Prosim o kontrolu logu - problem s grafickou kartou Vyřešeno

[rival]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:32:48, on 28.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20544)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ESET\ESET Smart Security\egui.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\ESET\ESET Smart Security\ekrn.exe
D:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Rival\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ad-Watch] D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nwiz] D:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ICQ] "D:\PROGRA~1\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Previesť cieľ odkazu do Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Previesť cieľ odkazu do existujúceho PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Previesť do Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Previesť vybraté odkazy do Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Previesť vybraté odkazy do existujúceho PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Previesť výber do Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Previesť výber do existujúceho PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Pridať do existujúceho súboru PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - D:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10148 bytes

[Reklama]

[rival]

neviem ci cinim dobre ale pre istotu posielam aj vysledok testu mwav. dakujem

** Scanning may fail! File Locked [SUSPICIOUS]: D:\WINDOWS\System32\Drivers\dtscsi.sys (????)
** Scanning may fail! File Locked [SUSPICIOUS]: D:\WINDOWS\system32\Drivers\sptd.sys (????)
Soubor D:\System Volume Information\_restore{3CFB1C7C-E1A9-4377-AA2D-3C1A5C8557BF}\RP34\A0056457.exe je infikovaný virem Gen:Adware.Heur.hq1@QWdMPvai (DB) !! Provedené akce: Ponecháno, neodstraněno!.

[rival]

a este kontrola mwav cisto na spyware, dakujem

Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Spyware.NetScreenWatch Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "ezula Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "CyberSitter Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Limewire Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\DirectAnimation.PathControl" odkazuje na neplatný objekt "{D7A7D7C3-D47F-11D0-89D3-00A0C90833E6}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\DirectAnimation.Sequence" odkazuje na neplatný objekt "{4F241DB1-EE9F-11D0-9824-006097C99E51}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\DirectAnimation.SequencerControl" odkazuje na neplatný objekt "{B0A6BAE2-AAF0-11D0-A152-00A0C908DB96}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\DirectAnimation.SpriteControl" odkazuje na neplatný objekt "{FD179533-D86E-11D0-89D6-00A0C90833E6}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\DirectAnimation.StructuredGraphicsControl" odkazuje na neplatný objekt "{369303C2-D7AC-11D0-89D5-00A0C90833E6}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\GenericAskToolbar.ToolbarWnd" odkazuje na neplatný objekt "{D4027C7F-154A-4066-A1AD-4243D8127440}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\GenericAskToolbar.ToolbarWnd.1" odkazuje na neplatný objekt "{D4027C7F-154A-4066-A1AD-4243D8127440}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\ieplugin.JQSIEStartDetectorImpl" odkazuje na neplatný objekt "{E7E6F031-17CE-4C07-BC86-EABFE594F69C}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\ieplugin.JQSIEStartDetectorImpl.1" odkazuje na neplatný objekt "{E7E6F031-17CE-4C07-BC86-EABFE594F69C}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\JavaPlugin.FamilyVersionSupport" odkazuje na neplatný objekt "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\MailFileAtt" odkazuje na neplatný objekt "{00020D05-0000-0000-C000-000000000046}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\mapifvbx.object" odkazuje na neplatný objekt "{41116C00-8B90-101B-96CD-00AA003B14FC}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\mapifvbx.object.1" odkazuje na neplatný objekt "{41116C00-8B90-101B-96CD-00AA003B14FC}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\NMUIEngine.NMUIResourceLoaderHarddisk" odkazuje na neplatný objekt "{03DC5606-EA66-4f02-AB52-2065524B03821}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt "". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "InstallShield_{4BF501B5-A37F-467F-8C91-303884F64D9A}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{125F0ACC-D3FC-402B-8D96-27F6E46D00D5}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{45D68F08-56A0-4412-BB0F-8492BE978AC7}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{558CD0A7-0548-4220-88FE-01CC1477DF61}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{5AC9F44E-06C7-41E3-A464-37177AB9105D}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{7C3E3706-8FBD-4169-9726-0A47FBF9D32A}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{901C63FD-6673-47A6-9B5F-B13E3EBFA470}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{C3CE4CED-46B0-407E-A703-7A83AAE02A36}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{DBE84DB2-1794-4244-9859-9B720CA89B4D}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{F68E3631-68ED-4970-8D77-B81FE83AA6A1}". Provedené akce: Ponecháno, neodstraněno!.

[jaro3]

Scanning may fail! File Locked [SUSPICIOUS]: D:\WINDOWS\System32\Drivers\dtscsi.sys (????)
** Scanning may fail! File Locked [SUSPICIOUS]: D:\WINDOWS\system32\Drivers\sptd.sys (????)
Patří k Daemon Tools - můžeš odinstalovat ( přeinstalovat).

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Rival\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Popiš problém s graf. kartou..

[rival]

Malwarebytes' Anti-Malware 1.41
Verzia databázy: 3255
Windows 5.1.2600 Service Pack 3

29.11.2009 10:34:19
mbam-log-2009-11-29 (10-34-14).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 105019
Uplynutý cas: 2 minute(s), 36 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 3
Infikovaných priecinkov: 0
Infikovaných súborov: 0

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
(Žiadne škodlivé položky)

tu je rychla kontrola cez malwarebytes, daemon som odinstaloval, dal som iny, chcem sa opytat este, ze ci ta kontrola mwav co kontroloval spyware je ok. pytam sa pretoze moj problem z grafikou spociva v tom, ze moj pocitac (intel core 2 duo E 7300, 4gb ram, nvidia geforce 8800 gts 512, zdroj forton blue storm II 500 W, win xp sp3) bol nedavno v oprave, reklamacii, lebo mu odisla grafika. vymenili ju za novy kus a vsetko islo ako malo, filmy sa daju pozerat atd, len ked spustim hru, akukolvek (staru, novu narocnu , nenarocnu) tak sekne po minute, dvoch. to iste zrobilo aj ked som dal test cez program FurMark. radil som sa z mnohymi na forach a podobne, aj tu som tento problem riesil, ale zatial chcel dotycny len vediet teploty. ale to som uz pisal aj inde a zistilo sa ze teplotami to nie je. poradili aby som dal iny bios, dal som ani tym to nebolo. nove, stare ovladace, ani tym to nebolo. nanovo win, ani tym to nebolo. avsak niedeky sa udeje to ze napr hra ide, vkuse bez problemov ako to byvalo pred tym,len vypnem, trebars aj pocitac, a nanovo to nejde. niekto mi povedal ze to moze byt aj virusom a je to pravdepodobne, pretoze nedavno mi odislo icq, uplne, a az tu :) som sa docital ze to sposobuje virus nejakeho rusa, avsak ja som na ziaden odkaz v icq neklikol, ved nie som .... no ale stalo sa, moj ucet posielal ludom hluposti ruske atd a mne napisalo ze mam zle heslo alebo ucet....a taktiez som sa tu docital , ze jeden clovek mal takyto podobny problem s grafikou a mu moderator povedal ze to moze byt aj virusom. preto som napisal o mojom probleme aj do sekcie hardware, a aj do hijack. este posledna vec, viem ze najjednoduchsie by bolo ist reklamovat, ale teraz sa blizi skuskove atd a nemozem prist o comp zas na mesiac a vlastne vsetko ide okrem hier...no ale predsa nechcem auto ktore ide ale nefunguje mu turbo aj ked ho tam ma. dufam ze neobtazujem, ale toto je uplne vsetko o mojom probleme. dakujem pekne uz vopred, za pripadnu radu:) jakub

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

V MWAV není nic nebezpečného, jen neplatné objekty a zbytky po vyléčených nákazách.

Zkontroloval bych ještě postupně jednotlivé RAM Memtestem , každou aspoň 2h:
http://www.stahuj.centrum.cz/utility_a_ ... i/memtest/

Vypni rez. ochrany+firewall u ESET Smart Security
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[rival]

Malwarebytes' Anti-Malware 1.41
Verzia databázy: 3255
Windows 5.1.2600 Service Pack 3

29.11.2009 11:32:15
mbam-log-2009-11-29 (11-32-15).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 105051
Uplynutý cas: 2 minute(s), 30 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 3
Infikovaných priecinkov: 0
Infikovaných súborov: 0

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
(Žiadne škodlivé položky)

tu je log, idem dalej podla postupu

[rival]

ComboFix 09-11-28.03 - Rival 29.11.2009 12:39.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3582.3097 [GMT 1:00]
Running from: d:\documents and settings\Rival\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\regedit.com
d:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-29 )))))))))))))))))))))))))))))))
.

2009-11-29 10:10 . 2009-11-29 10:10 691696 ----a-w- d:\windows\system32\drivers\sptd.sys
2009-11-29 10:10 . 2009-11-29 10:11 -------- d-----w- d:\program files\DAEMON Tools Lite
2009-11-29 10:09 . 2009-11-29 10:15 -------- d-----w- d:\documents and settings\Rival\Application Data\DAEMON Tools Lite
2009-11-29 10:09 . 2009-11-29 10:09 -------- d-----w- d:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-11-29 09:30 . 2009-11-29 09:30 -------- d-----w- d:\documents and settings\Rival\Application Data\Malwarebytes
2009-11-29 09:30 . 2009-09-10 13:54 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2009-11-29 09:30 . 2009-11-29 09:30 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-29 09:30 . 2009-09-10 13:53 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2009-11-29 09:30 . 2009-11-29 09:30 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2009-11-28 21:40 . 2009-11-28 21:40 -------- d---a-w- d:\windows\VDLL.DLL
2009-11-28 21:40 . 2009-11-28 21:40 -------- d---a-w- d:\windows\system32\runouce.exe
2009-11-28 21:40 . 2009-11-28 21:40 -------- d---a-w- d:\windows\RUNDL132.EXE
2009-11-28 21:40 . 2009-11-28 21:40 -------- d---a-w- d:\windows\logo_1.exe
2009-11-28 21:38 . 2009-11-28 21:38 554240 ----a-w- d:\windows\system32\msvcp80.dll
2009-11-28 21:38 . 2009-04-30 11:04 626688 ----a-r- d:\windows\system32\msvcr80.dll
2009-11-28 21:38 . 2009-11-28 21:38 34048 ----a-w- d:\windows\system32\eEmpty.exe
2009-11-28 21:38 . 2008-04-14 04:42 135680 ----a-w- d:\windows\system32\T.COM
2009-11-28 21:38 . 2008-04-14 04:42 146432 ----a-w- d:\windows\R.COM
2009-11-28 21:37 . 2009-11-28 21:37 -------- d-----w- d:\program files\Common Files\MicroWorld
2009-11-28 21:37 . 2009-11-28 21:37 -------- d-----w- d:\documents and settings\All Users\Application Data\MicroWorld
2009-11-27 15:25 . 2009-11-27 15:25 -------- d-----w- d:\program files\oZone3D
2009-11-27 12:03 . 2009-11-27 12:03 -------- d-----w- d:\program files\QIP
2009-11-24 17:33 . 2009-11-24 17:33 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\Rockstar Games
2009-11-24 17:27 . 2009-11-24 17:27 -------- d-----w- d:\program files\Rockstar Games
2009-11-23 12:53 . 2009-11-28 13:01 -------- d-----w- d:\documents and settings\Rival\Application Data\BitTorrent
2009-11-20 16:17 . 2009-11-20 16:17 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\images
2009-11-20 16:11 . 2009-07-08 11:05 73728 ----a-w- d:\windows\system32\RtNicProp32.dll
2009-11-20 16:11 . 2009-05-26 18:30 73728 ----a-w- d:\windows\system32\RTNUninst32.dll
2009-11-19 21:14 . 2009-11-19 21:14 -------- d-----w- d:\program files\SystemRequirementsLab
2009-11-19 20:45 . 2009-11-19 20:45 -------- d-----w- d:\program files\Trend Micro
2009-11-19 19:41 . 2009-11-19 19:41 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\Updater2
2009-11-19 19:36 . 2009-11-19 19:36 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\AntikVirtualSTB
2009-11-19 19:35 . 2009-11-23 18:06 -------- d-----w- d:\program files\AntikVirtualSTB
2009-11-18 14:02 . 2009-11-18 14:02 -------- d-----w- d:\windows\Downloaded Installations
2009-11-17 15:55 . 2009-11-18 15:26 -------- d-----w- d:\windows\PixArt
2009-11-17 15:55 . 2006-10-12 10:57 14336 ----a-w- d:\windows\system32\P207USD.dll
2009-11-17 15:38 . 2009-10-08 13:24 352256 ----a-w- d:\windows\vncutil.exe
2009-11-17 15:38 . 2009-10-23 17:53 41984 ----a-w- d:\windows\system32\RtkCoInstXP.dll
2009-11-17 15:38 . 2009-03-17 13:07 122880 ----a-w- d:\windows\RtkAudioService.exe
2009-11-17 15:38 . 2006-01-04 14:41 1389056 ----a-w- d:\windows\system32\drivers\Monfilt.sys
2009-11-17 15:38 . 2008-08-05 19:10 1684736 ----a-w- d:\windows\system32\drivers\Ambfilt.sys
2009-11-17 14:20 . 2009-11-17 14:20 -------- d-----w- D:\NVIDIA
2009-11-17 14:05 . 2009-11-17 14:05 -------- d-----w- d:\documents and settings\All Users\Application Data\InstallShield
2009-11-17 14:02 . 2009-11-17 14:02 -------- d-----w- d:\documents and settings\Rival\Application Data\AdobeUM
2009-11-17 12:45 . 2009-11-18 13:19 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\eSupport.com
2009-11-17 12:45 . 2009-11-17 12:45 23600 ----a-w- d:\windows\system32\drivers\TVICHW32.SYS
2009-11-17 12:43 . 2009-11-17 12:43 -------- d-----w- d:\windows\Sun
2009-11-15 22:16 . 2009-11-10 18:40 15688 ----a-w- d:\windows\system32\lsdelete.exe
2009-11-15 22:10 . 2009-11-15 22:10 -------- d-----w- d:\program files\ICQ6Toolbar
2009-11-15 22:10 . 2009-11-15 22:10 -------- d-----w- d:\documents and settings\All Users\Application Data\ICQ
2009-11-15 22:09 . 2009-11-20 11:09 -------- d-----w- d:\documents and settings\Rival\Application Data\ICQ
2009-11-15 22:09 . 2009-11-15 22:11 -------- d-----w- d:\program files\ICQ6.5
2009-11-13 10:08 . 2009-11-13 10:08 -------- d-----w- d:\documents and settings\LocalService\Local Settings\Application Data\NVIDIA Corporation
2009-11-13 10:08 . 2009-11-13 10:08 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\NVIDIA Corporation
2009-11-13 10:07 . 2009-11-13 10:08 -------- d-----w- d:\program files\NVIDIA nTune Performance Application
2009-11-12 08:43 . 2009-11-12 08:43 -------- d-----w- d:\documents and settings\Rival\Incomplete
2009-11-12 08:42 . 2009-11-27 09:07 -------- d-----w- d:\documents and settings\Rival\.limewire
2009-11-11 19:05 . 2009-11-11 19:06 -------- d-----w- d:\windows\NV7202332.TMP
2009-11-11 16:43 . 2009-11-11 16:43 -------- d-----w- D:\rivatuner
2009-11-10 20:02 . 2009-11-10 20:02 618 ----a-w- d:\windows\eReg.dat
2009-11-10 19:56 . 2009-11-10 19:56 -------- d-----w- D:\strongdc230
2009-11-10 19:48 . 2009-11-10 19:48 -------- d-----w- d:\documents and settings\All Users\Application Data\HP
2009-11-10 19:48 . 2009-11-10 19:48 -------- d-----w- d:\program files\Common Files\HP
2009-11-10 19:47 . 2009-11-10 19:47 -------- d-----w- d:\program files\Hewlett-Packard
2009-11-10 19:47 . 2009-11-10 19:47 -------- d-----w- d:\program files\Common Files\Hewlett-Packard
2009-11-10 19:46 . 2005-03-08 04:43 16496 ----a-r- d:\windows\system32\drivers\HPZipr12.sys
2009-11-10 19:46 . 2005-03-08 04:43 51120 ----a-r- d:\windows\system32\drivers\HPZid412.sys
2009-11-10 19:46 . 2005-03-08 04:43 21744 ----a-r- d:\windows\system32\drivers\HPZius12.sys
2009-11-10 19:46 . 2008-04-13 23:15 15104 -c--a-w- d:\windows\system32\dllcache\usbscan.sys
2009-11-10 19:46 . 2008-04-13 23:15 15104 ----a-w- d:\windows\system32\drivers\usbscan.sys
2009-11-10 19:45 . 2004-09-29 11:15 204800 ----a-w- d:\windows\system32\HPZipr12.dll
2009-11-10 19:45 . 2004-09-29 11:14 69632 ----a-w- d:\windows\system32\HPZipm12.exe
2009-11-10 19:45 . 2004-09-29 11:12 278584 ----a-w- d:\windows\system32\HPZidr12.dll
2009-11-10 19:45 . 2004-09-29 11:09 57344 ----a-w- d:\windows\system32\HPZisn12.dll
2009-11-10 19:45 . 2004-09-29 11:09 94208 ----a-w- d:\windows\system32\HPZipt12.dll
2009-11-10 19:45 . 2004-09-29 11:08 61440 ----a-w- d:\windows\system32\HPZinw12.exe
2009-11-10 19:44 . 2009-11-10 19:48 -------- d-----w- d:\program files\HP
2009-11-10 19:44 . 2008-04-13 23:15 26368 -c--a-w- d:\windows\system32\dllcache\usbstor.sys
2009-11-10 19:44 . 2008-04-13 23:17 25856 -c--a-w- d:\windows\system32\dllcache\usbprint.sys
2009-11-10 19:44 . 2008-04-13 23:17 25856 ----a-w- d:\windows\system32\drivers\usbprint.sys
2009-11-10 19:43 . 2009-11-10 19:49 112876 ----a-w- d:\windows\hpoins07.dat
2009-11-10 19:43 . 2005-05-24 02:48 21124 ------w- d:\windows\hpomdl07.dat
2009-11-10 19:42 . 2009-11-10 19:42 -------- d-----w- d:\documents and settings\Rival\Application Data\HP
2009-11-10 19:41 . 2009-11-10 20:44 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\Eraser
2009-11-10 19:39 . 2009-06-10 13:22 83344 ----a-w- d:\windows\system32\Erasext.dll
2009-11-10 19:39 . 2009-06-10 13:22 307088 ----a-w- d:\windows\system32\Eraser.dll
2009-11-10 19:39 . 2009-06-10 13:22 73104 ----a-w- d:\windows\system32\Eraserl.exe
2009-11-10 19:39 . 2009-11-10 19:39 -------- d-----w- d:\program files\Eraser
2009-11-10 19:28 . 2006-11-20 08:04 6656 ----a-w- d:\windows\system32\CoInst_070301.dll
2009-11-10 19:26 . 2008-11-10 10:41 32656 ----a-w- d:\windows\system32\msonpmon.dll
2009-11-10 19:25 . 2009-11-10 19:27 -------- d-----w- d:\program files\Microsoft Works
2009-11-10 19:25 . 2009-11-10 19:25 -------- d-----w- d:\program files\MSBuild
2009-11-10 19:23 . 2009-11-10 19:23 -------- d-----w- d:\windows\SHELLNEW
2009-11-10 19:23 . 2009-11-10 19:23 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\Microsoft Help
2009-11-10 19:23 . 2009-11-10 19:29 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-10 19:23 . 2009-11-10 19:23 -------- d-----r- D:\MSOCache
2009-11-10 19:22 . 2009-11-10 19:22 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\ESET
2009-11-10 19:20 . 2009-11-14 16:33 -------- d-----w- d:\program files\ELIS
2009-11-10 19:20 . 2009-11-10 19:20 -------- d-----w- d:\documents and settings\Rival\WINDOWS
2009-11-10 19:20 . 1998-10-29 15:45 306688 ----a-w- d:\windows\IsUninst.exe
2009-11-10 19:18 . 2009-11-10 19:18 -------- d-----w- d:\program files\CCleaner
2009-11-10 19:14 . 2009-11-10 19:14 -------- d-----w- d:\program files\BitTorrent
2009-11-10 19:13 . 2009-11-10 19:31 -------- d-----w- d:\program files\Java
2009-11-10 19:13 . 2009-11-10 19:13 -------- d-----w- d:\program files\Common Files\Java
2009-11-10 19:13 . 2009-11-10 19:13 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150010}
2009-11-10 19:11 . 2009-11-12 08:43 -------- d-----w- d:\program files\LimeWire
2009-11-10 19:10 . 2009-11-24 19:26 -------- d-----w- d:\documents and settings\Rival\Application Data\vlc
2009-11-10 19:10 . 2009-11-10 19:10 -------- d-----w- d:\program files\VideoLAN
2009-11-10 19:09 . 2009-11-10 19:09 56 ---ha-w- d:\windows\system32\ezsidmv.dat
2009-11-10 19:09 . 2009-11-17 16:00 -------- d-----w- d:\documents and settings\Rival\Application Data\skypePM
2009-11-10 19:08 . 2009-11-18 14:03 -------- d-----w- d:\documents and settings\Rival\Application Data\Skype
2009-11-10 19:08 . 2009-11-10 19:08 -------- d-----w- d:\program files\Common Files\Skype
2009-11-10 19:08 . 2009-11-10 19:33 -------- d-----r- d:\program files\Skype
2009-11-10 19:08 . 2009-11-10 19:08 -------- d-----w- d:\documents and settings\All Users\Application Data\Skype
2009-11-10 19:02 . 2009-11-10 19:02 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\Identities
2009-11-10 19:02 . 2009-11-11 16:06 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\Ahead
2009-11-10 19:01 . 2009-11-11 16:07 -------- d-----w- d:\documents and settings\Rival\Application Data\Ahead
2009-11-10 19:01 . 2009-11-10 19:01 -------- d-----w- d:\documents and settings\All Users\Application Data\Ahead
2009-11-10 19:00 . 2009-11-10 19:01 -------- d-----w- d:\program files\Common Files\Ahead
2009-11-10 19:00 . 2009-11-10 19:00 -------- d-----w- d:\documents and settings\All Users\Application Data\Nero
2009-11-10 19:00 . 2009-11-10 19:00 -------- d-----w- d:\program files\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-29 11:36 . 2009-11-10 18:12 16608 ----a-w- d:\windows\gdrv.sys
2009-11-26 09:49 . 2009-11-10 18:40 3695616 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-25 20:38 . 2009-11-10 18:13 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-11-18 13:08 . 2009-11-10 19:19 -------- d-----w- d:\program files\Winamp
2009-11-17 14:05 . 2009-11-10 18:13 -------- d-----w- d:\program files\GIGABYTE
2009-11-17 14:05 . 2009-11-10 18:13 -------- d-----w- d:\program files\Common Files\InstallShield
2009-11-13 10:08 . 2009-11-10 18:29 -------- d-----w- d:\program files\NVIDIA Corporation
2009-11-11 10:50 . 2009-11-10 18:52 -------- d-----w- d:\documents and settings\Rival\Application Data\BSplayer PRO
2009-11-10 19:36 . 2009-11-10 17:59 70088 ----a-w- d:\documents and settings\Rival\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-10 19:31 . 2009-11-10 19:31 411368 ----a-w- d:\windows\system32\deploytk.dll
2009-11-10 19:31 . 2009-11-10 19:31 152576 ----a-w- d:\documents and settings\Rival\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-10 19:31 . 2009-11-10 19:31 79488 ----a-w- d:\documents and settings\Rival\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-10 18:55 . 2009-11-10 18:55 223128 ----a-w- d:\windows\system32\drivers\dtscsi.sys.15645381
2009-11-10 18:54 . 2009-11-10 18:54 642560 ----a-w- d:\windows\system32\drivers\sptd.sys.14179210
2009-11-10 18:53 . 2009-11-10 18:53 -------- d-----w- d:\documents and settings\Rival\Application Data\CyberLink
2009-11-10 18:53 . 2009-11-10 18:53 -------- d-----w- d:\documents and settings\All Users\Application Data\CyberLink
2009-11-10 18:53 . 2009-11-10 18:53 -------- d-----w- d:\program files\CyberLink
2009-11-10 18:52 . 2009-11-10 18:52 -------- d-----w- d:\program files\Webteh
2009-11-10 18:51 . 2009-11-10 18:51 -------- d-----w- d:\program files\Codec Pack - All In 1
2009-11-10 18:50 . 2009-11-10 18:51 737280 ----a-w- d:\windows\iun6002.exe
2009-11-10 18:47 . 2009-11-10 18:47 -------- d-----w- d:\documents and settings\All Users\Application Data\FLEXnet
2009-11-10 18:47 . 2009-11-10 18:44 -------- d-----w- d:\program files\Common Files\Adobe
2009-11-10 18:47 . 2009-11-10 18:47 -------- d-----w- d:\program files\Common Files\Macrovision Shared
2009-11-10 18:39 . 2009-11-10 18:39 -------- dc-h--w- d:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-11-10 18:39 . 2009-11-10 18:39 -------- d-----w- d:\program files\Lavasoft
2009-11-10 18:37 . 2009-11-10 18:37 -------- d-----w- d:\documents and settings\Rival\Application Data\ESET
2009-11-10 18:36 . 2009-11-10 18:36 -------- d-----w- d:\program files\ESET
2009-11-10 18:36 . 2009-11-10 18:36 -------- d-----w- d:\documents and settings\All Users\Application Data\ESET
2009-11-10 18:34 . 2009-11-10 18:34 0 ----a-w- d:\windows\nsreg.dat
2009-11-10 18:29 . 2009-11-10 18:29 -------- d-----w- d:\program files\AGEIA Technologies
2009-11-10 18:29 . 2009-11-10 18:29 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2009-11-10 18:29 . 2009-11-10 18:29 -------- d-----w- d:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-11-10 18:18 . 2009-11-10 18:16 -------- d-----w- d:\program files\Realtek
2009-11-10 18:18 . 2009-11-10 18:18 -------- d-----w- d:\documents and settings\Rival\Application Data\InstallShield
2009-11-10 18:14 . 2009-11-10 18:14 -------- d-----w- d:\program files\Intel
2009-11-10 18:10 . 2009-11-10 17:53 5938 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-11-10 18:10 . 2009-11-10 17:53 166455 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-10 18:06 . 2009-11-10 17:53 8972 ----a-w- d:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-11-10 17:54 . 2009-11-10 17:54 -------- d-----w- d:\program files\microsoft frontpage
2009-11-10 17:51 . 2009-11-10 17:51 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2009-11-10 17:51 . 2009-11-10 17:51 -------- d-----w- d:\program files\Windows Media Connect 2
2009-10-30 18:49 . 2009-11-10 18:18 176768 ----a-w- d:\windows\system32\drivers\Rtenicxp.sys
2009-10-28 10:35 . 2009-11-10 18:16 5937152 ----a-w- d:\windows\system32\drivers\RtkHDAud.sys
2009-10-16 12:59 . 2009-11-10 18:16 18782720 ----a-w- d:\windows\RTHDCPL.EXE
2009-09-27 17:19 . 2009-09-27 17:19 3674112 ----a-w- d:\windows\system32\nvwssr.dll
2009-09-27 15:12 . 2009-11-10 18:06 5900416 ----a-w- d:\windows\system32\nv4_disp.dll
2009-09-27 15:12 . 2009-11-10 18:04 7655872 ----a-w- d:\windows\system32\drivers\nv4_mini.sys
2009-09-27 15:12 . 2009-09-27 15:12 888832 ----a-w- d:\windows\system32\nvapi.dll
2009-09-27 15:12 . 2009-09-27 15:12 2194024 ----a-w- d:\windows\system32\nvcuvid.dll
2009-09-27 15:12 . 2009-09-27 15:12 1714792 ----a-w- d:\windows\system32\nvcuvenc.dll
2009-09-27 15:12 . 2009-09-27 15:12 170600 ----a-w- d:\windows\system32\nvcodins.dll
2009-09-27 15:12 . 2009-09-27 15:12 170600 ----a-w- d:\windows\system32\nvcod.dll
2009-09-27 15:12 . 2009-09-27 15:12 1604482 ----a-w- d:\windows\system32\nvdata.bin
2009-09-27 15:12 . 2009-09-27 15:12 10756096 ----a-w- d:\windows\system32\nvoglnt.dll
2009-09-27 15:12 . 2007-12-04 17:41 2007040 ----a-w- d:\windows\system32\nvcuda.dll
2009-09-04 17:01 . 2009-09-04 17:01 525656 ----a-w- D:\DXSETUP.exe
2009-09-04 17:01 . 2009-09-04 17:01 94024 ----a-w- D:\DSETUP.dll
2009-09-04 17:01 . 2009-09-04 17:01 1691464 ----a-w- D:\dsetup32.dll
2009-09-04 16:44 . 2009-11-11 19:21 515416 ----a-w- d:\windows\system32\XAudio2_5.dll
2009-09-04 16:44 . 2009-11-11 19:21 238936 ----a-w- d:\windows\system32\xactengine3_5.dll
2009-09-04 16:44 . 2009-11-11 19:21 69464 ----a-w- d:\windows\system32\XAPOFX1_3.dll
2009-09-04 16:29 . 2009-11-11 19:21 453456 ----a-w- d:\windows\system32\d3dx10_42.dll
2009-09-04 16:29 . 2009-11-11 19:21 235344 ----a-w- d:\windows\system32\d3dx11_42.dll
2009-09-04 16:29 . 2009-11-11 19:21 5501792 ----a-w- d:\windows\system32\d3dcsx_42.dll
2009-09-04 16:29 . 2009-11-11 19:21 1974616 ----a-w- d:\windows\system32\D3DCompiler_42.dll
2009-09-04 16:29 . 2009-11-11 19:21 1892184 ----a-w- d:\windows\system32\D3DX9_42.dll
.

------- Sigcheck -------

[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . d:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2007-05-21 . DA297A862E5F093A07D37C05F608C686 . 3582976 . . [7.00.6000.20544] . . d:\windows\system32\mshtml.dll
[-] 2007-05-21 . DA297A862E5F093A07D37C05F608C686 . 3582976 . . [7.00.6000.20544] . . d:\windows\system32\dllcache\mshtml.dll

[7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . d:\windows\ServicePackFiles\i386\wininet.dll
[-] 2007-05-21 . B8F4DB39CA7353752F245379D285C80E . 823296 . . [7.00.6000.20544] . . d:\windows\system32\wininet.dll
[-] 2007-05-21 . B8F4DB39CA7353752F245379D285C80E . 823296 . . [7.00.6000.20544] . . d:\windows\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="d:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe clear" [X]
"ICQ"="d:\progra~1\ICQ6.5\ICQ.exe silent" [X]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="d:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"Ad-Watch"="d:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-11-10 520024]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"nwiz"="d:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.EXE [2009-10-16 18782720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - d:\windows\Installer\{AC76BA86-1029-0000-7760-000000000003}\_SC_Acrobat.exe [2009-11-10 295606]
Adobe Acrobat Synchronizer.lnk - d:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2009-11-23 738968]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=d:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Hry\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=

R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [10.11.2009 19:40 64160]
R2 ekrn;Eset Service;d:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
R2 GEST Service;GEST Service for program management.;d:\program files\GIGABYTE\EnergySaver\GSvr.exe [10.11.2009 19:13 80392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 22:34 1028432]
S0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [29.11.2009 11:10 691696]
S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys [17.11.2009 16:38 1684736]
S3 PAC207;Look 110;d:\windows\system32\DRIVERS\PFC027.SYS --> d:\windows\system32\DRIVERS\PFC027.SYS [?]
S3 TVICHW32;TVICHW32;d:\windows\system32\drivers\TVICHW32.SYS [17.11.2009 13:45 23600]
.
Contents of the 'Scheduled Tasks' folder

2009-11-24 d:\windows\Tasks\Ad-Aware Update (Weekly).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 18:40]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Previesť cieľ odkazu do Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Previesť cieľ odkazu do existujúceho PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Previesť do Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Previesť vybraté odkazy do Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Previesť vybraté odkazy do existujúceho PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Previesť výber do Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Previesť výber do existujúceho PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Pridať do existujúceho súboru PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
FF - ProfilePath - d:\documents and settings\Rival\Application Data\Mozilla\Firefox\Profiles\a08aqzya.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://sk.start3.mozilla.com/firefox?cl ... k:official
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Ad-Aware - d:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-NVIDIA Drivers - d:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-29 12:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\d:\program files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2009-11-29 12:42
ComboFix-quarantined-files.txt 2009-11-29 11:42

Pre-Run: 32 508 043 264 bytes free
Post-Run: 13 adresárov, 32 765 415 424 voľných bajtov

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 56BF4B6E23292395E5BB3ADEA8713AD3

tu je log z combofixu, prebehol som aj pamät mem testom - 4 memtesty po 767 mb, vsetko preslo cez 100% a with 0 errors, asi 25 minut to bezalo.

[jaro3]

Memtest , je třeba každou paměť nejméně 2 hodiny,jinak to nemá cenu.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
d:\windows\nsreg.dat

Folder::
d:\windows\system32\runouce.exe

Firefox::
FF - ProfilePath - d:\documents and settings\Rival\Application Data\Mozilla\Firefox\Profiles\a08aqzya.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT


Toto otestuj na Virustotal
d:\windows\system32\HPZinw12.exe
d:\windows\system32\drivers\dtscsi.sys.15645381
d:\windows\system32\drivers\sptd.sys.14179210
d:\windows\system32\mshtml.dll
d:\windows\system32\wininet.dll
Vlož sem pak odkazy na stránky výsledků.

Koukni do správce úloh kolik vytěžuje procesor tento soubor:
d:\windows\system32\HPZinw12.exe

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat

[rival]

ComboFix 09-11-28.04 - Rival 29.11.2009 14:42.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3582.3016 [GMT 1:00]
Running from: d:\documents and settings\Rival\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Rival\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active


FILE ::
"d:\windows\nsreg.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\nsreg.dat
d:\windows\system32\runouce.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-29 )))))))))))))))))))))))))))))))
.

2009-11-29 10:10 . 2009-11-29 10:10 691696 ----a-w- d:\windows\system32\drivers\sptd.sys
2009-11-29 10:10 . 2009-11-29 10:11 -------- d-----w- d:\program files\DAEMON Tools Lite
2009-11-29 10:09 . 2009-11-29 10:15 -------- d-----w- d:\documents and settings\Rival\Application Data\DAEMON Tools Lite
2009-11-29 10:09 . 2009-11-29 10:09 -------- d-----w- d:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-11-29 09:30 . 2009-11-29 09:30 -------- d-----w- d:\documents and settings\Rival\Application Data\Malwarebytes
2009-11-29 09:30 . 2009-09-10 13:54 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2009-11-29 09:30 . 2009-11-29 09:30 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-29 09:30 . 2009-09-10 13:53 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2009-11-29 09:30 . 2009-11-29 09:30 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2009-11-28 21:40 . 2009-11-28 21:40 -------- d---a-w- d:\windows\VDLL.DLL
2009-11-28 21:40 . 2009-11-28 21:40 -------- d---a-w- d:\windows\RUNDL132.EXE
2009-11-28 21:40 . 2009-11-28 21:40 -------- d---a-w- d:\windows\logo_1.exe
2009-11-28 21:38 . 2009-11-28 21:38 554240 ----a-w- d:\windows\system32\msvcp80.dll
2009-11-28 21:38 . 2009-04-30 11:04 626688 ----a-r- d:\windows\system32\msvcr80.dll
2009-11-28 21:38 . 2009-11-28 21:38 34048 ----a-w- d:\windows\system32\eEmpty.exe
2009-11-28 21:38 . 2008-04-14 04:42 135680 ----a-w- d:\windows\system32\T.COM
2009-11-28 21:38 . 2008-04-14 04:42 146432 ----a-w- d:\windows\R.COM
2009-11-28 21:37 . 2009-11-28 21:37 -------- d-----w- d:\program files\Common Files\MicroWorld
2009-11-28 21:37 . 2009-11-28 21:37 -------- d-----w- d:\documents and settings\All Users\Application Data\MicroWorld
2009-11-27 15:25 . 2009-11-27 15:25 -------- d-----w- d:\program files\oZone3D
2009-11-27 12:03 . 2009-11-27 12:03 -------- d-----w- d:\program files\QIP
2009-11-24 17:33 . 2009-11-24 17:33 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\Rockstar Games
2009-11-24 17:27 . 2009-11-24 17:27 -------- d-----w- d:\program files\Rockstar Games
2009-11-23 12:53 . 2009-11-28 13:01 -------- d-----w- d:\documents and settings\Rival\Application Data\BitTorrent
2009-11-20 16:17 . 2009-11-20 16:17 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\images
2009-11-20 16:11 . 2009-07-08 11:05 73728 ----a-w- d:\windows\system32\RtNicProp32.dll
2009-11-20 16:11 . 2009-05-26 18:30 73728 ----a-w- d:\windows\system32\RTNUninst32.dll
2009-11-19 21:14 . 2009-11-19 21:14 -------- d-----w- d:\program files\SystemRequirementsLab
2009-11-19 20:45 . 2009-11-19 20:45 -------- d-----w- d:\program files\Trend Micro
2009-11-19 19:41 . 2009-11-19 19:41 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\Updater2
2009-11-19 19:36 . 2009-11-19 19:36 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\AntikVirtualSTB
2009-11-19 19:35 . 2009-11-23 18:06 -------- d-----w- d:\program files\AntikVirtualSTB
2009-11-18 14:02 . 2009-11-18 14:02 -------- d-----w- d:\windows\Downloaded Installations
2009-11-17 15:55 . 2009-11-18 15:26 -------- d-----w- d:\windows\PixArt
2009-11-17 15:55 . 2006-10-12 10:57 14336 ----a-w- d:\windows\system32\P207USD.dll
2009-11-17 15:38 . 2009-10-08 13:24 352256 ----a-w- d:\windows\vncutil.exe
2009-11-17 15:38 . 2009-10-23 17:53 41984 ----a-w- d:\windows\system32\RtkCoInstXP.dll
2009-11-17 15:38 . 2009-03-17 13:07 122880 ----a-w- d:\windows\RtkAudioService.exe
2009-11-17 15:38 . 2006-01-04 14:41 1389056 ----a-w- d:\windows\system32\drivers\Monfilt.sys
2009-11-17 15:38 . 2008-08-05 19:10 1684736 ----a-w- d:\windows\system32\drivers\Ambfilt.sys
2009-11-17 14:20 . 2009-11-17 14:20 -------- d-----w- D:\NVIDIA
2009-11-17 14:05 . 2009-11-17 14:05 -------- d-----w- d:\documents and settings\All Users\Application Data\InstallShield
2009-11-17 14:02 . 2009-11-17 14:02 -------- d-----w- d:\documents and settings\Rival\Application Data\AdobeUM
2009-11-17 12:45 . 2009-11-18 13:19 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\eSupport.com
2009-11-17 12:45 . 2009-11-17 12:45 23600 ----a-w- d:\windows\system32\drivers\TVICHW32.SYS
2009-11-17 12:43 . 2009-11-17 12:43 -------- d-----w- d:\windows\Sun
2009-11-15 22:16 . 2009-11-10 18:40 15688 ----a-w- d:\windows\system32\lsdelete.exe
2009-11-15 22:10 . 2009-11-15 22:10 -------- d-----w- d:\program files\ICQ6Toolbar
2009-11-15 22:10 . 2009-11-15 22:10 -------- d-----w- d:\documents and settings\All Users\Application Data\ICQ
2009-11-15 22:09 . 2009-11-20 11:09 -------- d-----w- d:\documents and settings\Rival\Application Data\ICQ
2009-11-15 22:09 . 2009-11-15 22:11 -------- d-----w- d:\program files\ICQ6.5
2009-11-13 10:08 . 2009-11-13 10:08 -------- d-----w- d:\documents and settings\LocalService\Local Settings\Application Data\NVIDIA Corporation
2009-11-13 10:08 . 2009-11-13 10:08 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\NVIDIA Corporation
2009-11-13 10:07 . 2009-11-13 10:08 -------- d-----w- d:\program files\NVIDIA nTune Performance Application
2009-11-12 08:43 . 2009-11-12 08:43 -------- d-----w- d:\documents and settings\Rival\Incomplete
2009-11-12 08:42 . 2009-11-27 09:07 -------- d-----w- d:\documents and settings\Rival\.limewire
2009-11-11 19:05 . 2009-11-11 19:06 -------- d-----w- d:\windows\NV7202332.TMP
2009-11-11 16:43 . 2009-11-11 16:43 -------- d-----w- D:\rivatuner
2009-11-10 20:02 . 2009-11-10 20:02 618 ----a-w- d:\windows\eReg.dat
2009-11-10 19:56 . 2009-11-10 19:56 -------- d-----w- D:\strongdc230
2009-11-10 19:48 . 2009-11-10 19:48 -------- d-----w- d:\documents and settings\All Users\Application Data\HP
2009-11-10 19:48 . 2009-11-10 19:48 -------- d-----w- d:\program files\Common Files\HP
2009-11-10 19:47 . 2009-11-10 19:47 -------- d-----w- d:\program files\Hewlett-Packard
2009-11-10 19:47 . 2009-11-10 19:47 -------- d-----w- d:\program files\Common Files\Hewlett-Packard
2009-11-10 19:46 . 2005-03-08 04:43 16496 ----a-r- d:\windows\system32\drivers\HPZipr12.sys
2009-11-10 19:46 . 2005-03-08 04:43 51120 ----a-r- d:\windows\system32\drivers\HPZid412.sys
2009-11-10 19:46 . 2005-03-08 04:43 21744 ----a-r- d:\windows\system32\drivers\HPZius12.sys
2009-11-10 19:46 . 2008-04-13 23:15 15104 -c--a-w- d:\windows\system32\dllcache\usbscan.sys
2009-11-10 19:46 . 2008-04-13 23:15 15104 ----a-w- d:\windows\system32\drivers\usbscan.sys
2009-11-10 19:45 . 2004-09-29 11:15 204800 ----a-w- d:\windows\system32\HPZipr12.dll
2009-11-10 19:45 . 2004-09-29 11:14 69632 ----a-w- d:\windows\system32\HPZipm12.exe
2009-11-10 19:45 . 2004-09-29 11:12 278584 ----a-w- d:\windows\system32\HPZidr12.dll
2009-11-10 19:45 . 2004-09-29 11:09 57344 ----a-w- d:\windows\system32\HPZisn12.dll
2009-11-10 19:45 . 2004-09-29 11:09 94208 ----a-w- d:\windows\system32\HPZipt12.dll
2009-11-10 19:45 . 2004-09-29 11:08 61440 ----a-w- d:\windows\system32\HPZinw12.exe
2009-11-10 19:44 . 2009-11-10 19:48 -------- d-----w- d:\program files\HP
2009-11-10 19:44 . 2008-04-13 23:15 26368 -c--a-w- d:\windows\system32\dllcache\usbstor.sys
2009-11-10 19:44 . 2008-04-13 23:17 25856 -c--a-w- d:\windows\system32\dllcache\usbprint.sys
2009-11-10 19:44 . 2008-04-13 23:17 25856 ----a-w- d:\windows\system32\drivers\usbprint.sys
2009-11-10 19:43 . 2009-11-10 19:49 112876 ----a-w- d:\windows\hpoins07.dat
2009-11-10 19:43 . 2005-05-24 02:48 21124 ------w- d:\windows\hpomdl07.dat
2009-11-10 19:42 . 2009-11-10 19:42 -------- d-----w- d:\documents and settings\Rival\Application Data\HP
2009-11-10 19:41 . 2009-11-10 20:44 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\Eraser
2009-11-10 19:39 . 2009-06-10 13:22 83344 ----a-w- d:\windows\system32\Erasext.dll
2009-11-10 19:39 . 2009-06-10 13:22 307088 ----a-w- d:\windows\system32\Eraser.dll
2009-11-10 19:39 . 2009-06-10 13:22 73104 ----a-w- d:\windows\system32\Eraserl.exe
2009-11-10 19:39 . 2009-11-10 19:39 -------- d-----w- d:\program files\Eraser
2009-11-10 19:28 . 2006-11-20 08:04 6656 ----a-w- d:\windows\system32\CoInst_070301.dll
2009-11-10 19:26 . 2008-11-10 10:41 32656 ----a-w- d:\windows\system32\msonpmon.dll
2009-11-10 19:25 . 2009-11-10 19:27 -------- d-----w- d:\program files\Microsoft Works
2009-11-10 19:25 . 2009-11-10 19:25 -------- d-----w- d:\program files\MSBuild
2009-11-10 19:23 . 2009-11-10 19:23 -------- d-----w- d:\windows\SHELLNEW
2009-11-10 19:23 . 2009-11-10 19:23 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\Microsoft Help
2009-11-10 19:23 . 2009-11-10 19:29 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-10 19:23 . 2009-11-10 19:23 -------- d-----r- D:\MSOCache
2009-11-10 19:22 . 2009-11-10 19:22 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\ESET
2009-11-10 19:20 . 2009-11-14 16:33 -------- d-----w- d:\program files\ELIS
2009-11-10 19:20 . 2009-11-10 19:20 -------- d-----w- d:\documents and settings\Rival\WINDOWS
2009-11-10 19:20 . 1998-10-29 15:45 306688 ----a-w- d:\windows\IsUninst.exe
2009-11-10 19:18 . 2009-11-10 19:18 -------- d-----w- d:\program files\CCleaner
2009-11-10 19:14 . 2009-11-10 19:14 -------- d-----w- d:\program files\BitTorrent
2009-11-10 19:13 . 2009-11-10 19:31 -------- d-----w- d:\program files\Java
2009-11-10 19:13 . 2009-11-10 19:13 -------- d-----w- d:\program files\Common Files\Java
2009-11-10 19:13 . 2009-11-10 19:13 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150010}
2009-11-10 19:11 . 2009-11-12 08:43 -------- d-----w- d:\program files\LimeWire
2009-11-10 19:10 . 2009-11-24 19:26 -------- d-----w- d:\documents and settings\Rival\Application Data\vlc
2009-11-10 19:10 . 2009-11-10 19:10 -------- d-----w- d:\program files\VideoLAN
2009-11-10 19:09 . 2009-11-10 19:09 56 ---ha-w- d:\windows\system32\ezsidmv.dat
2009-11-10 19:09 . 2009-11-17 16:00 -------- d-----w- d:\documents and settings\Rival\Application Data\skypePM
2009-11-10 19:08 . 2009-11-18 14:03 -------- d-----w- d:\documents and settings\Rival\Application Data\Skype
2009-11-10 19:08 . 2009-11-10 19:08 -------- d-----w- d:\program files\Common Files\Skype
2009-11-10 19:08 . 2009-11-10 19:33 -------- d-----r- d:\program files\Skype
2009-11-10 19:08 . 2009-11-10 19:08 -------- d-----w- d:\documents and settings\All Users\Application Data\Skype
2009-11-10 19:02 . 2009-11-10 19:02 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\Identities
2009-11-10 19:02 . 2009-11-11 16:06 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\Ahead
2009-11-10 19:01 . 2009-11-11 16:07 -------- d-----w- d:\documents and settings\Rival\Application Data\Ahead
2009-11-10 19:01 . 2009-11-10 19:01 -------- d-----w- d:\documents and settings\All Users\Application Data\Ahead
2009-11-10 19:00 . 2009-11-10 19:01 -------- d-----w- d:\program files\Common Files\Ahead
2009-11-10 19:00 . 2009-11-10 19:00 -------- d-----w- d:\documents and settings\All Users\Application Data\Nero
2009-11-10 19:00 . 2009-11-10 19:00 -------- d-----w- d:\program files\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-29 13:46 . 2009-11-10 18:12 16608 ----a-w- d:\windows\gdrv.sys
2009-11-26 09:49 . 2009-11-10 18:40 3695616 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-25 20:38 . 2009-11-10 18:13 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-11-18 13:08 . 2009-11-10 19:19 -------- d-----w- d:\program files\Winamp
2009-11-17 14:05 . 2009-11-10 18:13 -------- d-----w- d:\program files\GIGABYTE
2009-11-17 14:05 . 2009-11-10 18:13 -------- d-----w- d:\program files\Common Files\InstallShield
2009-11-13 10:08 . 2009-11-10 18:29 -------- d-----w- d:\program files\NVIDIA Corporation
2009-11-11 10:50 . 2009-11-10 18:52 -------- d-----w- d:\documents and settings\Rival\Application Data\BSplayer PRO
2009-11-10 19:36 . 2009-11-10 17:59 70088 ----a-w- d:\documents and settings\Rival\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-10 19:31 . 2009-11-10 19:31 411368 ----a-w- d:\windows\system32\deploytk.dll
2009-11-10 19:31 . 2009-11-10 19:31 152576 ----a-w- d:\documents and settings\Rival\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-10 19:31 . 2009-11-10 19:31 79488 ----a-w- d:\documents and settings\Rival\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-10 18:55 . 2009-11-10 18:55 223128 ----a-w- d:\windows\system32\drivers\dtscsi.sys.15645381
2009-11-10 18:54 . 2009-11-10 18:54 642560 ----a-w- d:\windows\system32\drivers\sptd.sys.14179210
2009-11-10 18:53 . 2009-11-10 18:53 -------- d-----w- d:\documents and settings\Rival\Application Data\CyberLink
2009-11-10 18:53 . 2009-11-10 18:53 -------- d-----w- d:\documents and settings\All Users\Application Data\CyberLink
2009-11-10 18:53 . 2009-11-10 18:53 -------- d-----w- d:\program files\CyberLink
2009-11-10 18:52 . 2009-11-10 18:52 -------- d-----w- d:\program files\Webteh
2009-11-10 18:51 . 2009-11-10 18:51 -------- d-----w- d:\program files\Codec Pack - All In 1
2009-11-10 18:50 . 2009-11-10 18:51 737280 ----a-w- d:\windows\iun6002.exe
2009-11-10 18:47 . 2009-11-10 18:47 -------- d-----w- d:\documents and settings\All Users\Application Data\FLEXnet
2009-11-10 18:47 . 2009-11-10 18:44 -------- d-----w- d:\program files\Common Files\Adobe
2009-11-10 18:47 . 2009-11-10 18:47 -------- d-----w- d:\program files\Common Files\Macrovision Shared
2009-11-10 18:39 . 2009-11-10 18:39 -------- dc-h--w- d:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-11-10 18:39 . 2009-11-10 18:39 -------- d-----w- d:\program files\Lavasoft
2009-11-10 18:37 . 2009-11-10 18:37 -------- d-----w- d:\documents and settings\Rival\Application Data\ESET
2009-11-10 18:36 . 2009-11-10 18:36 -------- d-----w- d:\program files\ESET
2009-11-10 18:36 . 2009-11-10 18:36 -------- d-----w- d:\documents and settings\All Users\Application Data\ESET
2009-11-10 18:29 . 2009-11-10 18:29 -------- d-----w- d:\program files\AGEIA Technologies
2009-11-10 18:29 . 2009-11-10 18:29 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2009-11-10 18:29 . 2009-11-10 18:29 -------- d-----w- d:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-11-10 18:18 . 2009-11-10 18:16 -------- d-----w- d:\program files\Realtek
2009-11-10 18:18 . 2009-11-10 18:18 -------- d-----w- d:\documents and settings\Rival\Application Data\InstallShield
2009-11-10 18:14 . 2009-11-10 18:14 -------- d-----w- d:\program files\Intel
2009-11-10 18:10 . 2009-11-10 17:53 5938 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-11-10 18:10 . 2009-11-10 17:53 166455 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-10 18:06 . 2009-11-10 17:53 8972 ----a-w- d:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-11-10 17:54 . 2009-11-10 17:54 -------- d-----w- d:\program files\microsoft frontpage
2009-11-10 17:51 . 2009-11-10 17:51 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2009-11-10 17:51 . 2009-11-10 17:51 -------- d-----w- d:\program files\Windows Media Connect 2
2009-10-30 18:49 . 2009-11-10 18:18 176768 ----a-w- d:\windows\system32\drivers\Rtenicxp.sys
2009-10-28 10:35 . 2009-11-10 18:16 5937152 ----a-w- d:\windows\system32\drivers\RtkHDAud.sys
2009-10-16 12:59 . 2009-11-10 18:16 18782720 ----a-w- d:\windows\RTHDCPL.EXE
2009-09-27 17:19 . 2009-09-27 17:19 3674112 ----a-w- d:\windows\system32\nvwssr.dll
2009-09-27 15:12 . 2009-11-10 18:06 5900416 ----a-w- d:\windows\system32\nv4_disp.dll
2009-09-27 15:12 . 2009-11-10 18:04 7655872 ----a-w- d:\windows\system32\drivers\nv4_mini.sys
2009-09-27 15:12 . 2009-09-27 15:12 888832 ----a-w- d:\windows\system32\nvapi.dll
2009-09-27 15:12 . 2009-09-27 15:12 2194024 ----a-w- d:\windows\system32\nvcuvid.dll
2009-09-27 15:12 . 2009-09-27 15:12 1714792 ----a-w- d:\windows\system32\nvcuvenc.dll
2009-09-27 15:12 . 2009-09-27 15:12 170600 ----a-w- d:\windows\system32\nvcodins.dll
2009-09-27 15:12 . 2009-09-27 15:12 170600 ----a-w- d:\windows\system32\nvcod.dll
2009-09-27 15:12 . 2009-09-27 15:12 1604482 ----a-w- d:\windows\system32\nvdata.bin
2009-09-27 15:12 . 2009-09-27 15:12 10756096 ----a-w- d:\windows\system32\nvoglnt.dll
2009-09-27 15:12 . 2007-12-04 17:41 2007040 ----a-w- d:\windows\system32\nvcuda.dll
2009-09-04 17:01 . 2009-09-04 17:01 525656 ----a-w- D:\DXSETUP.exe
2009-09-04 17:01 . 2009-09-04 17:01 94024 ----a-w- D:\DSETUP.dll
2009-09-04 17:01 . 2009-09-04 17:01 1691464 ----a-w- D:\dsetup32.dll
2009-09-04 16:44 . 2009-11-11 19:21 515416 ----a-w- d:\windows\system32\XAudio2_5.dll
2009-09-04 16:44 . 2009-11-11 19:21 238936 ----a-w- d:\windows\system32\xactengine3_5.dll
2009-09-04 16:44 . 2009-11-11 19:21 69464 ----a-w- d:\windows\system32\XAPOFX1_3.dll
2009-09-04 16:29 . 2009-11-11 19:21 453456 ----a-w- d:\windows\system32\d3dx10_42.dll
2009-09-04 16:29 . 2009-11-11 19:21 235344 ----a-w- d:\windows\system32\d3dx11_42.dll
2009-09-04 16:29 . 2009-11-11 19:21 5501792 ----a-w- d:\windows\system32\d3dcsx_42.dll
2009-09-04 16:29 . 2009-11-11 19:21 1974616 ----a-w- d:\windows\system32\D3DCompiler_42.dll
2009-09-04 16:29 . 2009-11-11 19:21 1892184 ----a-w- d:\windows\system32\D3DX9_42.dll
.

------- Sigcheck -------

[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . d:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2007-05-21 . DA297A862E5F093A07D37C05F608C686 . 3582976 . . [7.00.6000.20544] . . d:\windows\system32\mshtml.dll
[-] 2007-05-21 . DA297A862E5F093A07D37C05F608C686 . 3582976 . . [7.00.6000.20544] . . d:\windows\system32\dllcache\mshtml.dll

[7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . d:\windows\ServicePackFiles\i386\wininet.dll
[-] 2007-05-21 . B8F4DB39CA7353752F245379D285C80E . 823296 . . [7.00.6000.20544] . . d:\windows\system32\wininet.dll
[-] 2007-05-21 . B8F4DB39CA7353752F245379D285C80E . 823296 . . [7.00.6000.20544] . . d:\windows\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-29_11.41.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-29 13:46 . 2009-11-29 13:46 16384 d:\windows\temp\Perflib_Perfdata_768.dat
+ 2009-11-29 13:46 . 2009-11-29 13:46 16384 d:\windows\temp\Perflib_Perfdata_2b8.dat
+ 2009-11-29 13:46 . 2009-11-29 13:46 16384 d:\windows\temp\Perflib_Perfdata_1e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="d:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe clear" [X]
"ICQ"="d:\progra~1\ICQ6.5\ICQ.exe silent" [X]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="d:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"Ad-Watch"="d:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-11-10 520024]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"nwiz"="d:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.EXE [2009-10-16 18782720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - d:\windows\Installer\{AC76BA86-1029-0000-7760-000000000003}\_SC_Acrobat.exe [2009-11-10 295606]
Adobe Acrobat Synchronizer.lnk - d:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2009-11-23 738968]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=d:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Hry\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=

R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [10.11.2009 19:40 64160]
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [29.11.2009 11:10 691696]
R2 ekrn;Eset Service;d:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
R2 GEST Service;GEST Service for program management.;d:\program files\GIGABYTE\EnergySaver\GSvr.exe [10.11.2009 19:13 80392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 22:34 1028432]
S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys [17.11.2009 16:38 1684736]
S3 PAC207;Look 110;d:\windows\system32\DRIVERS\PFC027.SYS --> d:\windows\system32\DRIVERS\PFC027.SYS [?]
S3 TVICHW32;TVICHW32;d:\windows\system32\drivers\TVICHW32.SYS [17.11.2009 13:45 23600]
.
Contents of the 'Scheduled Tasks' folder

2009-11-24 d:\windows\Tasks\Ad-Aware Update (Weekly).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 18:40]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Previesť cieľ odkazu do Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Previesť cieľ odkazu do existujúceho PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Previesť do Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Previesť vybraté odkazy do Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Previesť vybraté odkazy do existujúceho PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Previesť výber do Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Previesť výber do existujúceho PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Pridať do existujúceho súboru PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
FF - ProfilePath - d:\documents and settings\Rival\Application Data\Mozilla\Firefox\Profiles\a08aqzya.default\
FF - prefs.js: browser.startup.homepage - hxxp://sk.start3.mozilla.com/firefox?cl ... k:official

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-29 14:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spwq.sys >>UNKNOWN [0x8A877938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cf28
\Driver\ACPI -> ACPI.sys @ 0xb7e74cb8
\Driver\atapi -> atapi.sys @ 0xb7e09b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek PCIe GBE Family Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7cffbb0
PacketIndicateHandler -> NDIS.sys @ 0xb7d0ca21
SendHandler -> NDIS.sys @ 0xb7cea87b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\d:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2520)
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\nvsvc32.exe
d:\windows\system32\RUNDLL32.EXE
d:\progra~1\ICQ6.5\ICQ.exe
d:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\NVIDIA Corporation\nTune\nTuneService.exe
d:\windows\system32\HPZipm12.exe
d:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
d:\windows\system32\wbem\unsecapp.exe
d:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
d:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
d:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-29 14:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-29 13:47
ComboFix2.txt 2009-11-29 11:42

Pre-Run: 32 762 617 856 bytes free
Post-Run: 32 732 536 832 bytes free

- - End Of File - - 065AAB8A56C7B432E9126C16A01BAE2A


teraz log z HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:49:35, on 29.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20544)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ESET\ESET Smart Security\egui.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\PROGRA~1\ICQ6.5\ICQ.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
D:\Program Files\ESET\ESET Smart Security\ekrn.exe
D:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ad-Watch] D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nwiz] D:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ICQ] "D:\PROGRA~1\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Previesť cieľ odkazu do Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Previesť cieľ odkazu do existujúceho PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Previesť do Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Previesť vybraté odkazy do Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Previesť vybraté odkazy do existujúceho PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Previesť výber do Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Previesť výber do existujúceho PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Pridať do existujúceho súboru PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - D:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8629 bytes


a teraz odkazy

http://www.virustotal.com/cs/analisis/8 ... 1259500488
http://www.virustotal.com/cs/analisis/b ... 1259501518
http://www.virustotal.com/cs/analisis/1 ... 1259500863
http://www.virustotal.com/cs/analisis/8 ... 1259501262
http://www.virustotal.com/cs/analisis/f ... 1259501393

a subor HPZipm12.exe beria 1720 K

[jaro3]

Stáhni si RootRepeal

Rozbal si archív třeba do C:\RootRepeal
Poklepej na RootRepeal.exe ke startu programu ( ve vistě pravým a vybrat spustit jako administrátor).
Klikni v dolní části na Files a potom na Scan .
Objeví se dialog.okno, dej zatržítko na disk, který chceš skenovat( nejčastěji na C:\ , a potom na OK.
Program ya4ne skenovat yatr6en7 disk. Když sken skončí , budou tam vypsané soubory, ale ne všechny musí být legitimní. Klikni na Save Report a ulož si log do dokumentů. Vlož sem prosím celý jeho obsah.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
d:\windows\system32\ezsidmv.dat

FCopy::
d:\windows\$NtUninstallKB896688$\wininet.dll | c:\windows\system32\wininet.dll


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu , log z hJT dávat nemusíš.

[rival]

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/11/29 18:32
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Hidden/Locked Files
-------------------


a z combofix

ComboFix 09-11-28.04 - Rival 29.11.2009 18:37.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3582.3192 [GMT 1:00]
Running from: d:\documents and settings\Rival\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Rival\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active


FILE ::
"d:\windows\system32\ezsidmv.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\system32\ezsidmv.dat

.
((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-29 )))))))))))))))))))))))))))))))
.

2009-11-29 17:27 . 2009-11-29 17:28 -------- d-----w- D:\RootRepeal
2009-11-29 17:27 . 2009-11-29 17:27 464491 ----a-w- D:\RootRepeal.zip
2009-11-29 13:54 . 2009-11-29 13:54 -------- d-----w- d:\documents and settings\Rival\DoctorWeb
2009-11-29 10:10 . 2009-11-29 10:10 691696 ----a-w- d:\windows\system32\drivers\sptd.sys
2009-11-29 10:10 . 2009-11-29 10:11 -------- d-----w- d:\program files\DAEMON Tools Lite
2009-11-29 10:09 . 2009-11-29 10:15 -------- d-----w- d:\documents and settings\Rival\Application Data\DAEMON Tools Lite
2009-11-29 10:09 . 2009-11-29 10:09 -------- d-----w- d:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-11-29 09:30 . 2009-11-29 09:30 -------- d-----w- d:\documents and settings\Rival\Application Data\Malwarebytes
2009-11-29 09:30 . 2009-09-10 13:54 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2009-11-29 09:30 . 2009-11-29 09:30 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-29 09:30 . 2009-09-10 13:53 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2009-11-29 09:30 . 2009-11-29 09:30 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2009-11-28 21:40 . 2009-11-28 21:40 -------- d---a-w- d:\windows\VDLL.DLL
2009-11-28 21:40 . 2009-11-28 21:40 -------- d---a-w- d:\windows\RUNDL132.EXE
2009-11-28 21:40 . 2009-11-28 21:40 -------- d---a-w- d:\windows\logo_1.exe
2009-11-28 21:38 . 2009-11-28 21:38 554240 ----a-w- d:\windows\system32\msvcp80.dll
2009-11-28 21:38 . 2009-04-30 11:04 626688 ----a-r- d:\windows\system32\msvcr80.dll
2009-11-28 21:38 . 2009-11-28 21:38 34048 ----a-w- d:\windows\system32\eEmpty.exe
2009-11-28 21:38 . 2008-04-14 04:42 135680 ----a-w- d:\windows\system32\T.COM
2009-11-28 21:38 . 2008-04-14 04:42 146432 ----a-w- d:\windows\R.COM
2009-11-28 21:37 . 2009-11-28 21:37 -------- d-----w- d:\program files\Common Files\MicroWorld
2009-11-28 21:37 . 2009-11-28 21:37 -------- d-----w- d:\documents and settings\All Users\Application Data\MicroWorld
2009-11-27 15:25 . 2009-11-27 15:25 -------- d-----w- d:\program files\oZone3D
2009-11-27 12:03 . 2009-11-27 12:03 -------- d-----w- d:\program files\QIP
2009-11-24 17:33 . 2009-11-24 17:33 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\Rockstar Games
2009-11-24 17:27 . 2009-11-24 17:27 -------- d-----w- d:\program files\Rockstar Games
2009-11-23 12:53 . 2009-11-28 13:01 -------- d-----w- d:\documents and settings\Rival\Application Data\BitTorrent
2009-11-20 16:17 . 2009-11-20 16:17 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\images
2009-11-20 16:11 . 2009-07-08 11:05 73728 ----a-w- d:\windows\system32\RtNicProp32.dll
2009-11-20 16:11 . 2009-05-26 18:30 73728 ----a-w- d:\windows\system32\RTNUninst32.dll
2009-11-19 21:14 . 2009-11-19 21:14 -------- d-----w- d:\program files\SystemRequirementsLab
2009-11-19 20:45 . 2009-11-19 20:45 -------- d-----w- d:\program files\Trend Micro
2009-11-19 19:41 . 2009-11-19 19:41 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\Updater2
2009-11-19 19:36 . 2009-11-19 19:36 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\AntikVirtualSTB
2009-11-19 19:35 . 2009-11-23 18:06 -------- d-----w- d:\program files\AntikVirtualSTB
2009-11-18 14:02 . 2009-11-18 14:02 -------- d-----w- d:\windows\Downloaded Installations
2009-11-17 15:55 . 2009-11-18 15:26 -------- d-----w- d:\windows\PixArt
2009-11-17 15:55 . 2006-10-12 10:57 14336 ----a-w- d:\windows\system32\P207USD.dll
2009-11-17 15:38 . 2009-10-08 13:24 352256 ----a-w- d:\windows\vncutil.exe
2009-11-17 15:38 . 2009-10-23 17:53 41984 ----a-w- d:\windows\system32\RtkCoInstXP.dll
2009-11-17 15:38 . 2009-03-17 13:07 122880 ----a-w- d:\windows\RtkAudioService.exe
2009-11-17 15:38 . 2006-01-04 14:41 1389056 ----a-w- d:\windows\system32\drivers\Monfilt.sys
2009-11-17 15:38 . 2008-08-05 19:10 1684736 ----a-w- d:\windows\system32\drivers\Ambfilt.sys
2009-11-17 14:20 . 2009-11-17 14:20 -------- d-----w- D:\NVIDIA
2009-11-17 14:05 . 2009-11-17 14:05 -------- d-----w- d:\documents and settings\All Users\Application Data\InstallShield
2009-11-17 14:02 . 2009-11-17 14:02 -------- d-----w- d:\documents and settings\Rival\Application Data\AdobeUM
2009-11-17 12:45 . 2009-11-18 13:19 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\eSupport.com
2009-11-17 12:45 . 2009-11-17 12:45 23600 ----a-w- d:\windows\system32\drivers\TVICHW32.SYS
2009-11-17 12:43 . 2009-11-17 12:43 -------- d-----w- d:\windows\Sun
2009-11-15 22:16 . 2009-11-10 18:40 15688 ----a-w- d:\windows\system32\lsdelete.exe
2009-11-15 22:10 . 2009-11-15 22:10 -------- d-----w- d:\program files\ICQ6Toolbar
2009-11-15 22:10 . 2009-11-15 22:10 -------- d-----w- d:\documents and settings\All Users\Application Data\ICQ
2009-11-15 22:09 . 2009-11-20 11:09 -------- d-----w- d:\documents and settings\Rival\Application Data\ICQ
2009-11-15 22:09 . 2009-11-15 22:11 -------- d-----w- d:\program files\ICQ6.5
2009-11-13 10:08 . 2009-11-13 10:08 -------- d-----w- d:\documents and settings\LocalService\Local Settings\Application Data\NVIDIA Corporation
2009-11-13 10:08 . 2009-11-13 10:08 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\NVIDIA Corporation
2009-11-13 10:07 . 2009-11-13 10:08 -------- d-----w- d:\program files\NVIDIA nTune Performance Application
2009-11-12 08:43 . 2009-11-12 08:43 -------- d-----w- d:\documents and settings\Rival\Incomplete
2009-11-12 08:42 . 2009-11-27 09:07 -------- d-----w- d:\documents and settings\Rival\.limewire
2009-11-11 19:05 . 2009-11-11 19:06 -------- d-----w- d:\windows\NV7202332.TMP
2009-11-11 16:43 . 2009-11-11 16:43 -------- d-----w- D:\rivatuner
2009-11-10 20:02 . 2009-11-10 20:02 618 ----a-w- d:\windows\eReg.dat
2009-11-10 19:56 . 2009-11-10 19:56 -------- d-----w- D:\strongdc230
2009-11-10 19:48 . 2009-11-10 19:48 -------- d-----w- d:\documents and settings\All Users\Application Data\HP
2009-11-10 19:48 . 2009-11-10 19:48 -------- d-----w- d:\program files\Common Files\HP
2009-11-10 19:47 . 2009-11-10 19:47 -------- d-----w- d:\program files\Hewlett-Packard
2009-11-10 19:47 . 2009-11-10 19:47 -------- d-----w- d:\program files\Common Files\Hewlett-Packard
2009-11-10 19:46 . 2005-03-08 04:43 16496 ----a-r- d:\windows\system32\drivers\HPZipr12.sys
2009-11-10 19:46 . 2005-03-08 04:43 51120 ----a-r- d:\windows\system32\drivers\HPZid412.sys
2009-11-10 19:46 . 2005-03-08 04:43 21744 ----a-r- d:\windows\system32\drivers\HPZius12.sys
2009-11-10 19:46 . 2008-04-13 23:15 15104 -c--a-w- d:\windows\system32\dllcache\usbscan.sys
2009-11-10 19:46 . 2008-04-13 23:15 15104 ----a-w- d:\windows\system32\drivers\usbscan.sys
2009-11-10 19:45 . 2004-09-29 11:15 204800 ----a-w- d:\windows\system32\HPZipr12.dll
2009-11-10 19:45 . 2004-09-29 11:14 69632 ----a-w- d:\windows\system32\HPZipm12.exe
2009-11-10 19:45 . 2004-09-29 11:12 278584 ----a-w- d:\windows\system32\HPZidr12.dll
2009-11-10 19:45 . 2004-09-29 11:09 57344 ----a-w- d:\windows\system32\HPZisn12.dll
2009-11-10 19:45 . 2004-09-29 11:09 94208 ----a-w- d:\windows\system32\HPZipt12.dll
2009-11-10 19:45 . 2004-09-29 11:08 61440 ----a-w- d:\windows\system32\HPZinw12.exe
2009-11-10 19:44 . 2009-11-10 19:48 -------- d-----w- d:\program files\HP
2009-11-10 19:44 . 2008-04-13 23:15 26368 -c--a-w- d:\windows\system32\dllcache\usbstor.sys
2009-11-10 19:44 . 2008-04-13 23:17 25856 -c--a-w- d:\windows\system32\dllcache\usbprint.sys
2009-11-10 19:44 . 2008-04-13 23:17 25856 ----a-w- d:\windows\system32\drivers\usbprint.sys
2009-11-10 19:43 . 2009-11-10 19:49 112876 ----a-w- d:\windows\hpoins07.dat
2009-11-10 19:43 . 2005-05-24 02:48 21124 ------w- d:\windows\hpomdl07.dat
2009-11-10 19:42 . 2009-11-10 19:42 -------- d-----w- d:\documents and settings\Rival\Application Data\HP
2009-11-10 19:41 . 2009-11-10 20:44 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\Eraser
2009-11-10 19:39 . 2009-06-10 13:22 83344 ----a-w- d:\windows\system32\Erasext.dll
2009-11-10 19:39 . 2009-06-10 13:22 307088 ----a-w- d:\windows\system32\Eraser.dll
2009-11-10 19:39 . 2009-06-10 13:22 73104 ----a-w- d:\windows\system32\Eraserl.exe
2009-11-10 19:39 . 2009-11-10 19:39 -------- d-----w- d:\program files\Eraser
2009-11-10 19:28 . 2006-11-20 08:04 6656 ----a-w- d:\windows\system32\CoInst_070301.dll
2009-11-10 19:26 . 2008-11-10 10:41 32656 ----a-w- d:\windows\system32\msonpmon.dll
2009-11-10 19:25 . 2009-11-10 19:27 -------- d-----w- d:\program files\Microsoft Works
2009-11-10 19:25 . 2009-11-10 19:25 -------- d-----w- d:\program files\MSBuild
2009-11-10 19:23 . 2009-11-10 19:23 -------- d-----w- d:\windows\SHELLNEW
2009-11-10 19:23 . 2009-11-10 19:23 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\Microsoft Help
2009-11-10 19:23 . 2009-11-10 19:29 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-10 19:23 . 2009-11-10 19:23 -------- d-----r- D:\MSOCache
2009-11-10 19:22 . 2009-11-10 19:22 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\ESET
2009-11-10 19:20 . 2009-11-14 16:33 -------- d-----w- d:\program files\ELIS
2009-11-10 19:20 . 2009-11-10 19:20 -------- d-----w- d:\documents and settings\Rival\WINDOWS
2009-11-10 19:20 . 1998-10-29 15:45 306688 ----a-w- d:\windows\IsUninst.exe
2009-11-10 19:18 . 2009-11-10 19:18 -------- d-----w- d:\program files\CCleaner
2009-11-10 19:14 . 2009-11-10 19:14 -------- d-----w- d:\program files\BitTorrent
2009-11-10 19:13 . 2009-11-10 19:31 -------- d-----w- d:\program files\Java
2009-11-10 19:13 . 2009-11-10 19:13 -------- d-----w- d:\program files\Common Files\Java
2009-11-10 19:13 . 2009-11-10 19:13 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150010}
2009-11-10 19:11 . 2009-11-12 08:43 -------- d-----w- d:\program files\LimeWire
2009-11-10 19:10 . 2009-11-24 19:26 -------- d-----w- d:\documents and settings\Rival\Application Data\vlc
2009-11-10 19:10 . 2009-11-10 19:10 -------- d-----w- d:\program files\VideoLAN
2009-11-10 19:09 . 2009-11-17 16:00 -------- d-----w- d:\documents and settings\Rival\Application Data\skypePM
2009-11-10 19:08 . 2009-11-18 14:03 -------- d-----w- d:\documents and settings\Rival\Application Data\Skype
2009-11-10 19:08 . 2009-11-10 19:08 -------- d-----w- d:\program files\Common Files\Skype
2009-11-10 19:08 . 2009-11-10 19:33 -------- d-----r- d:\program files\Skype
2009-11-10 19:08 . 2009-11-10 19:08 -------- d-----w- d:\documents and settings\All Users\Application Data\Skype
2009-11-10 19:02 . 2009-11-10 19:02 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\Identities
2009-11-10 19:02 . 2009-11-11 16:06 -------- d-----w- d:\documents and settings\Rival\Local Settings\Application Data\Ahead
2009-11-10 19:01 . 2009-11-11 16:07 -------- d-----w- d:\documents and settings\Rival\Application Data\Ahead
2009-11-10 19:01 . 2009-11-10 19:01 -------- d-----w- d:\documents and settings\All Users\Application Data\Ahead
2009-11-10 19:00 . 2009-11-10 19:01 -------- d-----w- d:\program files\Common Files\Ahead
2009-11-10 19:00 . 2009-11-10 19:00 -------- d-----w- d:\documents and settings\All Users\Application Data\Nero
2009-11-10 19:00 . 2009-11-10 19:00 -------- d-----w- d:\program files\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-29 17:40 . 2009-11-10 18:12 16608 ----a-w- d:\windows\gdrv.sys
2009-11-26 09:49 . 2009-11-10 18:40 3695616 ----a-w- d:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-25 20:38 . 2009-11-10 18:13 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-11-18 13:08 . 2009-11-10 19:19 -------- d-----w- d:\program files\Winamp
2009-11-17 14:05 . 2009-11-10 18:13 -------- d-----w- d:\program files\GIGABYTE
2009-11-17 14:05 . 2009-11-10 18:13 -------- d-----w- d:\program files\Common Files\InstallShield
2009-11-13 10:08 . 2009-11-10 18:29 -------- d-----w- d:\program files\NVIDIA Corporation
2009-11-11 10:50 . 2009-11-10 18:52 -------- d-----w- d:\documents and settings\Rival\Application Data\BSplayer PRO
2009-11-10 19:36 . 2009-11-10 17:59 70088 ----a-w- d:\documents and settings\Rival\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-10 19:31 . 2009-11-10 19:31 411368 ----a-w- d:\windows\system32\deploytk.dll
2009-11-10 19:31 . 2009-11-10 19:31 152576 ----a-w- d:\documents and settings\Rival\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-10 19:31 . 2009-11-10 19:31 79488 ----a-w- d:\documents and settings\Rival\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-10 18:55 . 2009-11-10 18:55 223128 ----a-w- d:\windows\system32\drivers\dtscsi.sys.15645381
2009-11-10 18:54 . 2009-11-10 18:54 642560 ----a-w- d:\windows\system32\drivers\sptd.sys.14179210
2009-11-10 18:53 . 2009-11-10 18:53 -------- d-----w- d:\documents and settings\Rival\Application Data\CyberLink
2009-11-10 18:53 . 2009-11-10 18:53 -------- d-----w- d:\documents and settings\All Users\Application Data\CyberLink
2009-11-10 18:53 . 2009-11-10 18:53 -------- d-----w- d:\program files\CyberLink
2009-11-10 18:52 . 2009-11-10 18:52 -------- d-----w- d:\program files\Webteh
2009-11-10 18:51 . 2009-11-10 18:51 -------- d-----w- d:\program files\Codec Pack - All In 1
2009-11-10 18:50 . 2009-11-10 18:51 737280 ----a-w- d:\windows\iun6002.exe
2009-11-10 18:47 . 2009-11-10 18:47 -------- d-----w- d:\documents and settings\All Users\Application Data\FLEXnet
2009-11-10 18:47 . 2009-11-10 18:44 -------- d-----w- d:\program files\Common Files\Adobe
2009-11-10 18:47 . 2009-11-10 18:47 -------- d-----w- d:\program files\Common Files\Macrovision Shared
2009-11-10 18:39 . 2009-11-10 18:39 -------- dc-h--w- d:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-11-10 18:39 . 2009-11-10 18:39 -------- d-----w- d:\program files\Lavasoft
2009-11-10 18:37 . 2009-11-10 18:37 -------- d-----w- d:\documents and settings\Rival\Application Data\ESET
2009-11-10 18:36 . 2009-11-10 18:36 -------- d-----w- d:\program files\ESET
2009-11-10 18:36 . 2009-11-10 18:36 -------- d-----w- d:\documents and settings\All Users\Application Data\ESET
2009-11-10 18:29 . 2009-11-10 18:29 -------- d-----w- d:\program files\AGEIA Technologies
2009-11-10 18:29 . 2009-11-10 18:29 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2009-11-10 18:29 . 2009-11-10 18:29 -------- d-----w- d:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-11-10 18:18 . 2009-11-10 18:16 -------- d-----w- d:\program files\Realtek
2009-11-10 18:18 . 2009-11-10 18:18 -------- d-----w- d:\documents and settings\Rival\Application Data\InstallShield
2009-11-10 18:14 . 2009-11-10 18:14 -------- d-----w- d:\program files\Intel
2009-11-10 18:10 . 2009-11-10 17:53 5938 ----a-w- d:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-11-10 18:10 . 2009-11-10 17:53 166455 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-10 18:06 . 2009-11-10 17:53 8972 ----a-w- d:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-11-10 17:54 . 2009-11-10 17:54 -------- d-----w- d:\program files\microsoft frontpage
2009-11-10 17:51 . 2009-11-10 17:51 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2009-11-10 17:51 . 2009-11-10 17:51 -------- d-----w- d:\program files\Windows Media Connect 2
2009-10-30 18:49 . 2009-11-10 18:18 176768 ----a-w- d:\windows\system32\drivers\Rtenicxp.sys
2009-10-28 10:35 . 2009-11-10 18:16 5937152 ----a-w- d:\windows\system32\drivers\RtkHDAud.sys
2009-10-16 12:59 . 2009-11-10 18:16 18782720 ----a-w- d:\windows\RTHDCPL.EXE
2009-09-27 17:19 . 2009-09-27 17:19 3674112 ----a-w- d:\windows\system32\nvwssr.dll
2009-09-27 15:12 . 2009-11-10 18:06 5900416 ----a-w- d:\windows\system32\nv4_disp.dll
2009-09-27 15:12 . 2009-11-10 18:04 7655872 ----a-w- d:\windows\system32\drivers\nv4_mini.sys
2009-09-27 15:12 . 2009-09-27 15:12 888832 ----a-w- d:\windows\system32\nvapi.dll
2009-09-27 15:12 . 2009-09-27 15:12 2194024 ----a-w- d:\windows\system32\nvcuvid.dll
2009-09-27 15:12 . 2009-09-27 15:12 1714792 ----a-w- d:\windows\system32\nvcuvenc.dll
2009-09-27 15:12 . 2009-09-27 15:12 170600 ----a-w- d:\windows\system32\nvcodins.dll
2009-09-27 15:12 . 2009-09-27 15:12 170600 ----a-w- d:\windows\system32\nvcod.dll
2009-09-27 15:12 . 2009-09-27 15:12 1604482 ----a-w- d:\windows\system32\nvdata.bin
2009-09-27 15:12 . 2009-09-27 15:12 10756096 ----a-w- d:\windows\system32\nvoglnt.dll
2009-09-27 15:12 . 2007-12-04 17:41 2007040 ----a-w- d:\windows\system32\nvcuda.dll
2009-09-04 17:01 . 2009-09-04 17:01 525656 ----a-w- D:\DXSETUP.exe
2009-09-04 17:01 . 2009-09-04 17:01 94024 ----a-w- D:\DSETUP.dll
2009-09-04 17:01 . 2009-09-04 17:01 1691464 ----a-w- D:\dsetup32.dll
2009-09-04 16:44 . 2009-11-11 19:21 515416 ----a-w- d:\windows\system32\XAudio2_5.dll
2009-09-04 16:44 . 2009-11-11 19:21 238936 ----a-w- d:\windows\system32\xactengine3_5.dll
2009-09-04 16:44 . 2009-11-11 19:21 69464 ----a-w- d:\windows\system32\XAPOFX1_3.dll
2009-09-04 16:29 . 2009-11-11 19:21 453456 ----a-w- d:\windows\system32\d3dx10_42.dll
2009-09-04 16:29 . 2009-11-11 19:21 235344 ----a-w- d:\windows\system32\d3dx11_42.dll
2009-09-04 16:29 . 2009-11-11 19:21 5501792 ----a-w- d:\windows\system32\d3dcsx_42.dll
2009-09-04 16:29 . 2009-11-11 19:21 1974616 ----a-w- d:\windows\system32\D3DCompiler_42.dll
2009-09-04 16:29 . 2009-11-11 19:21 1892184 ----a-w- d:\windows\system32\D3DX9_42.dll
.

------- Sigcheck -------

[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . d:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2007-05-21 . DA297A862E5F093A07D37C05F608C686 . 3582976 . . [7.00.6000.20544] . . d:\windows\system32\mshtml.dll
[-] 2007-05-21 . DA297A862E5F093A07D37C05F608C686 . 3582976 . . [7.00.6000.20544] . . d:\windows\system32\dllcache\mshtml.dll

[7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . d:\windows\ServicePackFiles\i386\wininet.dll
[-] 2007-05-21 . B8F4DB39CA7353752F245379D285C80E . 823296 . . [7.00.6000.20544] . . d:\windows\system32\wininet.dll
[-] 2007-05-21 . B8F4DB39CA7353752F245379D285C80E . 823296 . . [7.00.6000.20544] . . d:\windows\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-29_11.41.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-29 17:40 . 2009-11-29 17:40 16384 d:\windows\temp\Perflib_Perfdata_7e0.dat
+ 2009-11-29 17:40 . 2009-11-29 17:40 16384 d:\windows\temp\Perflib_Perfdata_7d4.dat
+ 2009-11-29 17:40 . 2009-11-29 17:40 16384 d:\windows\temp\Perflib_Perfdata_370.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="d:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe clear" [X]
"ICQ"="d:\progra~1\ICQ6.5\ICQ.exe silent" [X]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="d:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"Ad-Watch"="d:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-11-10 520024]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"nwiz"="d:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.EXE [2009-10-16 18782720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - d:\windows\Installer\{AC76BA86-1029-0000-7760-000000000003}\_SC_Acrobat.exe [2009-11-10 295606]
Adobe Acrobat Synchronizer.lnk - d:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2009-11-23 738968]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=d:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Hry\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=

R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [10.11.2009 19:40 64160]
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [29.11.2009 11:10 691696]
R2 ekrn;Eset Service;d:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
R2 GEST Service;GEST Service for program management.;d:\program files\GIGABYTE\EnergySaver\GSvr.exe [10.11.2009 19:13 80392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 22:34 1028432]
S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys [17.11.2009 16:38 1684736]
S3 PAC207;Look 110;d:\windows\system32\DRIVERS\PFC027.SYS --> d:\windows\system32\DRIVERS\PFC027.SYS [?]
S3 TVICHW32;TVICHW32;d:\windows\system32\drivers\TVICHW32.SYS [17.11.2009 13:45 23600]
.
Contents of the 'Scheduled Tasks' folder

2009-11-24 d:\windows\Tasks\Ad-Aware Update (Weekly).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 18:40]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Previesť cieľ odkazu do Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Previesť cieľ odkazu do existujúceho PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Previesť do Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Previesť vybraté odkazy do Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Previesť vybraté odkazy do existujúceho PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Previesť výber do Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Previesť výber do existujúceho PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Pridať do existujúceho súboru PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
FF - ProfilePath - d:\documents and settings\Rival\Application Data\Mozilla\Firefox\Profiles\a08aqzya.default\
FF - prefs.js: browser.startup.homepage - hxxp://sk.start3.mozilla.com/firefox?cl ... k:official

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-29 18:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sppk.sys >>UNKNOWN [0x8A876938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cf28
\Driver\ACPI -> ACPI.sys @ 0xb7e74cb8
\Driver\atapi -> atapi.sys @ 0xb7e09b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek PCIe GBE Family Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7cffbb0
PacketIndicateHandler -> NDIS.sys @ 0xb7d0ca21
SendHandler -> NDIS.sys @ 0xb7cea87b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\d:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3360)
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\nvsvc32.exe
d:\windows\system32\RUNDLL32.EXE
d:\progra~1\ICQ6.5\ICQ.exe
d:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\NVIDIA Corporation\nTune\nTuneService.exe
d:\windows\system32\HPZipm12.exe
d:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
d:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
d:\windows\system32\wbem\unsecapp.exe
d:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
d:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-29 18:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-29 17:42
ComboFix2.txt 2009-11-29 13:48
ComboFix3.txt 2009-11-29 11:42

Pre-Run: 32 644 993 024 bytes free
Post-Run: 14 adresárov, 32 613 937 152 voľných bajtov

- - End Of File - - 5806B317C8CB7940802A7F5D78DC7D87