2009-05-28 16:21 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-11 04:47 . 2009-05-28 16:21 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-11 04:46 . 2009-05-28 16:21 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-11 04:46 . 2009-05-28 16:21 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-11 04:46 . 2009-05-28 16:21 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-11 04:46 . 2009-05-28 16:21 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-11 04:46 . 2009-05-28 16:21 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-11 04:46 . 2009-05-28 16:22 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-11 04:45 . 2009-05-28 16:21 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-11 04:45 . 2009-05-28 16:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-11 04:45 . 2009-05-28 16:22 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-11 04:45 . 2009-05-28 16:22 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-11 04:45 . 2009-05-28 16:21 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-11 04:45 . 2009-05-28 16:21 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-11 04:43 . 2009-05-28 16:21 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-11 04:43 . 2009-05-28 16:22 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-11 04:42 . 2009-05-28 16:22 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-11 04:42 . 2009-05-28 16:22 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-11 04:42 . 2009-05-28 16:22 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-11 04:42 . 2009-05-28 16:22 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-11 04:42 . 2009-05-28 16:21 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2009-04-11 04:42 . 2009-05-28 16:22 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-11 04:42 . 2009-05-28 16:21 12800 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-04-11 04:42 . 2009-05-28 16:21 39424 ----a-w- c:\windows\system32\drivers\hidclass.sys
2009-04-11 04:42 . 2009-05-28 16:21 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-11 04:42 . 2009-05-28 16:23 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-04-11 04:39 . 2009-05-28 16:21 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-11 04:39 . 2009-05-28 16:21 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-04-11 04:39 . 2009-05-28 16:21 11776 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2009-04-11 04:39 . 2009-05-28 16:21 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-04-11 04:38 . 2009-05-28 16:22 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2009-04-11 04:27 . 2009-05-28 16:21 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-04-11 04:23 . 2009-05-28 16:23 626176 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-11 04:23 . 2009-05-28 16:21 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-04-11 04:23 . 2009-05-28 16:21 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-04-11 04:22 . 2009-05-28 16:21 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2009-04-11 04:19 . 2009-05-28 16:22 89088 ----a-w- c:\windows\system32\drivers\sdbus.sys
2009-04-11 04:15 . 2009-05-28 16:22 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-11 04:15 . 2009-05-28 16:22 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-04-11 04:15 . 2009-05-28 16:22 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-04-11 04:14 . 2009-05-28 16:22 351744 ----a-w- c:\windows\system32\drivers\csc.sys
2009-04-11 04:14 . 2009-05-28 16:22 114688 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-04-11 04:14 . 2009-05-28 16:22 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-11 04:14 . 2009-05-28 16:23 225280 ----a-w- c:\windows\system32\drivers\rdbss.sys
2009-04-11 04:14 . 2009-05-28 16:22 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2009-04-11 04:14 . 2009-05-28 16:22 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-04-11 04:14 . 2009-05-28 16:21 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2009-04-11 04:14 . 2009-05-28 16:21 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2009-04-11 04:13 . 2009-05-28 16:21 226816 ----a-w- c:\windows\system32\drivers\udfs.sys
2007-02-21 19:48 . 2007-02-21 19:48 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 143360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"V0250Mon.exe"="c:\windows\V0250Mon.exe" [2006-06-07 32768]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-08 24576]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-30 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"V0250Cfg.exe"="V0250Cfg.exe" - c:\windows\V0250Cfg.exe [2005-12-16 20480]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-01-12 303104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-12-27 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
"VistaSp2"=hex(b):06,b9,15,e9,b4,df,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4FE7EC16-90C3-4DF6-A550-035F37455790}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DA9A6868-810D-437D-8E1A-B2E91910966F}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{7252612B-BA6E-4980-A8F1-C97A7E3447C6}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{13C78979-3DEF-43ED-A09B-F96C2D32B829}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent (TCP-In)
"{0674E638-0F9B-4BE9-A9FE-625C23D43839}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent (UDP-In)
"TCP Query User{12F775D1-2767-4B23-BBE2-BD9425317C11}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{7123CB8B-60B5-46CD-BA49-6D12DC57DD81}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{3E7C58D1-1F01-4E2F-87B5-8A03E0CB2072}"= c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{733154CC-D232-4C3A-BDDE-306E37896347}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [15/01/2009 17:17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15/01/2009 17:17 55024]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [29/04/2009 20:37 108289]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [23/02/2009 13:36 1153368]
R3 V0250Dev;Live! Cam Notebook Pro;c:\windows\System32\drivers\V0250Dev.sys [23/07/2008 11:44 169696]
R3 V0250Vfx;V0250Vfx;c:\windows\System32\drivers\V0250Vfx.sys [23/07/2008 11:44 6272]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\System32\drivers\s115bus.sys [23/04/2007 13:54 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\System32\drivers\s115mdfl.sys [23/04/2007 13:54 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\System32\drivers\s115mdm.sys [23/04/2007 13:54 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s115mgmt.sys [23/04/2007 13:54 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\System32\drivers\s115obex.sys [23/04/2007 13:54 98568]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15/01/2009 17:17 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\lsgpyp9t.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\lsgpyp9t.default\extensions\justintvpublisher@justin.tv\platform\WINNT_x86-msvc\plugins\npjustintvpublish.dll
FF - plugin: c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\lsgpyp9t.default\extensions\seetooaddon@seetoo.com\plugins\npSeeTooAddon.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-11 22:37
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-11 22:39
ComboFix-quarantined-files.txt 2009-06-11 20:39

Pre-Run: 9,860,362,240 bytes free
Post-Run: 10,297,438,208 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=15 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
275 --- E O F --- 2009-06-09 23:24

[Damned]

Spybot - Search and Destroy *enabled* a ZoneAlarm Anti-Spyware *enabled*

Máš je zapnutý.


Neznám tolik Visty, postoupím to zkušenějšímu. Budeš muset vydržet, třeba i do zítra.

Já osobně tam nevidím nic špatného, ale víc hlav, víc ví.

[peacoq]

Takze je to zkusim znova, ale oboji jsem vypnul a potom odpojil od internetu, a jak rikam, stejne to zahlasilo, ze je to aktivni (...) Udelam ten test jeste jednou a vlozil vysledek s tim, ze kompl teda nejevi znamky problemu (az na sem-tam problem nacost CD).
Diky, poradil jsi mi co jsi uznal za vhodne a pripadne se na to jeste podivas, ty nebo nekdo jiny. (ale snad tomu nic neni)

[Damned]

Dobrá, já už kontaktoval znalejšího.

[peacoq]

Ten panacek co ti pali na ikone by mel roztrilet Combofixa.
Vypnul jsem Spybot Residend (pokrocile nastaveni - nastroje, a zruseni, i zrusil 'zamecek-resident protection' na liste), srejne tak Zone Alarm (jednak vypnul ZA, a take v nastaveni Prefernce zrusil, hlidani klienta ZA),
..a stejen to hlasi, ze je to aktivni.
Ale je to poprve co CF bezi bez problemu, jinak jsem si s nim uz uzil dost a dost, jakoze nedojel do konce, shodil system, apod. (Mozna by to chtelo po zruseni rezidenta restartovat, ale uz to nebudu mucit, uz tak jsem rad, ze CF nedela to co jsem uz popsal.)
Mam dotaz nad timto souborem XnView instaloval jsem ta jiny program a v AppData - Roaming - XnView stale visi 8MB slozka.
2009-05-11 22:15 . 2008-07-20 08:42 -------- d-----w- c:\users\Dell\AppData\Roaming\XnView

Vysledek druheho testu (opet s aktivni rezidentni ochranou):
...
ComboFix 09-06-11.05 - Dell 11/06/2009 23:25.6 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.893.426 [GMT 2:00]
Running from: c:\users\Dell\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
.

((((((((((((((((((((((((( Files Created from 2009-05-11 to 2009-06-11 )))))))))))))))))))))))))))))))
.

2009-06-11 20:39 . 2009-06-11 21:32 -------- d-----w- c:\users\Dell\AppData\Local\temp
2009-06-10 23:38 . 2009-06-10 23:38 -------- d---a-w- c:\windows\system32\runouce.exe
2009-06-10 20:55 . 2004-05-04 10:53 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2009-06-09 23:19 . 2009-04-21 11:39 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-08 12:30 . 2007-01-12 08:51 303104 ----a-w- c:\windows\sttray.exe
2009-06-08 12:28 . 2007-01-12 08:52 647680 ----a-w- c:\windows\system32\drivers\stwrt.sys
2009-06-08 12:28 . 2007-01-12 08:51 238592 ----a-w- c:\windows\system32\stapi32.dll
2009-06-08 12:28 . 2009-06-08 12:28 -------- d-----w- c:\program files\SigmaTel
2009-06-08 12:28 . 2006-11-22 12:16 45568 ----a-w- c:\windows\system32\ctppld.dll
2009-06-06 15:22 . 2009-06-06 15:23 -------- d-----w- c:\program files\QuickTime
2009-06-06 15:22 . 2009-06-06 15:22 -------- d-----w- c:\programdata\Apple Computer
2009-05-30 14:26 . 2009-05-30 14:26 -------- d-----w- c:\windows\system32\QuickTime
2009-05-28 16:46 . 2009-05-28 16:48 -------- d-----w- c:\windows\system32\ca-ES
2009-05-28 16:46 . 2009-05-28 16:47 -------- d-----w- c:\windows\system32\eu-ES
2009-05-28 16:46 . 2009-05-28 16:47 -------- d-----w- c:\windows\system32\vi-VN
2009-05-28 16:26 . 2009-05-28 16:26 -------- d-----w- c:\windows\system32\EventProviders
2009-05-28 16:24 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-05-28 16:22 . 2009-04-11 06:28 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-05-28 16:21 . 2009-04-11 06:28 547840 ----a-w- c:\windows\system32\wiaaut.dll
2009-05-28 16:20 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-05-19 17:44 . 2009-05-19 17:46 -------- d-----w- c:\users\Dell\AppData\Local\SeeToo
2009-05-19 17:41 . 2008-12-24 15:46 221184 ----a-w- c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\lsgpyp9t.default\extensions\seetooaddon@seetoo.com\plugins\npSeeTooAddon.dll
2009-05-19 17:27 . 2008-12-18 09:19 1796096 ----a-w- c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\lsgpyp9t.default\extensions\justintvpublisher@justin.tv\platform\WINNT_x86-msvc\plugins\npjustintvpublish.dll
2009-05-17 11:30 . 2009-05-17 11:30 -------- d-----w- c:\program files\TVAnts
2009-05-13 21:24 . 2009-05-13 21:24 -------- d-----w- c:\users\Dell\AppData\Local\Apple Computer
2009-05-13 20:49 . 2009-05-13 20:49 -------- d-----w- c:\program files\Apple Software Update
2009-05-13 20:49 . 2009-05-13 20:49 -------- d-----w- c:\programdata\Apple
2009-05-13 20:49 . 2009-05-13 20:49 -------- d-----w- c:\users\Dell\AppData\Local\Apple
2009-05-13 20:26 . 2009-05-13 20:26 -------- d-----w- c:\users\Dell\AppData\Roaming\GRETECH
2009-05-13 15:23 . 2009-05-16 21:24 -------- d-----w- c:\users\Dell\AppData\Local\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-11 21:24 . 2009-04-15 10:19 350192 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2009-06-11 20:25 . 2008-07-18 01:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-11 15:22 . 2008-10-27 20:23 1 ----a-w- c:\users\Dell\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-11 12:38 . 2008-07-18 02:28 -------- d-----w- c:\users\Dell\AppData\Roaming\Skype
2009-06-11 12:20 . 2008-07-18 02:32 -------- d-----w- c:\users\Dell\AppData\Roaming\skypePM
2009-06-10 23:21 . 2008-12-11 19:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 23:20 . 2009-01-10 00:57 3371383 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-10 20:55 . 2009-02-07 17:23 -------- d-----w- c:\program files\BurnAware Free
2009-06-10 17:50 . 2008-08-04 17:58 -------- d-----w- c:\users\Dell\AppData\Roaming\uTorrent
2009-06-07 13:23 . 2009-03-21 09:14 117760 ----a-w- c:\users\Dell\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-02 18:07 . 2008-07-18 00:59 -------- d-----w- c:\program files\ATI
2009-05-30 20:02 . 2008-12-05 22:58 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-28 16:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-05-28 16:48 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-28 16:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-28 16:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-05-28 16:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-05-28 16:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-28 16:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-05-28 16:46 . 2008-12-11 15:55 -------- d-----w- c:\program files\Microsoft Games
2009-05-28 16:46 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-26 11:20 . 2008-12-11 19:40 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 11:19 . 2008-12-11 19:40 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-22 15:49 . 2009-03-22 17:52 -------- d-----w- c:\program files\Call of Duty
2009-05-13 20:34 . 2009-03-29 21:38 -------- d-----w- c:\program files\Real Alternative
2009-05-13 20:24 . 2009-04-25 13:08 -------- d-----w- c:\program files\GRETECH
2009-05-11 22:15 . 2008-07-20 08:42 -------- d-----w- c:\users\Dell\AppData\Roaming\XnView
2009-05-11 15:28 . 2009-05-11 15:28 -------- d-----w- c:\program files\MSXML 4.0
2009-05-11 15:28 . 2009-05-11 15:28 -------- d-----w- c:\program files\OLYMPUS
2009-05-09 05:50 . 2009-06-09 23:18 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-09 23:18 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-06 13:15 . 2009-05-06 13:15 234 ----a-w- c:\users\Dell\AppData\Roaming\JLC's Software\Internet TV\Update.exe
2009-05-05 19:43 . 2009-01-04 13:46 -------- d-----w- c:\users\Dell\AppData\Roaming\gtk-2.0
2009-04-29 18:37 . 2009-04-29 18:37 -------- d-----w- c:\programdata\Avira
2009-04-29 18:37 . 2009-04-29 18:37 -------- d-----w- c:\program files\Avira
2009-04-23 12:15 . 2009-06-09 23:18 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:14 . 2009-06-09 23:18 623616 ----a-w- c:\windows\system32\localspl.dll
2009-04-11 06:33 . 2009-05-28 16:23 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-11 06:33 . 2009-05-28 16:22 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-11 06:33 . 2009-05-28 16:22 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 06:33 . 2009-05-28 16:23 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-11 06:33 . 2009-05-28 16:23 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-11 06:28 . 2009-05-28 16:22 342528 ----a-w- c:\windows\system32\zipfldr.dll
2009-04-11 06:27 . 2009-05-28 16:23 441344 ----a-w- c:\windows\system32\SearchIndexer.exe
2009-04-11 06:22 . 2009-05-28 16:21 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-11 06:21 . 2009-05-28 16:21 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-11 05:42 . 2009-05-28 16:21 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-11 05:03 . 2009-05-28 16:23 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 04:57 . 2009-05-28 16:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-11 04:54 . 2009-05-28 16:21 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-11 04:52 . 2009-05-28 16:22 248320 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2009-04-11 04:51 . 2009-05-28 16:21 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-11 04:47 . 2009-05-28 16:21 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-11 04:46 . 2009-05-28 16:21 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-11 04:46 . 2009-05-28 16:21 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-11 04:46 . 2009-05-28 16:21 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-11 04:46 . 2009-05-28 16:21 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-11 04:46 . 2009-05-28 16:21 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-11 04:46 . 2009-05-28 16:22 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-11 04:45 . 2009-05-28 16:21 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-11 04:45 . 2009-05-28 16:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-11 04:45 . 2009-05-28 16:22 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-11 04:45 . 2009-05-28 16:22 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-11 04:45 . 2009-05-28 16:21 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-11 04:45 . 2009-05-28 16:21 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-11 04:43 . 2009-05-28 16:21 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-11 04:43 . 2009-05-28 16:22 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-11 04:42 . 2009-05-28 16:22 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-11 04:42 . 2009-05-28 16:22 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-11 04:42 . 2009-05-28 16:22 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-11 04:42 . 2009-05-28 16:22 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-11 04:42 . 2009-05-28 16:21 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2009-04-11 04:42 . 2009-05-28 16:22 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-11 04:42 . 2009-05-28 16:21 12800 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-04-11 04:42 . 2009-05-28 16:21 39424 ----a-w- c:\windows\system32\drivers\hidclass.sys
2009-04-11 04:42 . 2009-05-28 16:21 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-11 04:42 . 2009-05-28 16:23 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-04-11 04:39 . 2009-05-28 16:21 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-11 04:39 . 2009-05-28 16:21 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-04-11 04:39 . 2009-05-28 16:21 11776 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2009-04-11 04:39 . 2009-05-28 16:21 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-04-11 04:38 . 2009-05-28 16:22 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2009-04-11 04:27 . 2009-05-28 16:21 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-04-11 04:23 . 2009-05-28 16:23 626176 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-11 04:23 . 2009-05-28 16:21 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-04-11 04:23 . 2009-05-28 16:21 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-04-11 04:22 . 2009-05-28 16:21 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2009-04-11 04:19 . 2009-05-28 16:22 89088 ----a-w- c:\windows\system32\drivers\sdbus.sys
2009-04-11 04:15 . 2009-05-28 16:22 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-11 04:15 . 2009-05-28 16:22 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-04-11 04:15 . 2009-05-28 16:22 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-04-11 04:14 . 2009-05-28 16:22 351744 ----a-w- c:\windows\system32\drivers\csc.sys
2009-04-11 04:14 . 2009-05-28 16:22 114688 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-04-11 04:14 . 2009-05-28 16:22 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-11 04:14 . 2009-05-28 16:23 225280 ----a-w- c:\windows\system32\drivers\rdbss.sys
2009-04-11 04:14 . 2009-05-28 16:22 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2009-04-11 04:14 . 2009-05-28 16:22 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-04-11 04:14 . 2009-05-28 16:21 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2009-04-11 04:14 . 2009-05-28 16:21 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2009-04-11 04:13 . 2009-05-28 16:21 226816 ----a-w- c:\windows\system32\drivers\udfs.sys
2007-02-21 19:48 . 2007-02-21 19:48 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-06-11_20.37.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-17 08:56 . 2009-06-11 19:10 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-17 08:56 . 2009-06-11 20:40 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-17 08:56 . 2009-06-11 20:40 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-17 08:56 . 2009-06-11 19:10 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-17 08:56 . 2009-06-11 20:40 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-17 08:56 . 2009-06-11 19:10 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 143360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"V0250Mon.exe"="c:\windows\V0250Mon.exe" [2006-06-07 32768]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-08 24576]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-30 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"V0250Cfg.exe"="V0250Cfg.exe" - c:\windows\V0250Cfg.exe [2005-12-16 20480]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-01-12 303104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-12-27 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
"VistaSp2"=hex(b):06,b9,15,e9,b4,df,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4FE7EC16-90C3-4DF6-A550-035F37455790}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DA9A6868-810D-437D-8E1A-B2E91910966F}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{7252612B-BA6E-4980-A8F1-C97A7E3447C6}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{13C78979-3DEF-43ED-A09B-F96C2D32B829}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent (TCP-In)
"{0674E638-0F9B-4BE9-A9FE-625C23D43839}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent (UDP-In)
"TCP Query User{12F775D1-2767-4B23-BBE2-BD9425317C11}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{7123CB8B-60B5-46CD-BA49-6D12DC57DD81}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{3E7C58D1-1F01-4E2F-87B5-8A03E0CB2072}"= c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{733154CC-D232-4C3A-BDDE-306E37896347}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [15/01/2009 17:17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15/01/2009 17:17 55024]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [29/04/2009 20:37 108289]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [23/02/2009 13:36 1153368]
R3 V0250Dev;Live! Cam Notebook Pro;c:\windows\System32\drivers\V0250Dev.sys [23/07/2008 11:44 169696]
R3 V0250Vfx;V0250Vfx;c:\windows\System32\drivers\V0250Vfx.sys [23/07/2008 11:44 6272]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\System32\drivers\s115bus.sys [23/04/2007 13:54 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\System32\drivers\s115mdfl.sys [23/04/2007 13:54 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\System32\drivers\s115mdm.sys [23/04/2007 13:54 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s115mgmt.sys [23/04/2007 13:54 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\System32\drivers\s115obex.sys [23/04/2007 13:54 98568]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15/01/2009 17:17 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\lsgpyp9t.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\lsgpyp9t.default\extensions\justintvpublisher@justin.tv\platform\WINNT_x86-msvc\plugins\npjustintvpublish.dll
FF - plugin: c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\lsgpyp9t.default\extensions\seetooaddon@seetoo.com\plugins\npSeeTooAddon.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-11 23:32
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

[0] 0x89E45D8B

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-11 23:34
ComboFix-quarantined-files.txt 2009-06-11 21:34
ComboFix2.txt 2009-06-11 20:39

Pre-Run: 10,604,564,480 bytes free
Post-Run: 10,462,900,224 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=15 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
281 --- E O F --- 2009-06-09 23:24

[Damned]

Postoupil jsem to klukovy co lépe zná Visty. Máš tam nějaký skrytý proces, nechám to na něm.

[peacoq]

Dekuju.
Jeste vlozim screeny slozek Qoobox, ERDNT, ..kdyby v tom nekdo neco vylustil.
Pri pravidelnem cisteni CCleanerem se po testu Combo Fixu objevily extra-zapisi ke smazani z registru (kdyby to nejak souviselo):
HKCU\Software\Kazaa
HKCU\Software\Wget
HKLM\Software\knight


ComboFix Qoobox


ComboFix ERDNT


Tady jsem dohledal stary screen karanteny posledniho testovani ComboFixem:

[jaro3]

ZoneAlarm Anti-Spyware- antispywarový program od Zone Labs- deaktivuj nastálo rez. ochranu u Spybota , nebo ho odinstaluj.A nebo opačně...

c:\users\Dell\AppData\Roaming\XnView --XnView je program určený k prohlížení a konverzi grafických souborů. XnView si poradí s více než 400 grafickými formáty (např. PNG, JPEG, Targa, Alias, Softimage, Tdi, Gif, Rgb, Photo CD, Photoshop aj.) a dokáže uložit obrázek či fotografii v 50 z nich.
Musíš odinstalovat, pokud si zkoušel , můžeš celou složku smazat.

HKCU\Software\Kazaa
HKCU\Software\Wget
HKLM\Software\knight –pozůstatky po nakažených klíčích..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
c:\windows\system32\runouce.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Screeny z karantén CF O.K..Po odinstalaci CF a pročištění T-Cleanerem zmizí.
PC je bez nákaz.
Add: CD- nejspíše slabší laser v mechanice.

Aktualizuj javu:
Java SE Runtime Environment 6u13
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u13-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Pokud budou problémy s odinstalací jav:
http://www.stahuj.centrum.cz/utility_a_ ... ni/javara/