Některé programy nejdou spustit nebo se samy ukončují

[mato]

zdravim,

mam nasledujuce problemy: ked sa snazim zapnut nejake programy nechcu sa spustit alebo sa vypnu samy po velmi kratkom case (napr. malwarebytes). Zaujimalo by ma, ci je to sposobene nejakym virom alebo je poskodeny win. Okrem toho sa nemozem dostat na stranku esetu. Stale mi vypisuje 501 Method Not Implemented IET to /sk not supported. Skusal som rozne prehliadace, nefunguje nikde. Na inom pc je to ok. Urobil som scan super antispywarom ale problem ostal. Mam problemy aj s hjt, nie vzdy mi to spusti, takze mam problem tu skopirovat log.

vdaka za vase rady

// Změna názvu tématu. Původní název "problem s programami" svou nulovou informační hodnotou porušoval pravidla.
// mike007

[Reklama]

[Pic]

Podle všeho máš pořádně zaneřáděný systém. Pokus se poslat log z HiJackThis. Pokud máš nějaký antivirový program, tak PC zkontroluj.

[mato]

podarilo sa mi urobit ten log, ale starsiu instalacku mi vobec nechcelo spustit musel som stiahnut nanovo. tu je log:

Logfile of HijackThis v1.99.1
Scan saved at 22:22:10, on 5.8.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
E:\Program Files\DivX\DivX Update\DivXUpdate.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\Program Files\ICQ6Toolbar\ICQ Service.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Program Files\CDBurnerXP\NMSAccessU.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Opera 9\opera.exe
E:\WINDOWS\System32\svchost.exe
C:\TRANSLAT\WDICT32.EXE
E:\Program Files\Java\jre6\bin\jucheck.exe
C:\totalcmd\TC PowerPack\TOTALCMD.EXE
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\mmc.exe
c:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file)
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - E:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WinampAgent] I:\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [DivXUpdate] "E:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stiahni položku pomocou Net Transport - E:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stiahni všetky položky cez Net Transport - E:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\program files\bonjour\mdnsnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B310F541-CC59-4786-B83C-4A5D852635F7}: NameServer = 213.151.254.1,192.168.87.2
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICQ Service - Unknown owner - E:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - E:\Program Files\Java\jre6\bin\jqs.exe" -service -config "E:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NMSAccessU - Unknown owner - E:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - E:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

/promazáno od OT! memphisto

[bledulka]

AHoj,

Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-přejmenuj ho na červík.com
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano

- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna

- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.



Pokud nepůjde spustit, napiš.

[mato]

log z combofix:

ComboFix 10-08-05.02 - Klara 06.08.2010 0:15.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.767.480 [GMT 2:00]
Running from: e:\documents and settings\Klara\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\documents and settings\Klara\Application Data\ACD Systems\ACDSee\ImageDB.ddf
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\_tm10BB.tmp
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\_tm37E0.tmp
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\ExtractZipFile.zip
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\248d6576afce4ee94af42d7350131106.gif
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\24a70fb875fab686b6b3c217612bc07c.gif
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\default1.dat
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.dat
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.gif
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Cursor.mx
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_DailyVideo.mx
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Game.mx
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Glitter.mx
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Logo.mx
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Option.mx
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Recipe.mx
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Ringtone.mx
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Screensaver.mx
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Search.mx
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley.mx
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_Config.mx
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_TellAFriend.mx
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Wallpaper.mx
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Web.mx
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\pixel.mx
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ProductInfo.mx
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\profile.mx
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\SearchEngineList.mx
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\tbcore.mx
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ToolbarLayout.mx
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentre.mx
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentreBk.mx
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLDynamic.mx
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLStatic.mx
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\About.mg
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Component_ComboBox.mg
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.mg
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.png
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_DailyVideo.mg
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Game.mg
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.mg
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.png
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Logo.mg
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Option.mg
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Recipe.mg
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Ringtone.mg
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Screensaver.mg
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Search.mg
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.mg
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.png
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Wallpaper.mg
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Web.mg
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDefault.png
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.bmp
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.png
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay18.bmp
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay20.bmp
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.bmp
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.png
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters18.bmp
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters20.bmp
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnOption.png
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.bmp
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.png
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley18.bmp
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley20.bmp
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.bmp
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.png
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd18.bmp
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd20.bmp
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.bmp
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.png
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink18.bmp
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink20.bmp
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin1.skf
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin2.skf
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin3.skf
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin4.skf
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin.skf
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin_s.skf
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\ToastSkin.skf
e:\documents and settings\Klara\Local Settings\Temporary Internet Files\stb06759.tmp

.
((((((((((((((((((((((((( Files Created from 2010-07-05 to 2010-08-05 )))))))))))))))))))))))))))))))
.

2010-08-05 18:26 . 2010-08-05 18:26 63488 ----a-w- e:\documents and settings\Klara\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-05 18:25 . 2010-08-05 18:25 52224 ----a-w- e:\documents and settings\Klara\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-05 18:25 . 2010-08-05 18:25 117760 ----a-w- e:\documents and settings\Klara\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-05 18:25 . 2010-08-05 18:25 -------- d-----w- e:\documents and settings\Klara\Application Data\SUPERAntiSpyware.com
2010-08-05 18:25 . 2010-08-05 18:25 -------- d-----w- e:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-05 18:24 . 2010-08-05 18:25 -------- d-----w- e:\program files\SUPERAntiSpyware
2010-08-05 13:25 . 2010-08-05 13:25 -------- d-----w- e:\program files\CDBurnerXP
2010-08-05 13:14 . 2010-08-05 13:37 -------- d-----w- e:\program files\Elaborate Bytes
2010-08-05 12:30 . 2010-08-05 12:30 -------- d-----w- e:\program files\Common Files\Wise Installation Wizard
2010-08-05 11:51 . 2010-08-05 18:16 -------- d-----w- e:\documents and settings\Klara\Local Settings\Application Data\AskToolbar
2010-08-05 11:15 . 2010-08-05 13:29 -------- d-----w- E:\metallica
2010-08-05 00:21 . 2010-08-05 00:21 -------- d-----w- e:\program files\TeaTimer (Spybot - Search & Destroy)
2010-08-05 00:21 . 2010-08-05 00:21 -------- d-----w- e:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-08-05 00:21 . 2010-08-05 00:21 -------- d-----w- e:\program files\SDHelper (Spybot - Search & Destroy)
2010-08-05 00:21 . 2010-08-05 00:21 -------- d-----w- e:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-08-05 00:20 . 2010-08-05 00:20 -------- d-----w- e:\documents and settings\Klara\Application Data\Malwarebytes
2010-08-05 00:20 . 2010-08-05 00:20 -------- d-----w- e:\windows\VistaMizer
2010-08-05 00:20 . 2010-08-05 00:20 -------- d-----w- e:\program files\BitTorrent
2010-08-05 00:20 . 2010-08-05 00:20 -------- d-----w- e:\program files\Common Files\DivX Shared
2010-08-04 23:20 . 2010-08-05 17:53 -------- d-----w- e:\program files\Spybot - Search & Destroy
2010-08-04 23:19 . 2010-04-29 13:39 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-08-04 23:19 . 2010-08-04 23:19 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-04 23:19 . 2010-04-29 13:39 20952 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-08-04 23:19 . 2010-08-05 17:49 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-08-02 22:51 . 2010-08-05 16:41 -------- d-----w- e:\documents and settings\Klara\Application Data\BitTorrent
2010-08-02 22:02 . 2010-08-02 22:02 -------- d-----w- e:\documents and settings\Klara\Application Data\Vast Studios
2010-08-02 20:16 . 2010-08-05 00:19 -------- d-----w- e:\program files\MPC HomeCinema
2010-08-02 19:26 . 2010-08-05 00:19 -------- d-----w- e:\program files\Ask.com
2010-08-02 19:04 . 2010-08-02 19:04 57344 ----a-w- e:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-02 19:04 . 2010-08-02 19:00 1062184 ----a-w- e:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-08-02 19:04 . 2010-08-02 19:00 895256 ----a-w- e:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-08-02 19:04 . 2010-08-02 19:04 56765 ----a-w- e:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-02 19:04 . 2010-08-02 19:04 56997 ----a-w- e:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-08-02 19:04 . 2010-08-02 19:04 53600 ----a-w- e:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-08-02 19:04 . 2010-08-02 19:04 57409 ----a-w- e:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-08-02 19:03 . 2010-08-02 19:03 52963 ----a-w- e:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-08-02 19:03 . 2010-08-02 19:03 54073 ----a-w- e:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-08-02 19:01 . 2010-08-05 00:19 -------- d-----w- e:\program files\DivX
2010-08-02 19:00 . 2010-08-05 00:20 -------- d-----w- e:\documents and settings\All Users\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-05 17:53 . 2007-07-03 14:35 -------- d-----w- e:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-05 12:10 . 2007-08-05 10:49 -------- d-----w- e:\program files\Opera 9
2010-08-05 00:21 . 2007-10-02 17:23 -------- d-----w- e:\program files\Hamachi
2010-08-05 00:20 . 2009-07-29 20:14 -------- d-----w- e:\program files\Lavasoft
2010-08-05 00:20 . 2008-04-03 21:44 -------- d-----w- e:\documents and settings\All Users\Application Data\Lavasoft
2010-08-05 00:20 . 2009-08-07 18:07 -------- d-----w- e:\program files\Common Files\ACD Systems
2010-08-03 19:09 . 2008-07-11 11:07 -------- d-----w- e:\documents and settings\Klara\Application Data\ICQ
2010-08-02 19:32 . 2009-08-07 18:07 10368 ----a-w- e:\windows\system32\drivers\pfc.sys
2010-07-20 09:27 . 2008-04-07 20:34 -------- d-----w- e:\program files\ESET
2010-07-20 09:09 . 2007-07-03 14:43 -------- d-----w- e:\program files\Common Files\Adobe
2010-06-18 19:42 . 2009-07-20 13:11 -------- d-----w- e:\program files\ICQ6.5
2010-05-23 19:47 . 2010-05-23 19:47 503808 ----a-w- e:\documents and settings\Klara\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3231c715-n\msvcp71.dll
2010-05-23 19:47 . 2010-05-23 19:47 499712 ----a-w- e:\documents and settings\Klara\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3231c715-n\jmc.dll
2010-05-23 19:47 . 2010-05-23 19:47 348160 ----a-w- e:\documents and settings\Klara\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3231c715-n\msvcr71.dll
.

------- Sigcheck -------

[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . e:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 . 6A603809F598332DBEDD535BDBCE313E . 359040 . . [5.1.2600.2180] . . e:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50 1197448 ----a-w- e:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "e:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "e:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="e:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"egui"="e:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-29 2145000]
"DivXUpdate"="e:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- e:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageFox.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\ImageFox.lnk
backup=e:\windows\pss\ImageFox.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=e:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^Klara^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=e:\documents and settings\Klara\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=e:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivControl]
2007-11-09 09:25 1003520 ----a-w- e:\program files\Activ Software\Activdriver\ActivControl2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-11-16 15:36 172792 ----a-w- e:\program files\ICQ6.5\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- e:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2008-04-06 15:52 1271032 ----a-w- e:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SandraTheSrv"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"e:\\Program Files\\EA SPORTS\\NHL06\\nhl06.exe"=
"e:\\Program Files\\SDP Multimedia\\SDP Downloader\\SDP.exe"=
"c:\\totalcmd\\TC PowerPack\\TOTALCMD.EXE"=
"e:\\WINDOWS\\system32\\javaw.exe"=
"e:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe"=
"e:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\Proforient ZS\\oppp.exe"=
"e:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\SVS_Proforient ZS\\opppt.exe"=
"e:\\Program Files\\Opera 9\\opera.exe"=
"e:\\SVS_Proforient ZS\\oppp.exe"=
"e:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Vax347s;Vax347s;e:\windows\system32\drivers\Vax347s.sys [15.7.2008 0:55 5248]
R1 ehdrv;ehdrv;e:\windows\system32\drivers\ehdrv.sys [29.3.2010 17:12 114984]
R1 epfwtdir;epfwtdir;e:\windows\system32\drivers\epfwtdir.sys [29.3.2010 17:13 95872]
R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
R2 ekrn;ESET Service;e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29.3.2010 17:12 810120]
R2 ICQ Service;ICQ Service;e:\program files\ICQ6Toolbar\ICQ Service.exe [20.7.2009 15:13 222968]
R3 ActivHidSerMini;Promethean Serial Board Driver;e:\windows\system32\drivers\activhidsermini.sys [16.6.2008 14:38 54656]
R3 prmvmouse;Promethean HID Mouse Service;e:\windows\system32\drivers\activmouse.sys [19.11.2009 14:03 4480]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"k:\vs\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 --> k:\vs\Common7\IDE\Remote Debugger\x86\msvsmon.exe [?]
S4 sptd;sptd;e:\windows\system32\drivers\sptd.sys [19.7.2008 17:40 717296]
S4 Vax347b;Vax347b;e:\windows\system32\drivers\Vax347b.sys [15.7.2008 0:55 159616]
.
Contents of the 'Scheduled Tasks' folder

2010-08-05 e:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- e:\program files\Ask.com\UpdateTask.exe [2010-02-04 14:50]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stiahni položku pomocou Net Transport - e:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Stiahni všetky položky cez Net Transport - e:\program files\Xi\NetTransport 2\NTAddList.html
TCP: {B310F541-CC59-4786-B83C-4A5D852635F7} = 213.151.254.1,192.168.87.2
FF - ProfilePath - e:\documents and settings\Klara\Application Data\Mozilla\Firefox\Profiles\f9qegxq2.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - prefs.js: keyword.enabled - false
FF - plugin: e:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: e:\program files\Opera 9\program\plugins\npdsplay.dll
FF - plugin: e:\program files\Opera 9\program\plugins\npqtplugin.dll
FF - plugin: e:\program files\Opera 9\program\plugins\npqtplugin2.dll
FF - plugin: e:\program files\Opera 9\program\plugins\npqtplugin3.dll
FF - plugin: e:\program files\Opera 9\program\plugins\npqtplugin4.dll
FF - plugin: e:\program files\Opera 9\program\plugins\npqtplugin5.dll
FF - plugin: e:\program files\Opera 9\program\plugins\NPSWF32.dll
FF - plugin: e:\program files\Opera 9\program\plugins\NPSWF32_back.dll
FF - plugin: e:\program files\Opera 9\program\plugins\npwmsdrm.dll

---- FIREFOX POLICIES ----
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-WinampAgent - i:\winamp\winampa.exe
MSConfigStartUp-Ad-Watch - e:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-SmileyApp - e:\program files\DoubleD\GamingHarbor Toolbar\4.2.2.21960\stbapp.exe
AddRemove-HijackThis - c:\programy\hijackthis\HijackThis.exe
AddRemove-Microsoft Visual Studio 2005 Professional Edition - ENU - k:\vs\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
AddRemove-nbi-nb-base-6.5.0.0.200811100001 - l:\netbeans 6.5\uninstall.exe
AddRemove-Prijímacie skúšky verzia V2009.01_is1 - e:\program files\Prijímacie skúšky\unins000.exe
AddRemove-Women's Murder Club Twice in a Blue Moon_is1 - e:\program files\Break For Games\WMC Twice in a Blue Moon\unins000.exe
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - e:\program files\Media Access Startup\1.5.5.900\unins000.exe
AddRemove-{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1 - e:\program files\Internet Saving Optimizer\3.6.3.4500\unins000.exe
AddRemove-{26918E50-6EDC-4A59-A31E-E9C1EF06F1BC}_is1 - e:\documents and settings\Klara\Desktop\rizeni projektu\Xls-2-Xls\unins000.exe
AddRemove-{B27DE086-4361-4EF3-B3C2-1C688138642B} - e:\program files\InstallShield Installation Information\{B27DE086-4361-4EF3-B3C2-1C688138642B}\setup.exe
AddRemove-{C5096216-7703-409E-B85A-8A6EE7395128}}_is1 - e:\program files\System Search Dispatcher\1.3.5.960\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-06 00:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-839522115-1580436667-2147104195-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e9,81,29,59,cc,84,1a,7d,d1,fa,80,e3,f0,28,78,30,6c,24,e8,6a,e3,fb,b1,
7f,12,c7,75,c6,61,15,e1,57,8d,23,91,4b,ad,1c,39,82,c4,be,b6,12,bd,06,20,8e,\
"??"=hex:40,a9,85,1b,88,a2,63,60,5a,90,b1,70,7c,6e,8d,be

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{45b06009-b2d1-4031-a1af-ff707168adbd}]
@Denied: (Full) (Everyone)
"Model"=dword:000000f3
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):0f,6f,a8,06,91,6c,82,bd,bc,71,81,75,94,c9,3a,35,b6,78,0b,a6,13,
a4,13,ac,bc,d5,71,43,2a,c2,19,cc,04,d5,83,ac,c4,ed,e6,86,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
e:\program files\SUPERAntiSpyware\SASWINLO.DLL
e:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-08-06 00:32:27
ComboFix-quarantined-files.txt 2010-08-05 22:32

Pre-Run: 11 943 837 696 bytes free
Post-Run: 17 adresárov, 14 801 858 560 voľných bajtov

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 77D73E845006D53385CE6F355EC61AD9

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
e:\windows\Tasks\Scheduled Update for Ask Toolbar.job

Folder::
e:\program files\Ask.com

Driver::
msvsmon80

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=-

DDS::
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local

Firefox::
FF - ProfilePath - e:\documents and settings\Klara\Application Data\Mozilla\Firefox\Profiles\f9qegxq2.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{45b06009-b2d1-4031-a1af-ff707168adbd}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
e:\windows\system32\drivers\tcpip.sys
Pokud už byl soubor testován-klikni na otestovat znovu.

Až skončí test všech antivirů, vlož sem pak odkaz na stránku s výsledky.

[mato]

urobil som vsetko ako si pisal, combofix dokoncil scan, restartoval pc ale potom nabehla len plocha bez ikon a pc nevyvijal ziadnu cinnost, tak som ho musel resetovat, po restarte mi zrazu zacal miznut panel uloh a ikony ked som chcel spustit total commander, takze nakoniec som dal obnovu systemu. Neviem co mam teraz robit s tym combofixom, ci to skusit znovu alebo nie.

Urobil som novy scan hjt a takisto testovanie na virustotal

novy log z hjt:

Logfile of HijackThis v1.99.1
Scan saved at 11:14:34, on 6.8.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\Program Files\ICQ6Toolbar\ICQ Service.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\CDBurnerXP\NMSAccessU.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Program Files\Opera 9\opera.exe
C:\totalcmd\TC PowerPack\TOTALCMD.EXE
c:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - E:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stiahni položku pomocou Net Transport - E:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stiahni všetky položky cez Net Transport - E:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\program files\bonjour\mdnsnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B310F541-CC59-4786-B83C-4A5D852635F7}: NameServer = 213.151.254.1,192.168.87.2
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICQ Service - Unknown owner - E:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - E:\Program Files\Java\jre6\bin\jqs.exe" -service -config "E:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NMSAccessU - Unknown owner - E:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - E:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

vysledky virustotal:

http://www.virustotal.com/cs/analisis/6 ... 1281086006

[bledulka]

Zkus to ještě jednou.

[jaro3]

Musíš velmi dlouho čekat až se po restartu vytvoří log.Až se vytvoří , ale budou problémy s plochou atd. , stačí většinou ještě jednou restartovat PC.

[mato]

skusal som ten combofix scan trikat, prve dva pokusy zobrazila sa mi plocha bez ikon a listy (mozno som mal dlhsie cakat), na treti pokus sa mi uz plocha nezobrazila, po restarte ostala cierna obrazovka, musel som to zase riesit obnovou systemu.

[bledulka]

Po restartu musíš čekat, combofix ještě pracuje. Nevadí, pujdeme na to jinak.



Stáhni OTL
http://oldtimer.geekstogo.com/OTL.exe
-do spodního okénka vlož tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c


-dej fajfku do čtverečku u řádku Pro všechny uživatele
-nech ostatní položky jak je nastaveno na screenu
- potvrď tlačítko Prohledat.
-provede se sken, log OTL.Txt sem vlož







Stahni Mbam http://download.cnet.com/3001-8022_4-10 ... l-10804572
-nainstaluj, aktualizuj
-udělej uplný sken a vlož sem log

[mato]

aby som doplnil ja som pc zacal znovu pouzivat len pred par dnami a vtedy som objavil tie problemy, predtym ho pouzivali ini ludia, cize mam v tom OTL stale nastavit 7 dni alebo mozem dat aj obdobie napr. pol roka?

tu je log z otl pri nastaveni 7 dni:

OTL logfile created on: 6.8.2010 15:10:28 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = c:\Programy
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

767,00 Mb Total Physical Memory | 306,00 Mb Available Physical Memory | 40,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): E:\pagefile.sys 1024 1500 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 30,27 Gb Total Space | 3,69 Gb Free Space | 12,20% Space Free | Partition Type: NTFS
Drive D: | 40,53 Gb Total Space | 1,97 Gb Free Space | 4,87% Space Free | Partition Type: NTFS
Drive E: | 40,98 Gb Total Space | 13,24 Gb Free Space | 32,31% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ABC
Current User Name: Klara
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.08.06 15:09:05 | 000,574,976 | ---- | M] (OldTimer Tools) -- c:\Programy\OTL.exe
PRC - [2010.06.30 14:52:22 | 000,836,464 | ---- | M] (Opera Software) -- E:\Program Files\Opera 9\opera.exe
PRC - [2010.03.29 17:12:18 | 000,810,120 | ---- | M] (ESET) -- E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010.03.29 17:11:50 | 002,145,000 | ---- | M] (ESET) -- E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009.06.01 22:20:12 | 000,222,968 | ---- | M] () -- E:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () -- E:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2006.02.16 06:54:00 | 000,842,788 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TC PowerPack\TOTALCMD.EXE
PRC - [2005.06.20 15:42:20 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- E:\WINDOWS\soundman.exe
PRC - [2005.04.02 01:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2004.08.04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010.08.06 15:09:05 | 000,574,976 | ---- | M] (OldTimer Tools) -- c:\Programy\OTL.exe
MOD - [2004.08.04 00:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004.08.03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - File not found [Disabled | Stopped] -- K:\VS\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2010.03.29 17:16:36 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.03.29 17:12:18 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009.06.01 22:20:12 | 000,222,968 | ---- | M] () [Auto | Running] -- E:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.12.20 19:32:53 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- E:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007.09.11 17:10:18 | 000,184,504 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- E:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2007.09.11 17:10:08 | 001,265,856 | ---- | M] (SiSoftware) [Disabled | Stopped] -- E:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2007.03.26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- E:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005.04.02 01:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- E:\DOCUME~1\Klara\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010.08.02 21:32:01 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.03.29 17:13:44 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010.03.29 17:12:00 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.03.29 17:07:30 | 000,140,216 | ---- | M] (ESET) [File_System | Auto | Running] -- E:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008.07.19 17:40:03 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- E:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.02.26 07:51:43 | 002,863,616 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007.11.09 11:23:00 | 000,004,480 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\activmouse.sys -- (prmvmouse)
DRV - [2007.11.09 11:22:48 | 000,054,656 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\activhidsermini.sys -- (ActivHidSerMini)
DRV - [2007.10.02 19:23:13 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2006.09.24 15:28:47 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- E:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005.06.20 16:08:44 | 002,324,480 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005.04.25 10:43:58 | 000,159,616 | ---- | M] ( ) [Kernel | Boot | Running] -- E:\WINDOWS\system32\DRIVERS\Vax347b.sys -- (Vax347b)
DRV - [2005.04.05 21:22:30 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005.04.05 21:22:28 | 000,033,536 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.08.04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004.08.04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004.04.30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- E:\WINDOWS\System32\Drivers\Vax347s.sys -- (Vax347s)
DRV - [2001.08.17 16:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- E:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-839522115-1580436667-2147104195-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-839522115-1580436667-2147104195-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-839522115-1580436667-2147104195-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-839522115-1580436667-2147104195-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}:1.5.5.900
FF - prefs.js..extensions.enabledItems: {2224E955-00E9-4613-A844-CE69FCCAAE91}:3.6.3.4500
FF - prefs.js..extensions.enabledItems: {7AB6D133-2A14-4C11-B3AD-35B1548D38F9}:1.0
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: cs@dictionaries.addons.mozilla.org:1.0.1
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js..keyword.enabled: false

FF - HKLM\software\mozilla\Firefox\extensions\\{872A1C39-DF0B-4c8b-AD84-12BA24A3B781}: E:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.2.21960\FFToolbar
FF - HKLM\software\mozilla\Firefox\extensions\\{2224E955-00E9-4613-A844-CE69FCCAAE91}: E:\Program Files\Internet Saving Optimizer\3.6.3.4500\FF
FF - HKLM\software\mozilla\Firefox\extensions\\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}: E:\Program Files\Media Access Startup\1.5.5.900\FF
FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: E:\Program Files\MyWebSearch\bar\1.bin File not found
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010.08.05 02:19:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2010.08.06 14:16:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: E:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.08.05 02:20:05 | 000,000,000 | ---D | M]

[2008.12.19 18:45:26 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Klara\Application Data\Mozilla\Extensions
[2010.08.02 23:54:13 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Klara\Application Data\Mozilla\Firefox\Profiles\f9qegxq2.default\extensions
[2008.06.21 13:14:49 | 000,000,000 | ---D | M] (CacheViewer) -- E:\Documents and Settings\Klara\Application Data\Mozilla\Firefox\Profiles\f9qegxq2.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2010.04.03 17:43:29 | 000,000,000 | ---D | M] (Web Developer) -- E:\Documents and Settings\Klara\Application Data\Mozilla\Firefox\Profiles\f9qegxq2.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010.04.01 15:16:18 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Klara\Application Data\Mozilla\Firefox\Profiles\f9qegxq2.default\extensions\cs@dictionaries.addons.mozilla.org
[2010.08.05 02:19:26 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Klara\Application Data\Mozilla\Firefox\Profiles\f9qegxq2.default\extensions\toolbar@ask.com
[2008.07.19 17:43:04 | 000,002,921 | ---- | M] () -- E:\Documents and Settings\Klara\Application Data\Mozilla\Firefox\Profiles\f9qegxq2.default\searchplugins\daemon-search.xml
[2010.07.20 12:27:21 | 000,000,950 | ---- | M] () -- E:\Documents and Settings\Klara\Application Data\Mozilla\Firefox\Profiles\f9qegxq2.default\searchplugins\icqplugin-1.xml
[2010.07.20 12:10:05 | 000,000,950 | ---- | M] () -- E:\Documents and Settings\Klara\Application Data\Mozilla\Firefox\Profiles\f9qegxq2.default\searchplugins\icqplugin-2.xml
[2010.08.05 20:08:24 | 000,000,950 | ---- | M] () -- E:\Documents and Settings\Klara\Application Data\Mozilla\Firefox\Profiles\f9qegxq2.default\searchplugins\icqplugin-3.xml
[2009.12.22 22:39:16 | 000,000,944 | ---- | M] () -- E:\Documents and Settings\Klara\Application Data\Mozilla\Firefox\Profiles\f9qegxq2.default\searchplugins\icqplugin.xml
[2010.08.06 01:08:12 | 000,000,000 | ---D | M] -- E:\Program Files\Mozilla Firefox\extensions
[2009.09.04 12:31:41 | 000,000,000 | ---D | M] (Sukoku) -- E:\Program Files\Mozilla Firefox\extensions\{7AB6D133-2A14-4C11-B3AD-35B1548D38F9}
[2009.07.20 15:13:21 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.06 14:16:49 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.20 12:09:47 | 000,001,583 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010.07.20 12:09:47 | 000,001,380 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\azet-sk.xml
[2010.07.20 12:09:47 | 000,001,479 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2010.07.20 12:09:47 | 000,001,473 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010.07.20 12:09:47 | 000,001,104 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010.07.20 12:09:47 | 000,000,830 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2010.08.06 14:05:43 | 000,000,027 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O2 - BHO: (NTIECatcher Class) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - E:\Program Files\Xi\NetTransport 2\NTIEHelper.dll (Xi)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O3 - HKU\S-1-5-21-839522115-1580436667-2147104195-1003\..\Toolbar\ShellBrowser: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O3 - HKU\S-1-5-21-839522115-1580436667-2147104195-1003\..\Toolbar\WebBrowser: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O3 - HKU\S-1-5-21-839522115-1580436667-2147104195-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [egui] E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [SoundMan] E:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-1580436667-2147104195-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-839522115-1580436667-2147104195-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-839522115-1580436667-2147104195-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-839522115-1580436667-2147104195-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - E:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () - file:///E:/DOCUME~1/Klara/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
O24 - Desktop WallPaper: E:\WINDOWS\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: E:\WINDOWS\ACD Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.02.23 13:56:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll File not found

Drivers32: msacm.iac2 - E:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - E:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - E:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - E:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: VIDC.ACDV - E:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - E:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - E:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - E:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - E:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - E:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - E:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - E:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 7 Days ==========

[2010.08.06 14:16:38 | 000,000,000 | ---D | C] -- E:\Program Files\Ask.com
[2010.08.06 14:05:40 | 000,000,000 | ---D | C] -- E:\WINDOWS\temp
[2010.08.06 13:54:31 | 000,000,000 | --SD | C] -- E:\ComboFix(3)
[2010.08.06 12:50:33 | 000,000,000 | ---D | C] -- E:\ComboFix(2)
[2010.08.06 11:07:39 | 000,000,000 | ---D | C] -- E:\Config.Msi
[2010.08.06 01:08:26 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Sun
[2010.08.06 01:08:10 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- E:\WINDOWS\System32\javaws.exe
[2010.08.06 01:08:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- E:\WINDOWS\System32\javaw.exe
[2010.08.06 01:08:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- E:\WINDOWS\System32\java.exe
[2010.08.06 00:53:11 | 000,159,616 | ---- | C] ( ) -- E:\WINDOWS\System32\drivers\Vax347b.sys
[2010.08.06 00:53:11 | 000,005,248 | ---- | C] ( ) -- E:\WINDOWS\System32\drivers\Vax347s.sys
[2010.08.06 00:51:30 | 000,000,000 | -HSD | C] -- E:\RECYCLER
[2010.08.06 00:08:51 | 000,031,232 | ---- | C] (NirSoft) -- E:\WINDOWS\NIRCMD.exe
[2010.08.06 00:08:47 | 000,161,792 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWREG.exe
[2010.08.06 00:08:45 | 000,136,704 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWSC.exe
[2010.08.06 00:08:44 | 000,212,480 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWXCACLS.exe
[2010.08.06 00:08:29 | 000,000,000 | ---D | C] -- E:\WINDOWS\ERDNT
[2010.08.06 00:06:28 | 000,000,000 | ---D | C] -- E:\Qoobox
[2010.08.05 20:25:22 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Klara\Application Data\SUPERAntiSpyware.com
[2010.08.05 20:25:22 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010.08.05 20:24:59 | 000,000,000 | ---D | C] -- E:\Program Files\SUPERAntiSpyware
[2010.08.05 15:25:50 | 000,000,000 | ---D | C] -- E:\Program Files\CDBurnerXP
[2010.08.05 15:14:09 | 000,000,000 | ---D | C] -- E:\Program Files\Elaborate Bytes
[2010.08.05 14:30:26 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Wise Installation Wizard
[2010.08.05 13:51:24 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Klara\Local Settings\Application Data\AskToolbar
[2010.08.05 13:15:46 | 000,000,000 | ---D | C] -- E:\metallica
[2010.08.05 02:21:01 | 000,000,000 | ---D | C] -- E:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2010.08.05 02:21:00 | 000,000,000 | ---D | C] -- E:\Program Files\SDHelper (Spybot - Search & Destroy)
[2010.08.05 02:21:00 | 000,000,000 | ---D | C] -- E:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2010.08.05 02:20:58 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Klara\Application Data\Malwarebytes
[2010.08.05 02:20:23 | 000,000,000 | ---D | C] -- E:\WINDOWS\VistaMizer
[2010.08.05 02:20:15 | 000,000,000 | ---D | C] -- E:\Program Files\BitTorrent
[2010.08.05 02:20:11 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\DivX Shared
[2010.08.05 01:20:44 | 000,000,000 | ---D | C] -- E:\Program Files\Spybot - Search & Destroy
[2010.08.05 01:19:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.08.05 01:19:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2010.08.05 01:19:30 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.08.05 01:19:28 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2010.08.03 00:51:41 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Klara\Application Data\BitTorrent
[2010.08.03 00:02:21 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Klara\Application Data\Vast Studios
[2010.08.02 22:16:48 | 000,000,000 | ---D | C] -- E:\Program Files\MPC HomeCinema
[2010.08.02 21:01:08 | 000,000,000 | ---D | C] -- E:\Program Files\DivX
[2010.08.02 21:00:18 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\DivX
[2007.07.03 19:32:23 | 000,133,120 | ---- | C] ( ) -- E:\WINDOWS\System32\ZIPDLL.DLL
[6 E:\Documents and Settings\Klara\My Documents\*.tmp files -> E:\Documents and Settings\Klara\My Documents\*.tmp -> ]
[4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[3 E:\Documents and Settings\All Users\Application Data\*.tmp files -> E:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.08.06 14:48:50 | 007,340,032 | ---- | M] () -- E:\Documents and Settings\Klara\ntuser.dat
[2010.08.06 14:20:16 | 000,003,039 | ---- | M] () -- E:\WINDOWS\WINCMD.INI
[2010.08.06 14:19:27 | 000,000,429 | ---- | M] () -- E:\WINDOWS\System32\drivers\etc\hosts.ics
[2010.08.06 14:19:01 | 000,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2010.08.06 14:18:55 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2010.08.06 14:05:43 | 000,000,027 | ---- | M] () -- E:\WINDOWS\System32\drivers\etc\hosts
[2010.08.06 01:03:03 | 000,000,684 | ---- | M] () -- E:\WINDOWS\win.ini
[2010.08.06 01:03:03 | 000,000,227 | ---- | M] () -- E:\WINDOWS\system.ini
[2010.08.06 00:53:53 | 000,000,278 | -HS- | M] () -- E:\Documents and Settings\Klara\ntuser.ini
[2010.08.06 00:53:09 | 000,001,779 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Alcohol 120%.lnk
[2010.08.06 00:06:55 | 002,111,314 | -H-- | M] () -- E:\Documents and Settings\Klara\Local Settings\Application Data\IconCache.db
[2010.08.06 00:03:40 | 003,815,943 | R--- | M] () -- E:\Documents and Settings\Klara\Desktop\ComboFix.exe
[2010.08.05 22:53:12 | 000,001,089 | ---- | M] () -- E:\WINDOWS\WDICT32.INI
[2010.08.05 20:25:10 | 000,001,678 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.08.05 15:28:57 | 000,206,268 | -H-- | M] () -- E:\treeinfo.wc
[2010.08.05 15:25:57 | 000,001,630 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010.08.05 01:19:36 | 000,000,696 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.04 23:30:32 | 000,002,565 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\ACDSee 9 Photo Manager.lnk
[2010.08.04 23:30:17 | 000,196,096 | ---- | M] () -- E:\Documents and Settings\Klara\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.03 10:34:41 | 000,001,717 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\The Conquerors.lnk
[2010.08.02 21:39:03 | 003,240,054 | ---- | M] () -- E:\WINDOWS\ACD Wallpaper.bmp
[2010.08.02 21:34:07 | 000,034,308 | ---- | M] () -- E:\WINDOWS\System32\BASSMOD.dll
[2010.08.02 21:32:33 | 000,316,640 | ---- | M] () -- E:\WINDOWS\WMSysPr9.prx
[2010.08.02 21:32:01 | 000,010,368 | ---- | M] (Padus, Inc.) -- E:\WINDOWS\System32\drivers\pfc.sys
[2010.07.31 18:47:59 | 000,002,553 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Activstudio Professional Edition V3.lnk
[2010.07.31 18:09:37 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[6 E:\Documents and Settings\Klara\My Documents\*.tmp files -> E:\Documents and Settings\Klara\My Documents\*.tmp -> ]
[4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[3 E:\Documents and Settings\All Users\Application Data\*.tmp files -> E:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.08.06 01:06:56 | 007,340,032 | ---- | C] () -- E:\Documents and Settings\Klara\ntuser.dat
[2010.08.06 00:53:09 | 000,001,779 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Alcohol 120%.lnk
[2010.08.06 00:08:52 | 000,077,312 | ---- | C] () -- E:\WINDOWS\MBR.exe
[2010.08.06 00:08:48 | 000,256,512 | ---- | C] () -- E:\WINDOWS\PEV.exe
[2010.08.06 00:08:46 | 000,098,816 | ---- | C] () -- E:\WINDOWS\sed.exe
[2010.08.06 00:08:46 | 000,080,412 | ---- | C] () -- E:\WINDOWS\grep.exe
[2010.08.06 00:08:46 | 000,068,096 | ---- | C] () -- E:\WINDOWS\zip.exe
[2010.08.06 00:06:09 | 003,815,943 | R--- | C] () -- E:\Documents and Settings\Klara\Desktop\ComboFix.exe
[2010.08.05 20:25:10 | 000,001,678 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.08.05 15:25:57 | 000,001,630 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010.08.05 01:19:36 | 000,000,696 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.03 10:34:41 | 000,001,717 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\The Conquerors.lnk
[2010.08.02 21:32:49 | 000,002,565 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\ACDSee 9 Photo Manager.lnk
[2009.08.07 16:43:00 | 000,080,624 | R--- | C] () -- E:\WINDOWS\System32\SH31W32.DLL
[2008.07.31 16:15:33 | 000,000,547 | ---- | C] () -- E:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.07.31 16:15:32 | 000,007,680 | ---- | C] () -- E:\WINDOWS\System32\ff_vfw.dll
[2008.07.19 17:40:02 | 000,717,296 | ---- | C] () -- E:\WINDOWS\System32\drivers\sptd.sys
[2008.04.06 17:40:37 | 000,000,010 | ---- | C] () -- E:\WINDOWS\WININIT.INI
[2008.03.27 18:43:01 | 000,000,405 | ---- | C] () -- E:\WINDOWS\SIERRA.INI
[2008.01.20 20:06:49 | 000,000,994 | ---- | C] () -- E:\WINDOWS\CDPLAYER.INI
[2007.12.23 13:50:17 | 000,000,048 | ---- | C] () -- E:\WINDOWS\IntegrationWizard.INI
[2007.12.08 22:22:19 | 000,000,251 | ---- | C] () -- E:\WINDOWS\level.ini
[2007.11.09 11:27:58 | 000,167,936 | ---- | C] () -- E:\WINDOWS\libactivboardex.dll
[2007.11.09 11:24:14 | 000,196,608 | ---- | C] () -- E:\WINDOWS\ActivDRV.dll
[2007.11.02 01:45:40 | 000,000,458 | ---- | C] () -- E:\WINDOWS\wcx_ftp.ini
[2007.09.03 22:06:45 | 000,000,164 | R--- | C] () -- E:\WINDOWS\avrack.ini
[2007.09.03 21:58:08 | 000,000,169 | ---- | C] () -- E:\WINDOWS\RtlRack.ini
[2007.08.27 11:35:06 | 000,000,073 | ---- | C] () -- E:\WINDOWS\hdkctnts.ini
[2007.08.23 13:52:41 | 000,176,235 | ---- | C] () -- E:\WINDOWS\System32\Primomonnt.dll
[2007.08.20 01:29:53 | 000,008,024 | ---- | C] () -- E:\WINDOWS\System32\mcimsfle.dll
[2007.08.15 16:54:03 | 000,270,336 | ---- | C] () -- E:\WINDOWS\System32\Shaper.dll
[2007.07.21 20:22:18 | 000,000,287 | ---- | C] () -- E:\WINDOWS\game.ini
[2007.07.03 19:32:23 | 000,122,368 | ---- | C] () -- E:\WINDOWS\System32\UNZDLL.DLL
[2007.07.03 19:31:30 | 000,000,116 | ---- | C] () -- E:\WINDOWS\NeroDigital.ini
[2007.07.03 18:38:11 | 000,000,033 | ---- | C] () -- E:\WINDOWS\WTRDCTM.INI
[2007.07.03 18:37:10 | 000,002,604 | ---- | C] () -- E:\WINDOWS\WTRAN32.INI
[2007.07.03 16:29:08 | 000,034,308 | ---- | C] () -- E:\WINDOWS\System32\BASSMOD.dll
[2007.07.03 16:17:49 | 000,001,089 | ---- | C] () -- E:\WINDOWS\WDICT32.INI
[2007.07.03 16:03:51 | 000,003,039 | ---- | C] () -- E:\WINDOWS\WINCMD.INI
[2007.07.03 15:55:03 | 000,000,376 | ---- | C] () -- E:\WINDOWS\ODBC.INI
[2007.07.03 14:58:08 | 000,156,672 | R--- | C] () -- E:\WINDOWS\System32\RTLCPAPI.dll
[2007.07.03 14:56:10 | 000,018,272 | ---- | C] () -- E:\WINDOWS\Ascd_tmp.ini
[2007.07.03 14:56:10 | 000,005,810 | R--- | C] () -- E:\WINDOWS\System32\drivers\ASACPI.sys
[2007.07.03 14:56:03 | 000,005,824 | ---- | C] () -- E:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006.11.07 00:49:36 | 000,000,310 | ---- | C] () -- E:\WINDOWS\primopdf.ini
[2006.09.12 11:08:38 | 006,172,672 | ---- | C] () -- E:\WINDOWS\System32\HwRecogK.dll
[2006.08.14 09:56:52 | 007,946,240 | ---- | C] () -- E:\WINDOWS\System32\HWRecogT.dll
[2006.08.13 17:48:58 | 015,147,008 | ---- | C] () -- E:\WINDOWS\System32\HWRecog.dll
[2004.08.04 00:56:48 | 000,007,519 | ---- | C] () -- E:\WINDOWS\System32\wadnt.dll
[2004.08.04 00:56:44 | 000,081,920 | ---- | C] () -- E:\WINDOWS\System32\ieencode.dll
[2004.03.01 09:43:09 | 000,077,824 | ---- | C] () -- E:\WINDOWS\System32\MMSwitch.dll
[2004.03.01 07:53:21 | 000,679,936 | ---- | C] () -- E:\WINDOWS\System32\xvidcore.dll
[2003.09.30 11:47:47 | 000,921,600 | ---- | C] () -- E:\WINDOWS\System32\VorbisEnc.dll
[2003.09.30 11:47:47 | 000,344,064 | ---- | C] () -- E:\WINDOWS\System32\xvid.dll
[2003.09.30 11:47:47 | 000,188,416 | ---- | C] () -- E:\WINDOWS\System32\vorbis.dll
[2003.09.30 11:47:47 | 000,155,136 | ---- | C] () -- E:\WINDOWS\System32\unrar.dll
[2003.09.30 11:47:46 | 000,237,568 | ---- | C] () -- E:\WINDOWS\System32\OggDS.dll
[2003.09.30 11:47:46 | 000,045,056 | ---- | C] () -- E:\WINDOWS\System32\ogg.dll
[2003.08.07 16:01:50 | 000,237,568 | ---- | C] () -- E:\WINDOWS\System32\lame_enc.dll
[2003.04.07 11:38:32 | 000,005,746 | ---- | C] () -- E:\WINDOWS\System32\OUTLPERF.INI
[2003.03.24 06:03:00 | 000,279,552 | ---- | C] () -- E:\WINDOWS\System32\FGWVB32.DLL
[2002.03.21 15:39:02 | 000,073,728 | ---- | C] () -- E:\WINDOWS\System32\UNACEV2.DLL
[1998.03.26 01:12:00 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\zlib.dll
[1997.06.14 02:56:08 | 000,056,832 | ---- | C] () -- E:\WINDOWS\System32\iyvu9_32.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- E:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =

< c:\windows\*.* /U >


< MD5 for: AGP440.SYS >
[2004.08.04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004.08.04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- E:\WINDOWS\ERDNT\cache\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- E:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004.08.04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- E:\WINDOWS\ERDNT\cache\eventlog.dll
[2004.08.04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- E:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- E:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2004.08.04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- E:\WINDOWS\ERDNT\cache\explorer.exe
[2004.08.04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- E:\WINDOWS\explorer.exe
[2004.08.04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- E:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.03 22:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- E:\WINDOWS\system32\hal.dll

< MD5 for: LSASS.EXE >
[2004.08.04 00:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- E:\WINDOWS\ERDNT\cache\lsass.exe
[2004.08.04 00:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- E:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.04 00:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- E:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- E:\WINDOWS\ERDNT\cache\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- E:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- E:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- E:\WINDOWS\ERDNT\cache\netlogon.dll
[2004.08.04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- E:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- E:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- E:\WINDOWS\ERDNT\cache\scecli.dll
[2004.08.04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- E:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- E:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.04 00:56:58 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- E:\WINDOWS\system32\dllcache\smss.exe
[2004.08.04 00:56:58 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- E:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2007.11.17 17:33:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- E:\WINDOWS\ERDNT\cache\svchost.exe
[2004.08.04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- E:\WINDOWS\system32\dllcache\svchost.exe
[2007.11.17 17:33:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- E:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004.08.04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- E:\WINDOWS\ERDNT\cache\userinit.exe
[2004.08.04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- E:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- E:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- E:\WINDOWS\ERDNT\cache\winlogon.exe
[2004.08.04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- E:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- E:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.04 00:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- E:\WINDOWS\ERDNT\cache\ws2_32.dll
[2004.08.04 00:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- E:\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.04 00:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- E:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008.02.26 05:12:07 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- E:\WINDOWS\system32\ATIDEMGX.dll
[1 E:\WINDOWS\system32\*.tmp files -> E:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< End of report >


ako som pisal hned v 1. prispevku malwarebytes sa mi spusti a po cca 2 sekundach samo vypne, inak by som sem skopiroval log uz davno. Co sa tyka toho combofixu, ked dokoncil scan tak sa nechal pc restartovat a po restarte sa objavila len cierna obrazovka (to aj vtedy este pracuje alebo nastala nejaka chyba, lebo ja mozem pockat dlhsie ale chcem vediet ci nebudem cakat zbytocne).