SAS registry, prosim o kontrolu Vyřešeno

[PinkGirl]

Ahoj

Staram se o kompl sama, (Ccleaner, Spybot) i Super ASntiSpyware pouzivam, ale SAS jeste nikdy nemel tolik prace. Tam, kde je ted na obrazku -1- bylo pri prvnim scanu -24- nalezu typu Unclassified.Unknown Origin, a predtim jsem nic takoveho nevidela. Vzdy jen Cookies.


Cistila jsem dukladneji v rade po sobe, Ccleaner, Spybot, SAS, anti-vir. Je to log po druhem testu, kdy tam po prvnim smazani neco zustalo.
Malwarebyts nic nenasel, a kompl nejevi problem. Hijack This Log prilozen.
Vidim, ze to nejak souvisi s Internet Explorer (vubec ho nepouzivam, defaultni je Mozilla a jiny nemam).
...
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/22/2009 at 07:36 PM

Application Version : 4.25.1012

Core Rules Database Version : 3769
Trace Rules Database Version: 1729

Scan type : Quick Scan
Total Scan Time : 00:51:23

Memory items scanned : 714
Memory threats detected : 0
Registry items scanned : 438
Registry threats detected : 1
File items scanned : 20415
File threats detected : 0

Unclassified.Unknown Origin
HKU\S-1-5-21-1598581666-763728536-1650842332-1000\Software\Microsoft\Internet Explorer\URLSearchHooks#{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
...
Malwarebytes' Anti-Malware 1.34
Database version: 1792
Windows 6.0.6001 Service Pack 1

22/02/2009 19:53:28
mbam-log-2009-02-22 (19-53-28).txt

Scan type: Quick Scan
Objects scanned: 52489
Time elapsed: 5 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54:03, on 22/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\V0250Mon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [V0250Mon.exe] C:\Windows\V0250Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\BurnAware Free\nmsaccessu.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 5810 bytes
...

[Reklama]

[jaro3]

Vypni rez. ochranu u Aviry a deaktivuj Spybot.
Pokud máš 32 bitovou verzi win, postupuj takto:
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[PinkGirl]

Udelam co pises.
Tady je zati fotka na uloz-to, kdyz nesla otevrit.

[PinkGirl]

To byla hruuuuza
Nevedela jsem co s tim Spybotem, tak jsem ho odinstalovala (dam si ho pak zpet), Aviru jsem zastavila (po restartu se zase sama rozdehla).

Combo Fix byl pusteny jako Administrator z plochy.
Pri spusteni firewall zadal povoleni pro PING.exe, Combo Fox vytvoril Systm Restore Point, a ted sem se poradne spotila, napsalo to:
Deleting files
C:\Windows\regedit.com
C:\Windows\system32taskmgr.com

Pak to valilo Completed Stage_1 .. 50 (u 50satky firewall zada povoleni pro psexec.cfexe) ...pak dojel a vyplivnul log.
Jenze behem toho zmizela lista a vsechny ikony (tapeta zustala), takze vyskocil log, a lista porad nikde, a porad nikde 10 minut a porad nic.
Tak jsem Ctrl+Alt+Delete vycucla Task Managera a pres nej restartovala. Restartoval se, a zadal heslo, jak ma ..ale neslo psat neslo napsat heslo, tak jsem kompl vypla na uvodni obrazovce s pozadavkem na heslo (nikdy jsem si toho nejak nevsimla, ale vpravo dole byl na to cudlik).

Kompl zase najel, zadal heslo a tentokrat psat uz slo ...na plose se objevila ikona IE (nebyla tam), a pri otevreni briwseru Mozilla nebyla defaultni (coz predtim byla.)

Log ..na disku C: jsou dva soubory *txt: ComboFix.txt vytvoren 20:57, a log.txt vytvoren 20:59, oba maji velikost 16,402 (me se jevi jako uplne shodne, prilozen je ten log.txt):
...
ComboFix 09-02-21.01 - Dell 2009-02-22 20:49:21.4 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.893.300 [GMT 1:00]
Running from: c:\users\Dell\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2009-01-22 to 2009-02-22 )))))))))))))))))))))))))))))))
.

2009-02-22 20:27 . 2009-02-22 20:27 <DIR> d-------- c:\program files\XviD
2009-02-22 20:26 . 2009-02-22 20:26 <DIR> d-------- c:\program files\Gabest
2009-02-22 20:26 . 2009-02-22 20:26 <DIR> d-------- c:\program files\AviSynth 2.5
2009-02-22 20:26 . 2009-02-22 20:27 <DIR> d-------- c:\program files\AutoGK
2009-02-22 18:11 . 2009-02-22 18:21 129 --a------ c:\windows\mp3wavcon.ini
2009-02-22 18:10 . 2003-12-15 12:43 1,871,872 --a------ c:\windows\System32\NCTAudioFile2.dll
2009-02-22 18:10 . 2003-12-08 12:19 425,984 --a------ c:\windows\System32\NCTAudioTransform2.dll
2009-02-22 18:10 . 2002-01-05 14:37 344,064 --a------ c:\windows\System32\msvcr70.dll
2009-02-22 18:10 . 2004-12-01 14:43 315,392 --a------ c:\windows\System32\NCTAudioPlayer2.dll
2009-02-22 18:10 . 2003-08-07 14:01 237,568 --a------ c:\windows\System32\lame_enc.dll
2009-02-22 18:10 . 2009-02-22 18:21 5 --a------ c:\windows\System32\SySMP3OC.dat
2009-02-13 16:57 . 2009-02-13 16:57 <DIR> d-------- c:\windows\System32\custom matrices
2009-02-13 16:57 . 2009-02-13 16:58 <DIR> d-------- c:\windows\System32\C2MP
2009-02-13 16:50 . 2009-02-13 16:51 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-13 16:49 . 2009-02-13 16:49 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-13 15:14 . 2009-02-13 15:14 <DIR> d-------- c:\program files\Search Settings
2009-02-11 12:05 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 12:05 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-07 18:23 . 2009-02-07 18:23 <DIR> d-------- c:\program files\BurnAware Free
2009-02-07 18:23 . 2004-05-04 11:53 1,645,320 --a------ c:\windows\System32\gdiplus.dll
2009-02-06 22:59 . 2009-02-06 22:59 <DIR> d-------- c:\users\All Users\ATI
2009-02-06 22:59 . 2009-02-06 22:59 <DIR> d-------- c:\programdata\ATI
2009-02-06 22:43 . 2009-02-06 22:46 <DIR> d-------- c:\program files\ICQ6
2009-02-04 19:54 . 2009-02-04 19:54 <DIR> d-------- c:\users\Dell\GUI Converter
2009-02-01 13:51 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-01 13:51 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-01 13:51 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-01 13:51 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-01 13:51 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-01 13:51 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-01 13:51 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-01 13:51 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-01 13:41 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-01 13:41 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-01 13:41 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-01 13:40 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-01 13:40 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-01-25 22:10 . 2009-01-25 22:10 179,200 --a------ c:\windows\System32\xvidvfw.dll
2009-01-24 23:21 . 2009-01-24 23:21 <DIR> d-------- c:\users\All Users\Creative
2009-01-24 23:21 . 2009-01-24 23:21 <DIR> d-------- c:\programdata\Creative

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 19:39 348,371 ---ha-w c:\windows\system32\drivers\vsconfig.xml
2009-02-22 19:37 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-02-22 17:43 --------- d-----w c:\users\Dell\AppData\Roaming\uTorrent
2009-02-22 13:03 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-21 11:56 --------- d-----w c:\users\Dell\AppData\Roaming\Skype
2009-02-21 11:55 --------- d-----w c:\users\Dell\AppData\Roaming\skypePM
2009-02-20 19:33 --------- d-----w c:\users\Dell\AppData\Roaming\gtk-2.0
2009-02-16 15:29 --------- d-----w c:\programdata\Apple Computer
2009-02-15 13:09 --------- d-----w c:\program files\Call of Duty
2009-02-13 15:50 --------- d-----w c:\users\Dell\AppData\Roaming\SUPERAntiSpyware.com
2009-02-11 11:42 --------- d-----w c:\program files\Windows Mail
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-06 21:58 --------- d-----w c:\program files\ATI Technologies
2009-02-04 19:37 --------- d-----w c:\program files\OpenOffice.org 3
2009-01-25 18:18 --------- d-----w c:\users\Dell\AppData\Roaming\Flock
2009-01-24 22:21 --------- d-----w c:\users\Dell\AppData\Roaming\Creative
2009-01-20 15:24 --------- d-----w c:\program files\Trend Micro
2009-01-16 22:54 626,688 ----a-w c:\windows\System32\msvcr80.dll
2009-01-16 22:54 548,864 ----a-w c:\windows\System32\msvcp80.dll
2009-01-16 22:08 --------- d-----w c:\program files\AMD
2009-01-16 22:06 --------- d-----w c:\program files\Lavalys
2009-01-15 16:09 --------- d-----w c:\program files\Zone Labs
2009-01-14 07:15 4,235,776 ----a-w c:\windows\system32\drivers\atikmdag.sys
2009-01-14 05:03 425,984 ----a-w c:\windows\System32\ATIDEMGX.dll
2009-01-14 05:02 159,744 ----a-w c:\windows\System32\atitmmxx.dll
2009-01-14 05:01 43,520 ----a-w c:\windows\System32\ati2edxx.dll
2009-01-14 05:01 348,160 ----a-w c:\windows\System32\atipdlxx.dll
2009-01-14 05:01 286,720 ----a-w c:\windows\System32\Ati2evxx.dll
2009-01-14 05:01 274,432 ----a-w c:\windows\System32\Oemdspif.dll
2009-01-14 04:59 729,088 ----a-w c:\windows\System32\Ati2evxx.exe
2009-01-14 04:44 3,963,392 ----a-w c:\windows\System32\atiumdag.dll
2009-01-14 04:22 4,765,696 ----a-w c:\windows\System32\atiumdva.dll
2009-01-14 04:08 50,688 ----a-w c:\windows\System32\amdpcom32.dll
2009-01-14 04:07 122,880 ----a-w c:\windows\System32\atiadlxx.dll
2009-01-14 03:59 11,247,616 ----a-w c:\windows\System32\atioglxx.dll
2009-01-14 03:50 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-01-14 02:54 57,344 ----a-w c:\windows\System32\amdcalrt.dll
2009-01-14 02:53 53,248 ----a-w c:\windows\System32\amdcalcl.dll
2009-01-14 02:51 3,239,936 ----a-w c:\windows\System32\amdcaldd.dll
2009-01-13 22:40 --------- d-----w c:\program files\Java
2009-01-12 18:16 426,960 ----a-w c:\windows\System32\TomsMoComp_ff.dll
2009-01-12 18:13 331,461 ----a-w c:\windows\System32\ff_kernelDeint.dll
2009-01-11 20:25 --------- d-----w c:\users\Dell\AppData\Roaming\GHISLER
2009-01-11 17:36 4,372,954 ----a-w c:\windows\System32\libavcodec.dll
2009-01-10 22:17 163,840 ----a-w c:\windows\System32\ts.dll
2009-01-10 22:16 335,872 ----a-w c:\windows\System32\gdsmux.exe
2009-01-10 22:16 148,480 ----a-w c:\windows\System32\mkx.dll
2009-01-10 22:16 141,312 ----a-w c:\windows\System32\mp4.dll
2009-01-10 22:16 108,032 ----a-w c:\windows\System32\avi.dll
2009-01-10 22:15 97,280 ----a-w c:\windows\System32\avs.dll
2009-01-10 22:15 246,784 ----a-w c:\windows\System32\dxr.dll
2009-01-10 22:15 159,744 ----a-w c:\windows\System32\mmfinfo.dll
2009-01-10 22:15 135,168 ----a-w c:\windows\System32\mkv2vfr.exe
2009-01-10 22:15 120,832 ----a-w c:\windows\System32\ogm.dll
2009-01-10 22:15 103,424 ----a-w c:\windows\System32\dsmux.exe
2009-01-10 22:15 102,400 ----a-w c:\windows\System32\avss.dll
2009-01-10 22:14 79,360 ----a-w c:\windows\System32\mkzlib.dll
2009-01-10 22:14 23,552 ----a-w c:\windows\System32\mkunicode.dll
2009-01-10 15:58 145,609 ----a-w c:\windows\System32\libmpeg2_ff.dll
2009-01-09 20:03 560,802 ----a-w c:\windows\System32\libmplayer.dll
2009-01-08 23:01 629,760 ----a-w c:\windows\System32\xvidcore.dll
2009-01-07 21:28 --------- d-----w c:\users\Dell\AppData\Roaming\GRETECH
2009-01-07 21:28 --------- d-----w c:\program files\GRETECH
2009-01-07 19:54 --------- d-----w c:\users\Dell\AppData\Roaming\DivX
2009-01-05 17:53 884,237 ----a-w c:\windows\System32\ff_x264.dll
2009-01-04 22:05 --------- d-----w c:\program files\Avidemux 2.4
2009-01-04 13:47 --------- d-----w c:\users\Dell\AppData\Roaming\avidemux
2009-01-01 23:27 --------- d-----w c:\users\Dell\AppData\Roaming\XnView
2008-12-30 14:40 --------- d-----w c:\program files\CCleaner
2008-12-29 21:09 --------- d-----w c:\program files\ATI
2008-12-29 20:31 --------- d-----w c:\program files\Broadcom
2008-12-29 20:19 --------- d-----w c:\program files\Cisco
2008-12-29 20:16 --------- d-----w c:\users\Dell\AppData\Roaming\InstallShield
2008-12-29 20:16 --------- d-----w c:\program files\Dell
2008-12-21 21:46 351,744 ----a-w c:\windows\System32\avisynth.dll
2008-12-17 20:33 28,672 ----a-w c:\windows\System32\eEmpty.exe
2008-12-16 09:20 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-12-16 09:20 56 ---ha-w c:\programdata\ezsidmv.dat
2008-12-12 16:57 142,848 ----a-w c:\windows\System32\ff_liba52.dll
2008-12-11 20:23 9,123 ----a-w C:\ResetTeaTimer.bat
2008-12-09 18:57 183,296 ----a-w c:\windows\System32\ff_samplerate.dll
2008-12-09 18:57 178,688 ----a-w c:\windows\System32\ff_libmad.dll
2008-12-09 18:57 113,152 ----a-w c:\windows\System32\ff_unrar.dll
2008-12-09 18:56 485,888 ----a-w c:\windows\System32\ff_libfaad2.dll
2008-12-09 18:56 257,024 ----a-w c:\windows\System32\ff_libdts.dll
2008-12-09 18:56 146,944 ----a-w c:\windows\System32\ff_tremor.dll
2008-12-08 12:53 93,184 ----a-w c:\windows\System32\ff_wmv9.dll
2008-12-08 12:53 57,344 ----a-w c:\windows\System32\ff_vfw.dll
2008-12-05 22:57 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-07-20 17:52 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-22 266497]
"V0250Mon.exe"="c:\windows\V0250Mon.exe" [2006-06-08 32768]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-12-27 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4FE7EC16-90C3-4DF6-A550-035F37455790}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DA9A6868-810D-437D-8E1A-B2E91910966F}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{7252612B-BA6E-4980-A8F1-C97A7E3447C6}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{719856C9-0F8A-4E90-A8A0-95AA7B99290A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{13C78979-3DEF-43ED-A09B-F96C2D32B829}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent (TCP-In)
"{0674E638-0F9B-4BE9-A9FE-625C23D43839}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent (UDP-In)
"TCP Query User{12F775D1-2767-4B23-BBE2-BD9425317C11}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{7123CB8B-60B5-46CD-BA49-6D12DC57DD81}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{3E7C58D1-1F01-4E2F-87B5-8A03E0CB2072}"= c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R3 V0250Dev;Live! Cam Notebook Pro;c:\windows\System32\drivers\V0250Dev.sys [2008-07-23 169696]
R3 V0250Vfx;V0250Vfx;c:\windows\System32\drivers\V0250Vfx.sys [2008-07-23 6272]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\System32\drivers\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\System32\drivers\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\System32\drivers\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\System32\drivers\s115obex.sys [2007-04-23 98568]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\lsgpyp9t.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
1 file(s) moved.
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 20:55:00
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-22 20:57:48
ComboFix-quarantined-files.txt 2009-02-22 19:57:45

Pre-Run: 15,436,984,320 bytes free
Post-Run: 15,512,326,144 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
235 --- E O F --- 2009-02-20 13:09:36

[jaro3]

Log se po výmazech zdá čistý.
Toto otestuj na Virustotal
c:\windows\System32\wininet.dll
Vlož sem pak odkaz výsledku.

[PinkGirl]

Ahojda,
kdyz jsem se vzpamatovala z toho, jak neslo psat :) ...tak jsem SAS pustila znovu a po projevi pameti a registru je tam ten zapis porad Unclassified.Unknown Origin;

...
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/22/2009 at 07:36 PM

Application Version : 4.25.1012

Core Rules Database Version : 3769
Trace Rules Database Version: 1729

Scan type : Quick Scan
Total Scan Time : 00:51:23

Memory items scanned : 714
Memory threats detected : 0
Registry items scanned : 438
Registry threats detected : 1
File items scanned : 20415
File threats detected : 0

Unclassified.Unknown Origin
HKU\S-1-5-21-1598581666-763728536-1650842332-1000\Software\Microsoft\Internet Explorer\URLSearchHooks#{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
...
Nevim co presne je log VirusTtalu, je tam spousta textu v zaveru ''Rozsirenne informace''.
...
Soubor wininet.dll přijatý 2009.02.23 09:12:39 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/39 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.93 2009.02.23 -
AhnLab-V3 2009.2.23.1 2009.02.23 -
AntiVir 7.9.0.87 2009.02.23 -
Authentium 5.1.0.4 2009.02.22 -
Avast 4.8.1335.0 2009.02.22 -
AVG 8.0.0.237 2009.02.22 -
BitDefender 7.2 2009.02.23 -
CAT-QuickHeal 10.00 2009.02.22 -
ClamAV 0.94.1 2009.02.23 -
Comodo 983 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.23 -
eSafe 7.0.17.0 2009.02.19 -
eTrust-Vet 31.6.6368 2009.02.20 -
F-Prot 4.4.4.56 2009.02.22 -
F-Secure 8.0.14470.0 2009.02.23 -
Fortinet 3.117.0.0 2009.02.23 -
GData 19 2009.02.23 -
Ikarus T3.1.1.45.0 2009.02.23 -
K7AntiVirus 7.10.639 2009.02.21 -
Kaspersky 7.0.0.125 2009.02.23 -
McAfee 5533 2009.02.22 -
McAfee+Artemis 5533 2009.02.22 -
Microsoft 1.4306 2009.02.23 -
NOD32 3880 2009.02.23 -
Norman 6.00.06 2009.02.20 -
nProtect 2009.1.8.0 2009.02.23 -
Panda 10.0.0.10 2009.02.22 -
PCTools 4.4.2.0 2009.02.22 -
Prevx1 V2 2009.02.23 -
Rising 21.18.01.00 2009.02.23 -
SecureWeb-Gateway 6.7.6 2009.02.23 -
Sophos 4.39.0 2009.02.23 -
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.23 -
TheHacker 6.3.2.4.263 2009.02.21 -
TrendMicro 8.700.0.1004 2009.02.23 -
VBA32 3.12.10.0 2009.02.22 -
ViRobot 2009.2.20.1617 2009.02.20 -
VirusBuster 4.5.11.0 2009.02.22 -
Rozšiřující informace
File size: 827392 bytes
MD5...: fb79a2aa5e92653b9a394fe26d799bf8
SHA1..: 43c9ec603bafd029fadd624b37f3a69fdabd8b06
SHA256: 32078f9187c93831f73060894a79cca85cbc35f85434952ad45ab9df203ceb26
SHA512: fc3259ec7c9c59f35d74d39f4aeb9daf4205501aa8aae6d0e32039cb26566c24
3b8b0ee089a9bde249d39744b6f289e44e3d16cdc288ee6a3b979239c64c6121
ssdeep: 12288:3k+p7d80EidHyru31JreaZ7xYgokqwONoTPIot32dkMMIMMutuEfXlf:Um
hPvJBFj7xzOyTPjmdkMMIMMurl
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x7172169e
timedatestamp.....: 0x496ed17b (Thu Jan 15 06:02:35 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x9b230 0x9b400 6.60 d663c0427f3837223fbe2d16bdec3b26
.data 0x9d000 0x7798 0x4200 1.42 75410b0084e119c26f4e77bb0e9fc9b9
.rsrc 0xa5000 0x24d58 0x24e00 4.73 fb53221d321a79956b7c441500d550d9
.reloc 0xca000 0x56b0 0x5800 6.73 4903969d40cde619b28255e11242dd91

( 8 imports )
> msvcrt.dll: _isatty, _write, _lseeki64, _fileno, __pioinfo, __badioinfo, wctomb, _itoa, _snprintf, _iob, isleadbyte, _onexit, _lock, __dllonexit, _unlock, _adjust_fdiv, _amsg_exit, _initterm, _XcptFilter, islower, __isascii, strtol, memmove, strrchr, atoi, realloc, free, malloc, wcstok, _vsnprintf, memcpy, memset, _vsnwprintf, wcsncmp, bsearch, _wcsnicmp, _wtoi, _wcsicmp, isupper, strncmp, wcsstr, _purecall, _mbstok, iscntrl, ispunct, strtoul, time, iswdigit, isalpha, atol, isalnum, _errno, isspace, strpbrk, isdigit, isxdigit, memchr
> ntdll.dll: RtlConvertSidToUnicodeString, RtlUnwind, RtlMoveMemory
> SHLWAPI.dll: SHRegGetValueW, PathAddBackslashW, -, SHRegGetValueA, StrRChrW, PathRemoveBackslashA, PathRemoveFileSpecA, -, PathRemoveBlanksA, PathAddBackslashA, -, PathAppendA, -, PathUnExpandEnvStringsA, PathRenameExtensionA, SHDeleteKeyA, SHDeleteValueW, StrCmpNIW, StrCmpNIA, StrStrA, -, StrChrW, StrChrA, -, -, UrlCombineW, UrlCanonicalizeW, -, PathCreateFromUrlW, UrlUnescapeA, UrlCombineA, UrlCanonicalizeA, StrToIntW, StrCmpW, StrCmpNA, StrRChrA, StrToIntA, StrStrIW, SHGetValueA, SHSetValueA, SHGetValueW, SHSetValueW, -, -, PathCombineW, PathFindFileNameW, StrStrIA
> ADVAPI32.dll: RegDeleteKeyA, RegCreateKeyExW, RegDeleteValueW, RegSetValueExW, RegQueryValueExW, CryptAcquireContextA, CryptGenRandom, CryptReleaseContext, RegOpenKeyA, RegEnumKeyA, TraceEvent, DuplicateTokenEx, ConvertStringSidToSidA, GetLengthSid, SetTokenInformation, CreateProcessAsUserA, ConvertStringSecurityDescriptorToSecurityDescriptorA, GetSidSubAuthorityCount, GetSidSubAuthority, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, RegDeleteValueA, OpenThreadToken, OpenProcessToken, GetTokenInformation, RegOpenKeyExW, UnregisterTraceGuids, RegisterTraceGuidsA, RegQueryInfoKeyW, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, RegCreateKeyExA, RegSetValueExA, RegOpenKeyExA, RegQueryValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegCloseKey, GetUserNameA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, QueryServiceStatus
> KERNEL32.dll: DosDateTimeToFileTime, GetEnvironmentVariableA, GetShortPathNameA, GetShortPathNameW, FindFirstFileA, RemoveDirectoryA, FindNextFileA, FindClose, GetDiskFreeSpaceExA, CopyFileA, SetFileTime, CreateDirectoryA, GetWindowsDirectoryA, GetSystemDirectoryA, GetPrivateProfileStringA, GetFileAttributesA, SetFileAttributesA, GetFileAttributesExA, FileTimeToDosDateTime, GetFileSizeEx, lstrcmpW, RaiseException, MoveFileExA, MoveFileA, LocalFileTimeToFileTime, CreateSemaphoreA, ReleaseSemaphore, GetCurrentProcessId, GetFileTime, lstrcmpA, GetModuleHandleExA, ResumeThread, FreeLibraryAndExitThread, ExpandEnvironmentStringsA, GetSystemTimeAsFileTime, DeleteFileW, GetACP, InterlockedExchangeAdd, CreateThread, Sleep, OpenMutexA, GetModuleHandleA, FormatMessageA, SetErrorMode, FlushViewOfFile, SystemTimeToFileTime, GetTickCount, TlsFree, TlsGetValue, GetCurrentThreadId, TlsSetValue, TlsAlloc, GetDateFormatA, GetTimeFormatA, GlobalAlloc, InterlockedCompareExchange, GetCurrentThread, GetCurrentProcess, IsDBCSLeadByte, IsValidCodePage, GlobalFree, lstrlenW, DeleteFileA, FormatMessageW, GetSystemTime, WritePrivateProfileStringA, GetVersionExA, GetModuleFileNameA, WriteFile, SetFilePointer, CreateFileW, CreateFileA, GetFileSize, ReadFile, FileTimeToSystemTime, LocalReAlloc, InitializeCriticalSection, InterlockedDecrement, lstrlenA, lstrcmpiA, InterlockedIncrement, DeleteCriticalSection, ResetEvent, LocalFree, ReleaseMutex, CompareStringA, CreateMutexA, CreateEventA, MultiByteToWideChar, WideCharToMultiByte, WaitForSingleObject, OutputDebugStringA, UnmapViewOfFile, SetEndOfFile, MapViewOfFileEx, CreateFileMappingA, OpenFileMappingA, LoadLibraryW, HeapFree, HeapAlloc, GetProcessHeap, GetTimeFormatW, GetDateFormatW, GetUserDefaultLCID, GetModuleFileNameW, GetComputerNameA, LoadResource, FindResourceExW, LocalAlloc, LoadLibraryExW, MapViewOfFile, CreateFileMappingW, GetLocaleInfoW, GetVersionExW, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, FindResourceW, SearchPathW, CreateActCtxW, ReleaseActCtx, ActivateActCtx, DeactivateActCtx, SetFileAttributesW, InitializeCriticalSectionAndSpinCount, WritePrivateProfileStringW, GetFileAttributesW, GetModuleHandleW, GlobalUnlock, GlobalLock, QueryPerformanceCounter, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDBCSLeadByteEx, GetProcAddress, LoadLibraryA, FreeLibrary, SetEvent, InterlockedExchange, CloseHandle, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, CompareStringW
> USER32.dll: CheckDlgButton, SendMessageW, SendMessageA, IsDlgButtonChecked, DefWindowProcA, SetWindowLongA, GetWindowLongA, RegisterClassW, CreateWindowExW, SetTimer, GetWindowTextW, MessageBoxW, CharNextA, GetWindowInfo, CharToOemA, CharUpperA, CharLowerW, IsCharAlphaNumericA, GetWindowThreadProcessId, EnumChildWindows, IsWindowVisible, GetAncestor, EnumWindows, CharNextExA, PostMessageA, IsWindow, SetWindowPos, SetDlgItemTextW, DestroyIcon, SetForegroundWindow, GetWindow, GetWindowRect, EqualRect, IntersectRect, EndDialog, SetFocus, GetDlgItem, SetWindowTextW, EnableWindow, KillTimer, FindWindowW, RegisterWindowMessageW, PostMessageW, DestroyWindow, LoadStringW, DialogBoxParamW, GetDesktopWindow, SendDlgItemMessageA, LoadIconA, LoadImageA, LoadStringA, CharLowerA
> Normaliz.dll: IdnToUnicode, IdnToAscii
> iertutil.dll: -, -, -, -

( 229 exports )
CommitUrlCacheEntryA, CommitUrlCacheEntryW, CreateMD5SSOHash, CreateUrlCacheContainerA, CreateUrlCacheContainerW, CreateUrlCacheEntryA, CreateUrlCacheEntryW, CreateUrlCacheGroup, DeleteIE3Cache, DeleteUrlCacheContainerA, DeleteUrlCacheContainerW, DeleteUrlCacheEntry, DeleteUrlCacheEntryA, DeleteUrlCacheEntryW, DeleteUrlCacheGroup, DetectAutoProxyUrl, DispatchAPICall, DllInstall, FindCloseUrlCache, FindFirstUrlCacheContainerA, FindFirstUrlCacheContainerW, FindFirstUrlCacheEntryA, FindFirstUrlCacheEntryExA, FindFirstUrlCacheEntryExW, FindFirstUrlCacheEntryW, FindFirstUrlCacheGroup, FindNextUrlCacheContainerA, FindNextUrlCacheContainerW, FindNextUrlCacheEntryA, FindNextUrlCacheEntryExA, FindNextUrlCacheEntryExW, FindNextUrlCacheEntryW, FindNextUrlCacheGroup, ForceNexusLookup, ForceNexusLookupExW, FreeUrlCacheSpaceA, FreeUrlCacheSpaceW, FtpCommandA, FtpCommandW, FtpCreateDirectoryA, FtpCreateDirectoryW, FtpDeleteFileA, FtpDeleteFileW, FtpFindFirstFileA, FtpFindFirstFileW, FtpGetCurrentDirectoryA, FtpGetCurrentDirectoryW, FtpGetFileA, FtpGetFileEx, FtpGetFileSize, FtpGetFileW, FtpOpenFileA, FtpOpenFileW, FtpPutFileA, FtpPutFileEx, FtpPutFileW, FtpRemoveDirectoryA, FtpRemoveDirectoryW, FtpRenameFileA, FtpRenameFileW, FtpSetCurrentDirectoryA, FtpSetCurrentDirectoryW, GetUrlCacheConfigInfoA, GetUrlCacheConfigInfoW, GetUrlCacheEntryInfoA, GetUrlCacheEntryInfoExA, GetUrlCacheEntryInfoExW, GetUrlCacheEntryInfoW, GetUrlCacheGroupAttributeA, GetUrlCacheGroupAttributeW, GetUrlCacheHeaderData, GopherCreateLocatorA, GopherCreateLocatorW, GopherFindFirstFileA, GopherFindFirstFileW, GopherGetAttributeA, GopherGetAttributeW, GopherGetLocatorTypeA, GopherGetLocatorTypeW, GopherOpenFileA, GopherOpenFileW, HttpAddRequestHeadersA, HttpAddRequestHeadersW, HttpCheckDavCompliance, HttpEndRequestA, HttpEndRequestW, HttpOpenRequestA, HttpOpenRequestW, HttpQueryInfoA, HttpQueryInfoW, HttpSendRequestA, HttpSendRequestExA, HttpSendRequestExW, HttpSendRequestW, IncrementUrlCacheHeaderData, InternetAlgIdToStringA, InternetAlgIdToStringW, InternetAttemptConnect, InternetAutodial, InternetAutodialCallback, InternetAutodialHangup, InternetCanonicalizeUrlA, InternetCanonicalizeUrlW, InternetCheckConnectionA, InternetCheckConnectionW, InternetClearAllPerSiteCookieDecisions, InternetCloseHandle, InternetCombineUrlA, InternetCombineUrlW, InternetConfirmZoneCrossing, InternetConfirmZoneCrossingA, InternetConfirmZoneCrossingW, InternetConnectA, InternetConnectW, InternetCrackUrlA, InternetCrackUrlW, InternetCreateUrlA, InternetCreateUrlW, InternetDial, InternetDialA, InternetDialW, InternetEnumPerSiteCookieDecisionA, InternetEnumPerSiteCookieDecisionW, InternetErrorDlg, InternetFindNextFileA, InternetFindNextFileW, InternetFortezzaCommand, InternetGetCertByURL, InternetGetCertByURLA, InternetGetConnectedState, InternetGetConnectedStateEx, InternetGetConnectedStateExA, InternetGetConnectedStateExW, InternetGetCookieA, InternetGetCookieExA, InternetGetCookieExW, InternetGetCookieW, InternetGetLastResponseInfoA, InternetGetLastResponseInfoW, InternetGetPerSiteCookieDecisionA, InternetGetPerSiteCookieDecisionW, InternetGetSecurityInfoByURL, InternetGetSecurityInfoByURLA, InternetGetSecurityInfoByURLW, InternetGoOnline, InternetGoOnlineA, InternetGoOnlineW, InternetHangUp, InternetInitializeAutoProxyDll, InternetLockRequestFile, InternetOpenA, InternetOpenUrlA, InternetOpenUrlW, InternetOpenW, InternetQueryDataAvailable, InternetQueryFortezzaStatus, InternetQueryOptionA, InternetQueryOptionW, InternetReadFile, InternetReadFileExA, InternetReadFileExW, InternetSecurityProtocolToStringA, InternetSecurityProtocolToStringW, InternetSetCookieA, InternetSetCookieExA, InternetSetCookieExW, InternetSetCookieW, InternetSetDialState, InternetSetDialStateA, InternetSetDialStateW, InternetSetFilePointer, InternetSetOptionA, InternetSetOptionExA, InternetSetOptionExW, InternetSetOptionW, InternetSetPerSiteCookieDecisionA, InternetSetPerSiteCookieDecisionW, InternetSetStatusCallback, InternetSetStatusCallbackA, InternetSetStatusCallbackW, InternetShowSecurityInfoByURL, InternetShowSecurityInfoByURLA, InternetShowSecurityInfoByURLW, InternetTimeFromSystemTime, InternetTimeFromSystemTimeA, InternetTimeFromSystemTimeW, InternetTimeToSystemTime, InternetTimeToSystemTimeA, InternetTimeToSystemTimeW, InternetUnlockRequestFile, InternetWriteFile, InternetWriteFileExA, InternetWriteFileExW, IsHostInProxyBypassList, IsUrlCacheEntryExpiredA, IsUrlCacheEntryExpiredW, LoadUrlCacheContent, ParseX509EncodedCertificateForListBoxEntry, PrivacyGetZonePreferenceW, PrivacySetZonePreferenceW, ReadUrlCacheEntryStream, RegisterUrlCacheNotification, ResumeSuspendedDownload, RetrieveUrlCacheEntryFileA, RetrieveUrlCacheEntryFileW, RetrieveUrlCacheEntryStreamA, RetrieveUrlCacheEntryStreamW, RunOnceUrlCache, SetUrlCacheConfigInfoA, SetUrlCacheConfigInfoW, SetUrlCacheEntryGroup, SetUrlCacheEntryGroupA, SetUrlCacheEntryGroupW, SetUrlCacheEntryInfoA, SetUrlCacheEntryInfoW, SetUrlCacheGroupAttributeA, SetUrlCacheGroupAttributeW, SetUrlCacheHeaderData, ShowCertificate, ShowClientAuthCerts, ShowSecurityInfo, ShowX509EncodedCertificate, UnlockUrlCacheEntryFile, UnlockUrlCacheEntryFileA, UnlockUrlCacheEntryFileW, UnlockUrlCacheEntryStream, UpdateUrlCacheContentPath, UrlZonesDetach, _GetFileExtensionFromUrl

[jaro3]

Podle mě omyl SAS, nechala sis aktualizovat? Podle logu z Combofixu tam nic takového není..

Vlož sem ještě nový log z HJT.

[PinkGirl]

Ano, SAS jede to po aktualizaci. Ted jsem to pustila a po 2 minutach to dojede na registry 106 .. a vyskoci zase 1 zapis typu Unclassified.Unknown Origin, test jsem zastavila, ale je to tam porad.
SAS jsem reinstalovala, vycistila Ccleanerem, a v testu je to tam zase, zase u polozky Registry 106 a vyskoci 1 nalez.
Jinak teda kompl nerika nic, jakoze by nemel jit.
...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:43:31, on 23/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\V0250Mon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [V0250Mon.exe] C:\Windows\V0250Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\BurnAware Free\nmsaccessu.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 5134 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe

Poté odinstaluj: C:\Program Files\Search Settings

Poté zkus test MbAM v nouzovém režimu, když něco najde -odstraň.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.

[PinkGirl]

Ahojda,
tak jeste porad ziju a kompl taky, ten jakoze nejvic, nevypada, ze by mu ani neco bylo.
Reinstalovany SAS dojel test se stejnym vysledkem, 1 zapis typu Unclassified.Unknown Origin (Dole je oprava, zase jsem to pustila a nic tam neni ..asi, test jeste jede.):


HJT: 03.. -se tam nenachazi / 04..SearchSettings -smazano a odinstalovano
Malwarebytes -nic
ATF, T-CLeaner -udelano

Snad se SAS nepo.., jede a zapla jsem net (jinak ho poustim bez netu), potom co jsem udelala co mela, zase sem ho pustila a je na Registry Items 104, a zatim nic nenasel. Ony se ty registry asi-nejak posouvaji protoze ten nalez vyskakoval u 109, 106 ..a v ten moment kontroloval hodne dat, a tedkom je na Registry Items 104, a nic. Podle me je to ten velky soubor registru jako predtim, kdy tam bylo 106 a dlouho se to kontrolovalo. Nalez nasel kolem 2he minuty, ted uz zase vali a je na Registry Items 400 a jede 15 minut, a nic. Jo uz dojel registry a nic tam neni (celej test jede 50 minut).
SAS dojel a nic nenasel. To vypada, ze to tam neni az po odstraneni SearchSettings.
jakoze jsi na to teda asik prisel. Udelale jsem vse, jak jsem mela :) (?)

[jaro3]

Jo , mělo by to být O.K:
Ta položka není 03 ,nýbrž R3.

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)

Jestli tam máš ještě složku : C:\Program Files\Search Settings\ ,tak jí můžeš smazat.
Pokud nejsou problémy , tak je to vše.

[PinkGirl]

me se asi v komplu meni pismenka R --> O muhehe ..spravim to, sorrac.
Slozka Search.. se sama smazala odinstalaci programu.
Takze jsi na to prisel, asik to bylo spojene s timto, mno, protze ja IE dobrovolne nepouzivam, jak to SAS porad nachazel.
To nam to pekne slo aaachjooo, skoda, ze uz je konec
Dekuji
...
Helemeles :) ono tam to R3 ani uz neni, tak proto jsem ho tam nemohla najit pri novem testu, kdyz jsem o mela smazat ...zmizelaaaaa ...hura.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:35:02, on 23/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\V0250Mon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\totalcmd\TOTALCMD.EXE
C:\Windows\Explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [V0250Mon.exe] C:\Windows\V0250Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\BurnAware Free\nmsaccessu.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 5595 bytes