Spomalené PC - prosím prešetrenie logu

TheDaniLikker · Příspěvekod **TheDaniLikker** » 22 črc 2012 00:03

Zdravím, poprosil by som o prešetrenie logu. Ďakujem. (Problém bol bližšie vysvetlený -TU-)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:02:13, on 22. 7. 2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17110)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
F:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
F:\WINDOWS\system32\IoctlSvc.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
F:\WINDOWS\system32\wbem\wmiapsrv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
F:\Program Files\Opera\opera.exe
F:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
F:\Program Files\ICQ7.2\ICQ.exe
F:\Documents and Settings\GTA SA\Local Settings\Application Data\Opera\Opera\temporary_downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\userinit.exe
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - F:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - F:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - F:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - F:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - F:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - F:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - F:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - F:\Program Files\HyperCam Toolbar\tbcore3.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - F:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - F:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: @F:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - F:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - F:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - F:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - F:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - F:\Program Files\HyperCam Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [egui] "F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "F:\Documents and Settings\GTA SA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Overwolf] F:\Program Files\Overwolf\Overwolf.exe -silent
O4 - HKCU\..\Run: [ICQ] "F:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=GRman000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - F:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O8 - Extra context menu item: Sothink SWF Catcher - F:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - F:\Program Files\AllMusicConverter\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - F:\Program Files\AllMusicConverter\YouTubeRipper.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - F:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - F:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - F:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - F:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\Program Files\Overwolf\SKYPE4~2.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - F:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - F:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - F:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - F:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GSService - Unknown owner - F:\WINDOWS\system32\GSService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - F:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - F:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf Ltd - F:\Program Files\Overwolf\OverwolfUpdater.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - F:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SMServer - SMServer - F:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: xsherlock - Wellbia.com Co., Ltd. - F:\WINDOWS\system32\xsherlock.xem
O24 - Desktop Component 0: (no name) - file:///F:/DOCUME~1/GTASA~1/LOCALS~1/Temp/msohtml1/01/clip_image001.gif

--
End of file - 10555 bytes

Reklama

Příspěvekod **jaro3** » 22 črc 2012 10:56

Odinstaluj:
ICQ TOOLBAR
SpeedBit Video Downloader\Toolbar
HyperCam Toolbar
StylerToolBar
MSN Toolbar
DAEMON Tools Toolbar
mywebsearch

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\userinit.exe
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - F:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - F:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - F:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - F:\Program Files\HyperCam Toolbar\tbcore3.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - F:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - F:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: @F:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - F:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - F:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - F:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - F:\Program Files\HyperCam Toolbar\tbcore3.dll
O4 - HKCU\..\Run: [Google Update] "F:\Documents and Settings\GTA SA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=GRman000
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

TheDaniLikker · Příspěvekod **TheDaniLikker** » 22 črc 2012 12:21

Toolbary som odinštaloval, a aj som vyšistil PC programy, ktoré ste mi odporúčali.
Spustil som taktiež kontrolu Anti-Malware a tu je ten log:

Malwarebytes Anti-Malware (Skúšobná verzia) 1.62.0.1300
http://www.malwarebytes.org

Verzia databázy: v2012.07.22.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
GTA SA :: VLASTNIK-0C199D [administrátor]

Ochrana: Vypnuté

22. 7. 2012 11:58:51
mbam-log-2012-07-22 (12-19-18).txt

Typ kontroly: Rýchla kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 208848
Uplynutý čas: 6 min, 43 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 2
F:\WINDOWS\system32\Sys32\ALUS.007 (PUP.ArdamaxKeyLogger) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\Sys32\ALUS.006 (PUP.ArdamaxKeyLogger) -> Žiadna úloha nevykonaná.

Detegované registračné kľúče: 22
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Žiadna úloha nevykonaná.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKCU\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Žiadna úloha nevykonaná.
HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> Žiadna úloha nevykonaná.
HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Žiadna úloha nevykonaná.
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Žiadna úloha nevykonaná.
HKCU\Software\WEK9EMDHI9 (Trojan.Agent) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKLM\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Žiadna úloha nevykonaná.

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 2
F:\WINDOWS\system32\Sys32 (PUP.ArdamaxKeyLogger) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463 (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.

Detegované súbory: 94
F:\WINDOWS\system32\Sys32\ALUS.007 (PUP.ArdamaxKeyLogger) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\Sys32\ALUS.006 (PUP.ArdamaxKeyLogger) -> Žiadna úloha nevykonaná.
F:\Program Files\Uninstall Fun Web Products.dll (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\Sys32\AKV.exe (PUP.ArdamaxKeyLogger) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\Sys32\ALUS.001 (PUP.ArdamaxKeyLogger) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\Sys32\ALUS.002 (PUP.ArdamaxKeyLogger) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\Sys32\ALUS.005 (PUP.ArdamaxKeyLogger) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\Sys32\ALUS.009 (PUP.ArdamaxKeyLogger) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\Sys32\ALUS.009.tmp (PUP.ArdamaxKeyLogger) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\Sys32\ALUS.exe (PUP.ArdamaxKeyLogger) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\AKV.exe (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\CJCP.001 (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\CJCP.002 (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\CJCP.005 (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\CJCP.006 (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\CJCP.007 (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\CJCP.exe (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\key.bin (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\NFAG.001 (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\NFAG.002 (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\NFAG.005 (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\NFAG.006 (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\NFAG.007 (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\NFAG.009 (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\NFAG.exe (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\NYEF.001 (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\NYEF.003 (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\NYEF.004 (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\NYEF.006 (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\NYEF.007 (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\NYEF.exe (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_21_2010__20_22_42.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_21_2010__20_28_43.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_21_2010__20_34_43.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_21_2010__20_40_43.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_21_2010__20_46_44.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_21_2010__20_52_44.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_21_2010__20_58_46.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_21_2010__21_16_46.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_21_2010__21_22_47.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_21_2010__21_28_47.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_21_2010__21_34_48.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_21_2010__21_40_48.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_21_2010__21_46_48.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_21_2010__21_52_49.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_21_2010__21_58_49.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_21_2010__22_04_49.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_21_2010__22_10_50.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_21_2010__22_16_50.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_21_2010__22_22_50.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__11_26_38.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__12_21_05.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__12_39_28.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__16_30_43.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__16_36_44.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__16_42_44.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__16_48_45.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__17_00_45.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__17_06_46.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__17_12_46.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__17_18_46.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__17_24_47.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__17_36_58.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__17_43_02.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__17_49_03.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__17_55_03.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__18_01_04.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__18_07_05.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__18_25_06.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__18_31_07.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__18_37_07.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__18_43_08.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__18_49_08.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__18_55_09.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__19_07_09.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__19_13_10.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__19_19_10.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__19_25_11.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__19_43_12.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__19_49_12.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__19_55_13.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__20_01_13.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__20_07_14.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__20_13_14.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__20_19_14.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__20_25_15.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__20_43_16.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_22_2010__20_49_16.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_23_2010__11_59_20.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_23_2010__12_05_21.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_23_2010__13_24_34.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_23_2010__15_07_32.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_23_2010__15_38_01.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\Oct_23_2010__15_51_14.jpg (Keylogger.Ardamax) -> Žiadna úloha nevykonaná.

(koniec)

Příspěvekod **Žbeky** » 22 črc 2012 13:09

Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

Příspěvekod **jaro3** » 22 črc 2012 19:55

Ještě napřed otázku:
Ten Keylogger.Ardamax tam máš schválně?

TheDaniLikker · Příspěvekod **TheDaniLikker** » 23 črc 2012 09:22

Tak to určite nie, neviem skade sa to vzalo... Inak, dal som ešte raz tú kontrolu, označil som všetky a keď som dal odstrániť, tak mi vyhodilo njakú chybu a spadol program. Ale keď som znova spustil kontrolu a zmazal len tie, čo už boli označené, išlo to. Tu je Log:

Malwarebytes Anti-Malware (Skúšobná verzia) 1.62.0.1300
www.malwarebytes.org

Verzia databázy: v2012.07.23.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
GTA SA :: VLASTNIK-0C199D [administrátor]

Ochrana: Zapnuté

23. 7. 2012 9:06:56
mbam-log-2012-07-23 (09-06-56).txt

Typ kontroly: Rýchla kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 208897
Uplynutý čas: 6 min, 19 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 2
F:\WINDOWS\system32\Sys32\ALUS.007 (PUP.ArdamaxKeyLogger) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\Sys32\ALUS.006 (PUP.ArdamaxKeyLogger) -> Žiadna úloha nevykonaná.

Detegované registračné kľúče: 22
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Žiadna úloha nevykonaná.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Pridanie do karantény a zmazanie úspešné.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Pridanie do karantény a zmazanie úspešné.
HKCU\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Pridanie do karantény a zmazanie úspešné.
HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> Pridanie do karantény a zmazanie úspešné.
HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Pridanie do karantény a zmazanie úspešné.
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Pridanie do karantény a zmazanie úspešné.
HKCU\Software\WEK9EMDHI9 (Trojan.Agent) -> Pridanie do karantény a zmazanie úspešné.
HKLM\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Pridanie do karantény a zmazanie úspešné.

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 2
F:\WINDOWS\system32\Sys32 (PUP.ArdamaxKeyLogger) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463 (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.

Detegované súbory: 93
F:\WINDOWS\system32\Sys32\ALUS.007 (PUP.ArdamaxKeyLogger) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\Sys32\ALUS.006 (PUP.ArdamaxKeyLogger) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\Sys32\AKV.exe (PUP.ArdamaxKeyLogger) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\Sys32\ALUS.001 (PUP.ArdamaxKeyLogger) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\Sys32\ALUS.002 (PUP.ArdamaxKeyLogger) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\Sys32\ALUS.005 (PUP.ArdamaxKeyLogger) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\Sys32\ALUS.009 (PUP.ArdamaxKeyLogger) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\Sys32\ALUS.009.tmp (PUP.ArdamaxKeyLogger) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\Sys32\ALUS.exe (PUP.ArdamaxKeyLogger) -> Žiadna úloha nevykonaná.
F:\WINDOWS\system32\28463\AKV.exe (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\CJCP.001 (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\CJCP.002 (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\CJCP.005 (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\CJCP.006 (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\CJCP.007 (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\CJCP.exe (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\key.bin (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\NFAG.001 (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\NFAG.002 (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\NFAG.005 (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\NFAG.006 (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\NFAG.007 (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\NFAG.009 (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\NFAG.exe (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\NYEF.001 (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\NYEF.003 (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\NYEF.004 (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\NYEF.006 (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\NYEF.007 (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\NYEF.exe (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_21_2010__20_22_42.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_21_2010__20_28_43.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_21_2010__20_34_43.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_21_2010__20_40_43.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_21_2010__20_46_44.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_21_2010__20_52_44.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_21_2010__20_58_46.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_21_2010__21_16_46.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_21_2010__21_22_47.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_21_2010__21_28_47.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_21_2010__21_34_48.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_21_2010__21_40_48.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_21_2010__21_46_48.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_21_2010__21_52_49.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_21_2010__21_58_49.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_21_2010__22_04_49.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_21_2010__22_10_50.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_21_2010__22_16_50.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_21_2010__22_22_50.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__11_26_38.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__12_21_05.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__12_39_28.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__16_30_43.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__16_36_44.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__16_42_44.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__16_48_45.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__17_00_45.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__17_06_46.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__17_12_46.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__17_18_46.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__17_24_47.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__17_36_58.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__17_43_02.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__17_49_03.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__17_55_03.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__18_01_04.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__18_07_05.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__18_25_06.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__18_31_07.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__18_37_07.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__18_43_08.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__18_49_08.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__18_55_09.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__19_07_09.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__19_13_10.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__19_19_10.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__19_25_11.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__19_43_12.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__19_49_12.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__19_55_13.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__20_01_13.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__20_07_14.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__20_13_14.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__20_19_14.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__20_25_15.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__20_43_16.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_22_2010__20_49_16.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_23_2010__11_59_20.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_23_2010__12_05_21.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_23_2010__13_24_34.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_23_2010__15_07_32.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_23_2010__15_38_01.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.
F:\WINDOWS\system32\28463\Oct_23_2010__15_51_14.jpg (Keylogger.Ardamax) -> Pridanie do karantény a zmazanie úspešné.

(koniec)

A inak, čo s tými ostatnými, keď ich nešlo odstrániť ? (práve pozerám, že medzi nimi ostal ešte aj MyWebSearch

)

Příspěvekod **memphisto** » 23 črc 2012 09:36

Udělej ještě ten Combofix. Logy nedávej do Code. Špatně se to čte.

TheDaniLikker · Příspěvekod **TheDaniLikker** » 23 črc 2012 12:56

Tak tu je ten log z Combofixu:

ComboFix 12-07-21.01 - GTA SA . 07. 2012 12:02:50.1.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1791.1124 [GMT 2:00]
Running from: f:\documents and settings\GTA SA\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\documents and settings\All Users\Application Data\hpe222.dll
f:\documents and settings\All Users\Application Data\TEMP
f:\documents and settings\GTA SA\Application Data\Desktopicon
f:\documents and settings\GTA SA\Application Data\Desktopicon\config.ini
f:\documents and settings\GTA SA\Application Data\chrtmp
f:\documents and settings\GTA SA\Application Data\Secure-Soft Stealer
f:\documents and settings\GTA SA\Application Data\TeamViewer.exe
f:\documents and settings\GTA SA\Application Data\Toolbar4
f:\documents and settings\GTA SA\Local Settings\Application Data\assembly\tmp
f:\documents and settings\GTA SA\WINDOWS
f:\program files\Bat
f:\program files\Bat\011daniel011@azet.sk\Account.CFN
f:\program files\Bat\011daniel011@azet.sk\ACCOUNT.FLB
f:\program files\Bat\011daniel011@azet.sk\ACCOUNT.HIS
f:\program files\Bat\011daniel011@azet.sk\ACCOUNT.LOG
f:\program files\Bat\011daniel011@azet.sk\ACCOUNT.M_D
f:\program files\Bat\011daniel011@azet.sk\ACCOUNT.M_R
f:\program files\Bat\011daniel011@azet.sk\ACCOUNT.SRB
f:\program files\Bat\011daniel011@azet.sk\Inbox\MESSAGES.TBB
f:\program files\Bat\011daniel011@azet.sk\Inbox\MESSAGES.TBI
f:\program files\Bat\AccOrder.CFG
f:\program files\Bat\Account.CFN
f:\program files\Bat\ACCOUNT.FLB
f:\program files\Bat\ACCOUNT.SRB
f:\program files\Bat\ADDRBOOK.INI
f:\program files\Bat\CONFIG.CDB
f:\program files\Bat\Events.CFG
f:\program files\Bat\GROUPS.CFG
f:\program files\Bat\IntermCA.ABD
f:\program files\Bat\LDAP#1.ABD
f:\program files\Bat\LDAP#2.ABD
f:\program files\Bat\LDAP#3.ABD
f:\program files\Bat\RootCA.ABD
f:\program files\Bat\tbuser.DEF
f:\program files\Bat\TheBat.ABD
f:\windows\msxml4-KB973688-enu.LOG
f:\windows\pkunzip.pif
f:\windows\pkzip.pif
f:\windows\ST6UNST.000
f:\windows\system\msvbvm60.dll
f:\windows\system32\0863682667.dll
f:\windows\system32\5947AAA431.dll
f:\windows\system32\CB8D99A788.dll
f:\windows\system32\dllcache\dlimport.exe
f:\windows\system32\MUI\041b\tourstart.exe
f:\windows\system32\Sys32
f:\windows\system32\Sys32\AKV.exe
f:\windows\system32\Sys32\ALUS.001
f:\windows\system32\Sys32\ALUS.002
f:\windows\system32\Sys32\ALUS.005
f:\windows\system32\Sys32\ALUS.006
f:\windows\system32\Sys32\ALUS.007
f:\windows\system32\Sys32\ALUS.009
f:\windows\system32\Sys32\ALUS.009.tmp
f:\windows\system32\Sys32\ALUS.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
.
.
((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))
.
.
2012-07-22 09:55 . 2012-07-22 09:55 -------- d-----w- f:\documents and settings\GTA SA\Application Data\Malwarebytes
2012-07-22 09:53 . 2012-07-22 09:53 -------- d-----w- f:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-22 09:53 . 2012-07-03 11:46 22344 ----a-w- f:\windows\system32\drivers\mbam.sys
2012-07-22 09:53 . 2012-07-22 09:55 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware
2012-07-21 22:20 . 2012-07-23 10:45 -------- d-----w- f:\documents and settings\GTA SA\Application Data\4Sync
2012-07-21 22:19 . 2012-07-21 22:19 -------- d-----w- f:\documents and settings\All Users\Application Data\4Sync
2012-07-21 22:19 . 2012-07-21 22:19 -------- d-----w- f:\program files\4Sync
2012-07-21 21:16 . 2012-07-21 21:16 -------- d-----w- f:\program files\Lavalys
2012-07-21 21:13 . 2012-07-21 21:13 -------- d-----w- f:\documents and settings\GTA SA\Local Settings\Application Data\AOL
2012-07-21 21:12 . 2012-07-22 08:52 -------- d-----w- f:\program files\ICQ7.2
2012-07-21 20:47 . 2012-07-21 20:47 -------- d-----w- f:\program files\iWEB Studio
2012-07-21 20:47 . 2012-07-21 20:47 796672 ----a-w- f:\windows\GPInstall.exe
2012-07-21 19:10 . 2012-07-22 11:47 -------- d-----w- f:\program files\Metin2
2012-07-21 13:34 . 2012-07-21 13:57 -------- d-----w- f:\program files\Counter-Strike 1.6
2012-07-21 13:23 . 2012-07-21 13:23 654944 ----a-w- f:\windows\system32\xsherlock.xem
2012-07-21 13:16 . 2012-03-27 17:13 230920 ----a-w- f:\windows\system32\EPWZCmnCtrl.dll
2012-07-21 13:15 . 2012-07-21 13:16 -------- d-----w- f:\documents and settings\All Users\Application Data\WEBZEN
2012-07-21 13:04 . 2012-07-21 22:17 -------- d-----w- f:\program files\Overwolf
2012-07-21 13:02 . 2012-07-21 13:10 -------- d-----w- f:\documents and settings\GTA SA\Local Settings\Application Data\Overwolf
2012-07-21 13:02 . 2012-07-21 13:02 -------- d-----w- f:\program files\NVIDIA Corporation
2012-07-21 12:24 . 2012-07-21 13:26 -------- d-----w- f:\program files\WEBZEN
2012-07-16 07:23 . 2012-07-16 07:25 -------- d-----w- f:\documents and settings\GTA SA\Application Data\.minecraft
2012-07-16 06:53 . 2012-07-16 06:53 -------- d-----w- f:\documents and settings\LocalService\Application Data\TuneUp Software
2012-07-12 12:32 . 2012-07-12 12:32 9822920 ----a-w- f:\windows\system32\FlashPlayerInstaller.exe
2012-07-12 11:09 . 2010-02-12 10:03 293376 ------w- f:\windows\system32\browserchoice.exe
2012-07-12 11:01 . 2012-01-11 19:06 3072 ------w- f:\windows\system32\iacenc.dll
2012-07-12 11:00 . 2011-02-17 12:32 5120 ----a-w- f:\windows\system32\xpsp4res.dll
2012-07-11 12:54 . 2012-07-11 12:55 -------- d-----w- F:\Converted
2012-07-11 12:51 . 2012-07-11 12:51 -------- d-----w- f:\program files\GuerillaSoft
2012-07-11 12:48 . 2012-07-11 12:48 -------- d-----w- f:\program files\AllMusicConverter Media Suite
2012-07-11 12:45 . 2012-05-31 13:38 252928 ----a-w- f:\windows\system32\GSService.exe
2012-07-11 12:45 . 2012-06-01 13:20 260608 ----a-w- f:\windows\system32\snmvtsvc.exe
2012-07-11 12:45 . 2012-06-05 08:36 14392 ----a-w- f:\windows\system32\MusCVideo.dll
2012-07-11 12:45 . 2012-06-05 08:36 5688 ----a-w- f:\windows\system32\MusCVideo.sys
2012-07-11 12:45 . 2012-06-05 08:36 23608 ----a-w- f:\windows\system32\MusCAudio.sys
2012-07-11 12:45 . 2012-06-05 08:36 23608 ----a-w- f:\windows\system32\drivers\MusCAudio.sys
2012-07-11 12:45 . 2012-07-11 12:49 -------- d-----w- f:\program files\AllMusicConverter
2012-07-10 10:17 . 2012-07-10 10:17 -------- d-sh--w- f:\documents and settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-07-10 10:17 . 2012-07-10 10:17 -------- d--h--w- f:\documents and settings\All Users\Application Data\Common Files
2012-07-04 09:29 . 2012-07-04 09:29 -------- d-----w- f:\documents and settings\GTA SA\Application Data\SynthMaker
2012-07-04 06:23 . 2008-10-27 08:04 235856 ----a-w- f:\windows\system32\xactengine3_3.dll
2012-07-04 06:23 . 2008-10-27 08:04 23376 ----a-w- f:\windows\system32\X3DAudio1_5.dll
2012-07-04 06:23 . 2008-07-31 08:41 68616 ----a-w- f:\windows\system32\XAPOFX1_1.dll
2012-07-04 06:23 . 2008-07-31 08:40 509448 ----a-w- f:\windows\system32\XAudio2_2.dll
2012-07-04 06:23 . 2008-07-31 08:41 238088 ----a-w- f:\windows\system32\xactengine3_2.dll
2012-07-04 06:23 . 2008-07-10 09:01 467984 ----a-w- f:\windows\system32\d3dx10_39.dll
2012-07-04 06:23 . 2008-07-10 09:00 1493528 ----a-w- f:\windows\system32\D3DCompiler_39.dll
2012-07-04 06:23 . 2008-07-10 09:00 3851784 ----a-w- f:\windows\system32\D3DX9_39.dll
2012-07-04 06:12 . 2012-07-04 07:08 -------- d-----w- F:\MogreSDK
2012-07-03 11:21 . 2012-07-03 11:21 -------- d-----w- f:\documents and settings\GTA SA\Application Data\Image-Line
2012-07-03 10:26 . 2012-07-03 10:26 -------- d-----w- f:\program files\ASIO4ALL v2
2012-07-02 10:56 . 2012-07-04 10:45 -------- d-----w- f:\program files\Electronic Arts
2012-07-02 08:09 . 2012-07-02 08:09 -------- d-----w- f:\program files\uTorrent
2012-06-28 10:09 . 2012-07-21 22:20 -------- d-----w- f:\documents and settings\GTA SA\Application Data\Dropbox
2012-06-28 06:56 . 2006-04-12 10:11 147456 ----a-w- f:\windows\system32\rsnpstd3.dll
2012-06-28 06:56 . 2006-06-19 09:43 262144 ----a-w- f:\windows\tsnpstd3.exe
2012-06-28 06:56 . 2004-11-08 11:41 94208 ----a-w- f:\windows\amcap.exe
2012-06-28 06:56 . 2012-06-28 06:56 -------- d-----w- f:\program files\Common Files\StarCam
2012-06-28 06:45 . 2012-07-12 12:32 426184 ----a-w- f:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 12:32 . 2011-05-25 05:30 70344 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-04 06:34 . 2010-02-05 13:46 112640 -c--a-w- f:\documents and settings\All Users\Application Data\Microsoft\VCExpress\9.0\1033\ResourceCache.dll
2012-07-04 06:34 . 2009-09-27 19:52 416 -c--a-w- f:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-06-13 13:19 . 2004-08-04 12:00 1866112 ----a-w- f:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-09-03 11:18 1372672 ----a-w- f:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- f:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- f:\windows\system32\schannel.dll
2012-06-02 13:19 . 2007-07-30 17:18 22040 ----a-w- f:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-08-09 01:32 329240 ----a-w- f:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-08-09 01:32 219160 ----a-w- f:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-08-09 01:32 210968 ----a-w- f:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2007-07-30 17:19 15384 ----a-w- f:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-08-09 01:32 53784 ----a-w- f:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-08-09 01:32 35864 ----a-w- f:\windows\system32\wups.dll
2012-06-02 13:19 . 2007-07-30 17:19 45080 ----a-w- f:\windows\system32\wups2.dll
2012-06-02 13:19 . 2007-07-30 17:19 15384 ----a-w- f:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2004-08-04 12:00 97304 ----a-w- f:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-07-30 17:18 17944 ----a-w- f:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-08-09 01:32 577048 ----a-w- f:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-08-09 01:32 1933848 ----a-w- f:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- f:\windows\system32\crypt32.dll
2012-05-15 15:39 . 2004-08-04 12:00 832512 ----a-w- f:\windows\system32\wininet.dll
2012-05-04 13:12 . 2004-08-04 12:00 2192640 ----a-w- f:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2069120 ----a-w- f:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2008-08-09 01:30 139656 ----a-w- f:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay1]
@="{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}"
[HKEY_CLASSES_ROOT\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}]
2012-05-25 13:32 1338880 ----a-w- f:\program files\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay2]
@="{C72C6188-BEF2-46E5-A89A-52F0ED75219E}"
[HKEY_CLASSES_ROOT\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E}]
2012-05-25 13:32 1338880 ----a-w- f:\program files\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay3]
@="{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}"
[HKEY_CLASSES_ROOT\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}]
2012-05-25 13:32 1338880 ----a-w- f:\program files\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay4]
@="{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}"
[HKEY_CLASSES_ROOT\CLSID\{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}]
2012-05-25 13:32 1338880 ----a-w- f:\program files\4Sync\ShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"4Sync"="f:\program files\4Sync\4Sync.exe" [2012-06-25 10839072]
"ICQ"="f:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="f:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"Malwarebytes' Anti-Malware"="f:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="f:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\tu_logonui.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"203.85.0.92,255.255.255.255,192.168.1.42,1"=""
"203.85.93.210,255.255.255.255,192.168.1.42,1"=""
"188.138.106.112,255.255.255.255,192.168.1.42,1"=""
"199.27.135.167,255.255.255.255,192.168.1.42,1"=""
"94.102.0.108,255.255.255.255,192.168.1.42,1"=""
"184.173.197.241,255.255.255.255,192.168.1.42,1"=""
"79.110.87.198,255.255.255.255,192.168.1.42,1"=""
"80.84.58.203,255.255.255.255,192.168.1.42,1"=""
"178.63.49.78,255.255.255.255,192.168.1.42,1"=""
"176.9.9.227,255.255.255.255,192.168.1.42,1"=""
"184.22.200.176,255.255.255.255,192.168.1.42,1"=""
"176.227.199.194,255.255.255.255,192.168.1.42,1"=""
"46.252.196.1,255.255.255.255,192.168.1.42,1"=""
"85.153.48.2,255.255.255.255,192.168.1.42,1"=""
"188.72.213.65,255.255.255.255,192.168.1.42,1"=""
"80.190.202.44,255.255.255.255,192.168.1.42,1"=""
"188.72.201.254,255.255.255.255,192.168.1.42,1"=""
"91.227.4.115,255.255.255.255,192.168.1.42,1"=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi6"=mapledxp.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Antanda"=f:\docume~1\GTASA~1\LOCALS~1\Temp\InstallValidator.exe
"CTFMON.EXE"=f:\windows\system32\ctfmon.exe
"Taskbar Shuffle"=f:\program files\Taskbar Shuffle\taskbarshuffle.exe
"Google Update"="f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Microsoft Default Manager"="f:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
"ATICCC"="f:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"Google Desktop Search"="f:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"SunJavaUpdateSched"="f:\program files\Common Files\Java\Java Update\jusched.exe"
"tsnpstd3"=f:\windows\tsnpstd3.exe
"snpstd3"=f:\windows\vsnpstd3.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Opera\\opera.exe"=
"f:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
"f:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"f:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"f:\\Program Files\\Sun\\SDK\\jdk\\bin\\java.exe"=
"f:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"f:\\Program Files\\MSI\\MyGuard Live\\MyGuard Live.exe"=
"f:\\Program Files\\VertrigoServ\\Mysql\\bin\\v_mysqld.exe"=
"f:\\Program Files\\VertrigoServ\\Apache\\bin\\v_apache.exe"=
"f:\\Documents and Settings\\GTA SA\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"f:\\Documents and Settings\\GTA SA\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"f:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"f:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\LegendenMt2\\client.exe"=
"f:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"f:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"f:\\Documents and Settings\\GTA SA\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"f:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"f:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"f:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"f:\\Program Files\\ICQ7.2\\ICQ.exe"=
"f:\\Program Files\\ICQ7.2\\aolload.exe"=
"f:\\Program Files\\Metin2\\metin2.exe"=
"f:\\Program Files\\Metin2\\hshield\\hsupdate.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56965:TCP"= 56965:TCP:Pando Media Booster
"56965:UDP"= 56965:UDP:Pando Media Booster
"56140:TCP"= 56140:TCP:Pando Media Booster
"56140:UDP"= 56140:UDP:Pando Media Booster
.
R0 sptd;sptd;f:\windows\system32\drivers\sptd.sys [21. 8. 2008 20:41 691696]
R1 epfwtdir;epfwtdir;f:\windows\system32\drivers\epfwtdir.sys [1. 7. 2008 10:04 35168]
R1 eusk2par;EUTRON SmartKey Parallel Driver;f:\windows\system32\drivers\eusk2par.sys [24. 1. 2009 18:09 24786]
R1 mapledxp;mapledxp;f:\windows\system32\drivers\mapledxp.sys [8. 5. 2010 10:48 24720]
R2 ekrn;Eset Service;f:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7. 10. 2009 10:16 472280]
R2 MBAMService;MBAMService;f:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22. 7. 2012 11:53 655944]
R2 OMSI download service;Sony Ericsson OMSI download service;f:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [30. 11. 2009 15:30 90112]
R3 MBAMProtector;MBAMProtector;f:\windows\system32\drivers\mbam.sys [22. 7. 2012 11:53 22344]
R3 MusCAudio;MusCAudio;f:\windows\system32\drivers\MusCAudio.sys [11. 7. 2012 14:45 23608]
R3 SDVPlus;Pinnacle Studio DVplus WDM Renderer;f:\windows\system32\drivers\SDVPlus.sys [9. 8. 2008 3:43 42102]
R3 seehcri;Sony Ericsson seehcri Device Driver;f:\windows\system32\drivers\seehcri.sys [30. 11. 2009 15:38 27632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;f:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [28. 6. 2012 8:45 250056]
S3 eusk3usb;SmartKey 3 USB;f:\windows\system32\drivers\eusk3usb.sys [24. 1. 2009 18:09 45534]
S3 ggflt;SEMC USB Flash Driver Filter;f:\windows\system32\drivers\ggflt.sys [11. 10. 2008 9:32 13224]
S3 GSService;GSService;f:\windows\system32\GSService.exe [11. 7. 2012 14:45 252928]
S3 injectDLL;injectDLL;\??\h:\danko\FishBot\M2Fish\injectDLL.sys --> h:\danko\FishBot\M2Fish\injectDLL.sys [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);f:\windows\system32\drivers\s0016bus.sys [30. 11. 2009 15:32 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;f:\windows\system32\drivers\s0016mdfl.sys [30. 11. 2009 15:32 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;f:\windows\system32\drivers\s0016mdm.sys [30. 11. 2009 15:32 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);f:\windows\system32\drivers\s0016mgmt.sys [30. 11. 2009 15:32 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);f:\windows\system32\drivers\s0016nd5.sys [30. 11. 2009 15:32 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;f:\windows\system32\drivers\s0016obex.sys [30. 11. 2009 15:32 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);f:\windows\system32\drivers\s0016unic.sys [30. 11. 2009 15:32 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);f:\windows\system32\drivers\s1018bus.sys [30. 11. 2009 15:32 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;f:\windows\system32\drivers\s1018mdfl.sys [30. 11. 2009 15:32 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;f:\windows\system32\drivers\s1018mdm.sys [30. 11. 2009 15:32 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);f:\windows\system32\drivers\s1018mgmt.sys [30. 11. 2009 15:32 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);f:\windows\system32\drivers\s1018nd5.sys [30. 11. 2009 15:32 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;f:\windows\system32\drivers\s1018obex.sys [30. 11. 2009 15:32 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);f:\windows\system32\drivers\s1018unic.sys [30. 11. 2009 15:33 109864]
S3 SMServer;SMServer;f:\windows\system32\snmvtsvc.exe [11. 7. 2012 14:45 260608]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;f:\windows\system32\drivers\VBoxNetAdp.sys [4. 11. 2011 14:42 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;f:\windows\system32\DRIVERS\VBoxNetFlt.sys --> f:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 vtany;vtany;\??\f:\windows\vtany.sys --> f:\windows\vtany.sys [?]
S3 xhunter1;xhunter1;\??\f:\windows\xhunter1.sys --> f:\windows\xhunter1.sys [?]
S3 xsherlock;xsherlock;f:\windows\system32\xsherlock.xem [21. 7. 2012 15:23 654944]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-23 f:\windows\Tasks\Adobe Flash Player Updater.job
- f:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-28 12:32]
.
2009-01-06 f:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8220263802.job
- f:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
.
2012-07-22 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1957994488-682003330-1007Core.job
- f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-17 20:55]
.
2012-07-23 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1957994488-682003330-1007UA.job
- f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-17 20:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - f:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Link to &MidpX - f:\program files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
IE: Sothink SWF Catcher - f:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar//?q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - f:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - f:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - f:\program files\SpeedBit Video Downloader\SPFireFox
FF - Ext: Java Quick Starter: jqs@sun.com - f:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: HyperCamToolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-Overwolf - f:\program files\Overwolf\Overwolf.exe
HKLM-Run-ALUS Agent - f:\windows\system32\Sys32\ALUS.exe
AddRemove-LifeGlobe Goldfish Aquarium_is1 - f:\program files\Prolific Publishing
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-23 12:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xsherlock]
"ImagePath"="f:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-515967899-1957994488-682003330-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-515967899-1957994488-682003330-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:33,30,fe,fb,62,b9,f6,79,6d,c2,45,85,79,e5,7e,cb,ff,53,7b,6e,d4,2b,4f,
2a,4e,21,2b,5a,6b,a9,46,ac,8f,75,a7,eb,5a,6d,37,13,69,ef,1a,9a,52,c6,7b,29,\
"??"=hex:a7,fe,27,8e,5f,cd,16,f0,f2,2c,f2,b2,ea,cb,b9,ac
.
[HKEY_USERS\S-1-5-21-515967899-1957994488-682003330-1007\Software\SecuROM\License information*]
"datasecu"=hex:fe,c4,57,4c,8c,c6,ab,77,5e,5e,d6,68,a9,4d,a5,51,ce,c9,94,62,13,
53,d9,6b,e0,d9,69,73,05,57,27,fc,a1,fe,ca,e5,b9,9d,96,a4,d2,54,cf,36,4a,15,\
"rkeysecu"=hex:2b,bd,85,26,0b,f2,a6,bd,94,ae,b2,1e,23,26,14,d4
.
[HKEY_LOCAL_MACHINE\software\Classes\FlashProp.FlashProp\CurVer]
@DACL=(02 0000)
@="FlashProp.FlashProp.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\FlashProp.FlashProp.1\CLSID]
@DACL=(02 0000)
@="{1171A62F-05D2-11D1-83FC-00A0C9089C5A}"
.
[HKEY_LOCAL_MACHINE\software\Classes\ShockwaveFlash.ShockwaveFlash\Shell]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1116)
f:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1984)
f:\windows\system32\WININET.dll
f:\program files\4Sync\ShellExt.dll
f:\progra~1\WINDOW~2\wmpband.dll
f:\windows\system32\msi.dll
f:\windows\system32\ieframe.dll
f:\windows\system32\WPDShServiceObj.dll
f:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
f:\program files\4Sync\ShellCp.dll
f:\program files\Microsoft Virtual PC\VPCShExH.DLL
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
f:\progra~1\MICROS~2\OFFICE11\MCPS.DLL
.
------------------------ Other Running Processes ------------------------
.
f:\windows\system32\Ati2evxx.exe
f:\windows\system32\Ati2evxx.exe
f:\program files\Bonjour\mDNSResponder.exe
f:\program files\Java\jre6\bin\jqs.exe
f:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
f:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
f:\windows\system32\IoctlSvc.exe
f:\windows\system32\PnkBstrA.exe
f:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
f:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
f:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
f:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
f:\windows\system32\wbem\wmiapsrv.exe
f:\program files\Opera\opera.exe
.
**************************************************************************
.
Completion time: 2012-07-23 12:54:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-23 10:54
.
Pre-Run: 8 410 013 696 bytes free
Post-Run: 8 296 333 312 voľných bajtov
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /FASTDETECT
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /FASTDETECT /TUTag=EE6ZL3
.
- - End Of File - - 076ABB3F3E0503F9AB83D711AD41EB5D

Příspěvekod **jaro3** » 23 črc 2012 17:26

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
File::
f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1957994488-682003330-1007Core.job
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1957994488-682003330-1007UA.job

Driver::
injectDLL
vtany
xhunter1
xsherlock

Firefox::
FF - ProfilePath - f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar//?q=
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - f:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: HyperCamToolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
f:\windows\system32\EPWZCmnCtrl.dll
f:\windows\amcap.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"203.85.0.92,255.255.255.255,192.168.1.42,1"=""
"203.85.93.210,255.255.255.255,192.168.1.42,1"=""
a dále , sis nastavoval sám?

TheDaniLikker · Příspěvekod **TheDaniLikker** » 23 črc 2012 23:20

1. Tu je log z ComboFixu:

ComboFix 12-07-21.01 - GTA SA . 07. 2012 22:44:34.2.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1791.1152 [GMT 2:00]
Running from: f:\documents and settings\GTA SA\Desktop\ComboFix.exe
Command switches used :: f:\documents and settings\GTA SA\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe"
"f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1957994488-682003330-1007Core.job"
"f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1957994488-682003330-1007UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome.manifest
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\1.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\10.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\11.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\12.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\13.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\14.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\15.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\16.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\17.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\18.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\19.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\2.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\20.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\21.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\22.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\23.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\24.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\25.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\26.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\27.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\28.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\29.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\3.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\30.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\31.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\32.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\33.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\34.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\35.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\36.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\37.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\38.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\39.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\4.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\40.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\41.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\42.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\43.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\44.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\45.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\46.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\47.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\48.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\49.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\5.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\50.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\51.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\52.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\53.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\54.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\55.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\56.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\57.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\6.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\7.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\8.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\9.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\affid.dat
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\basis.xml
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\bubble.js
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\bubble.xul
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\colorpicker.htm
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\contents.rdf
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\icons.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\info.txt
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\jscontainer.htm
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\mbback.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\mbbigopen.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\mbclose.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\mbfwd.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\mbsep.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\md5.js
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\mozilla.xul
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\mymenuitem.xml
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\nav1c.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\options.js
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\options.xul
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\separator.png
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\tb.css
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\tb.js
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\tb.xsl
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\tb.xul
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\tbcore3.inf
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\version.txt
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\install.rdf
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\ConduitAutoCompleteSearch.js
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\ConduitAutoCompleteSearch.xpt
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\ConduitToolbar.idl
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\ConduitToolbar.js
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\ConduitToolbar.xpt
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.xpt
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.xpt
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\defaults\default_radio_skin.xml
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\defaults\fbAlert.js
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\chrome.manifest
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\chrome\zynga.jar
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\install.rdf
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\lib\xpcom.js
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\META-INF\manifest.mf
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\META-INF\zigbert.rsa
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\META-INF\zigbert.sf
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin\conduit.gif
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin\conduit.ico
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin\conduit.PNG
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin\conduit.src
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin\conduit.xml
f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\version.txt
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
f:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
f:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome.manifest
f:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
f:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
f:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
f:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
f:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
f:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
f:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
f:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
f:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
f:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
f:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
f:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
f:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\install.rdf
f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1957994488-682003330-1007Core.job
f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1957994488-682003330-1007UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_INJECTDLL
-------\Legacy_VTANY
-------\Legacy_XHUNTER1
-------\Legacy_XSHERLOCK
-------\Service_injectDLL
-------\Service_vtany
-------\Service_xhunter1
-------\Service_xsherlock
.
.
((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))
.
.
2012-07-23 13:37 . 2012-07-23 13:37 12920 ----a-w- f:\windows\system32\apl001.sys
2012-07-23 13:37 . 2012-07-23 13:37 10872 ----a-w- f:\windows\system32\apf001.sys
2012-07-23 13:26 . 2012-07-23 13:26 -------- d-----w- f:\documents and settings\GTA SA\Local Settings\Application Data\Aeria Games
2012-07-23 13:24 . 2012-07-23 13:24 -------- d-----w- F:\ProgramData
2012-07-23 12:06 . 2012-07-23 12:06 -------- d-sh--w- f:\windows\system32\AI_RecycleBin
2012-07-23 12:06 . 2012-07-23 12:06 -------- d-----w- f:\program files\Aeria Games
2012-07-23 11:53 . 2012-07-23 11:54 -------- d-----w- f:\documents and settings\GTA SA\Local Settings\Application Data\Akamai
2012-07-23 11:53 . 2012-07-23 12:06 -------- d-----w- F:\AeriaGames
2012-07-22 09:55 . 2012-07-22 09:55 -------- d-----w- f:\documents and settings\GTA SA\Application Data\Malwarebytes
2012-07-22 09:53 . 2012-07-22 09:53 -------- d-----w- f:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-22 09:53 . 2012-07-03 11:46 22344 ----a-w- f:\windows\system32\drivers\mbam.sys
2012-07-22 09:53 . 2012-07-22 09:55 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware
2012-07-21 22:20 . 2012-07-23 19:22 -------- d-----w- f:\documents and settings\GTA SA\Application Data\4Sync
2012-07-21 22:19 . 2012-07-21 22:19 -------- d-----w- f:\documents and settings\All Users\Application Data\4Sync
2012-07-21 22:19 . 2012-07-21 22:19 -------- d-----w- f:\program files\4Sync
2012-07-21 21:16 . 2012-07-21 21:16 -------- d-----w- f:\program files\Lavalys
2012-07-21 21:13 . 2012-07-21 21:13 -------- d-----w- f:\documents and settings\GTA SA\Local Settings\Application Data\AOL
2012-07-21 21:12 . 2012-07-22 08:52 -------- d-----w- f:\program files\ICQ7.2
2012-07-21 20:47 . 2012-07-21 20:47 -------- d-----w- f:\program files\iWEB Studio
2012-07-21 20:47 . 2012-07-21 20:47 796672 ----a-w- f:\windows\GPInstall.exe
2012-07-21 19:10 . 2012-07-22 11:47 -------- d-----w- f:\program files\Metin2
2012-07-21 13:34 . 2012-07-21 13:57 -------- d-----w- f:\program files\Counter-Strike 1.6
2012-07-21 13:23 . 2012-07-21 13:23 654944 ----a-w- f:\windows\system32\xsherlock.xem
2012-07-21 13:16 . 2012-03-27 17:13 230920 ----a-w- f:\windows\system32\EPWZCmnCtrl.dll
2012-07-21 13:15 . 2012-07-21 13:16 -------- d-----w- f:\documents and settings\All Users\Application Data\WEBZEN
2012-07-21 13:04 . 2012-07-21 22:17 -------- d-----w- f:\program files\Overwolf
2012-07-21 13:02 . 2012-07-21 13:10 -------- d-----w- f:\documents and settings\GTA SA\Local Settings\Application Data\Overwolf
2012-07-21 13:02 . 2012-07-21 13:02 -------- d-----w- f:\program files\NVIDIA Corporation
2012-07-21 12:24 . 2012-07-21 13:26 -------- d-----w- f:\program files\WEBZEN
2012-07-16 07:23 . 2012-07-16 07:25 -------- d-----w- f:\documents and settings\GTA SA\Application Data\.minecraft
2012-07-16 06:53 . 2012-07-16 06:53 -------- d-----w- f:\documents and settings\LocalService\Application Data\TuneUp Software
2012-07-12 12:32 . 2012-07-12 12:32 9822920 ----a-w- f:\windows\system32\FlashPlayerInstaller.exe
2012-07-12 11:09 . 2010-02-12 10:03 293376 ------w- f:\windows\system32\browserchoice.exe
2012-07-12 11:01 . 2012-01-11 19:06 3072 ------w- f:\windows\system32\iacenc.dll
2012-07-12 11:00 . 2011-02-17 12:32 5120 ----a-w- f:\windows\system32\xpsp4res.dll
2012-07-11 12:54 . 2012-07-11 12:55 -------- d-----w- F:\Converted
2012-07-11 12:51 . 2012-07-11 12:51 -------- d-----w- f:\program files\GuerillaSoft
2012-07-11 12:48 . 2012-07-11 12:48 -------- d-----w- f:\program files\AllMusicConverter Media Suite
2012-07-11 12:45 . 2012-05-31 13:38 252928 ----a-w- f:\windows\system32\GSService.exe
2012-07-11 12:45 . 2012-06-01 13:20 260608 ----a-w- f:\windows\system32\snmvtsvc.exe
2012-07-11 12:45 . 2012-06-05 08:36 14392 ----a-w- f:\windows\system32\MusCVideo.dll
2012-07-11 12:45 . 2012-06-05 08:36 5688 ----a-w- f:\windows\system32\MusCVideo.sys
2012-07-11 12:45 . 2012-06-05 08:36 23608 ----a-w- f:\windows\system32\MusCAudio.sys
2012-07-11 12:45 . 2012-06-05 08:36 23608 ----a-w- f:\windows\system32\drivers\MusCAudio.sys
2012-07-11 12:45 . 2012-07-11 12:49 -------- d-----w- f:\program files\AllMusicConverter
2012-07-10 10:17 . 2012-07-10 10:17 -------- d-sh--w- f:\documents and settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-07-10 10:17 . 2012-07-10 10:17 -------- d--h--w- f:\documents and settings\All Users\Application Data\Common Files
2012-07-04 09:29 . 2012-07-04 09:29 -------- d-----w- f:\documents and settings\GTA SA\Application Data\SynthMaker
2012-07-04 06:23 . 2008-10-27 08:04 235856 ----a-w- f:\windows\system32\xactengine3_3.dll
2012-07-04 06:23 . 2008-10-27 08:04 23376 ----a-w- f:\windows\system32\X3DAudio1_5.dll
2012-07-04 06:23 . 2008-07-31 08:41 68616 ----a-w- f:\windows\system32\XAPOFX1_1.dll
2012-07-04 06:23 . 2008-07-31 08:40 509448 ----a-w- f:\windows\system32\XAudio2_2.dll
2012-07-04 06:23 . 2008-07-31 08:41 238088 ----a-w- f:\windows\system32\xactengine3_2.dll
2012-07-04 06:23 . 2008-07-10 09:01 467984 ----a-w- f:\windows\system32\d3dx10_39.dll
2012-07-04 06:23 . 2008-07-10 09:00 1493528 ----a-w- f:\windows\system32\D3DCompiler_39.dll
2012-07-04 06:23 . 2008-07-10 09:00 3851784 ----a-w- f:\windows\system32\D3DX9_39.dll
2012-07-04 06:12 . 2012-07-04 07:08 -------- d-----w- F:\MogreSDK
2012-07-03 11:21 . 2012-07-03 11:21 -------- d-----w- f:\documents and settings\GTA SA\Application Data\Image-Line
2012-07-03 10:26 . 2012-07-03 10:26 -------- d-----w- f:\program files\ASIO4ALL v2
2012-07-02 10:56 . 2012-07-04 10:45 -------- d-----w- f:\program files\Electronic Arts
2012-07-02 08:09 . 2012-07-02 08:09 -------- d-----w- f:\program files\uTorrent
2012-06-28 10:09 . 2012-07-21 22:20 -------- d-----w- f:\documents and settings\GTA SA\Application Data\Dropbox
2012-06-28 06:56 . 2006-04-12 10:11 147456 ----a-w- f:\windows\system32\rsnpstd3.dll
2012-06-28 06:56 . 2006-06-19 09:43 262144 ----a-w- f:\windows\tsnpstd3.exe
2012-06-28 06:56 . 2004-11-08 11:41 94208 ----a-w- f:\windows\amcap.exe
2012-06-28 06:56 . 2012-06-28 06:56 -------- d-----w- f:\program files\Common Files\StarCam
2012-06-28 06:45 . 2012-07-12 12:32 426184 ----a-w- f:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 12:32 . 2011-05-25 05:30 70344 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-04 06:34 . 2010-02-05 13:46 112640 -c--a-w- f:\documents and settings\All Users\Application Data\Microsoft\VCExpress\9.0\1033\ResourceCache.dll
2012-07-04 06:34 . 2009-09-27 19:52 416 -c--a-w- f:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-06-13 13:19 . 2004-08-04 12:00 1866112 ----a-w- f:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-09-03 11:18 1372672 ----a-w- f:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- f:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- f:\windows\system32\schannel.dll
2012-06-02 13:19 . 2007-07-30 17:18 22040 ----a-w- f:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-08-09 01:32 329240 ----a-w- f:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-08-09 01:32 219160 ----a-w- f:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-08-09 01:32 210968 ----a-w- f:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2007-07-30 17:19 15384 ----a-w- f:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-08-09 01:32 53784 ----a-w- f:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-08-09 01:32 35864 ----a-w- f:\windows\system32\wups.dll
2012-06-02 13:19 . 2007-07-30 17:19 45080 ----a-w- f:\windows\system32\wups2.dll
2012-06-02 13:19 . 2007-07-30 17:19 15384 ----a-w- f:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2004-08-04 12:00 97304 ----a-w- f:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-07-30 17:18 17944 ----a-w- f:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-08-09 01:32 577048 ----a-w- f:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-08-09 01:32 1933848 ----a-w- f:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- f:\windows\system32\crypt32.dll
2012-05-15 15:39 . 2004-08-04 12:00 832512 ----a-w- f:\windows\system32\wininet.dll
2012-05-04 13:12 . 2004-08-04 12:00 2192640 ----a-w- f:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2069120 ----a-w- f:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2008-08-09 01:30 139656 ----a-w- f:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-23_10.44.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-23 21:00 . 2012-07-23 21:00 16384 f:\windows\Temp\Perflib_Perfdata_45c.dat
+ 2012-07-23 19:38 . 2012-07-23 19:38 16384 f:\windows\Temp\Perflib_Perfdata_3a4.dat
+ 2012-07-23 12:06 . 2012-07-23 12:06 34494 f:\windows\Installer\{A696A783-CE10-4920-A03F-82FC6EE9C759}\application.exe
+ 2011-01-07 13:39 . 2011-01-07 13:39 768848 f:\windows\system32\msvcr100.dll
+ 2011-01-07 13:39 . 2011-01-07 13:39 421200 f:\windows\system32\msvcp100.dll
+ 2012-07-23 12:06 . 2012-07-23 12:06 1394688 f:\windows\Installer\4fd7ba.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay1]
@="{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}"
[HKEY_CLASSES_ROOT\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}]
2012-05-25 13:32 1338880 ----a-w- f:\program files\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay2]
@="{C72C6188-BEF2-46E5-A89A-52F0ED75219E}"
[HKEY_CLASSES_ROOT\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E}]
2012-05-25 13:32 1338880 ----a-w- f:\program files\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay3]
@="{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}"
[HKEY_CLASSES_ROOT\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}]
2012-05-25 13:32 1338880 ----a-w- f:\program files\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay4]
@="{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}"
[HKEY_CLASSES_ROOT\CLSID\{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}]
2012-05-25 13:32 1338880 ----a-w- f:\program files\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="f:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="f:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\tu_logonui.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"203.85.0.92,255.255.255.255,192.168.1.42,1"=""
"203.85.93.210,255.255.255.255,192.168.1.42,1"=""
"188.138.106.112,255.255.255.255,192.168.1.42,1"=""
"199.27.135.167,255.255.255.255,192.168.1.42,1"=""
"94.102.0.108,255.255.255.255,192.168.1.42,1"=""
"184.173.197.241,255.255.255.255,192.168.1.42,1"=""
"79.110.87.198,255.255.255.255,192.168.1.42,1"=""
"80.84.58.203,255.255.255.255,192.168.1.42,1"=""
"178.63.49.78,255.255.255.255,192.168.1.42,1"=""
"176.9.9.227,255.255.255.255,192.168.1.42,1"=""
"184.22.200.176,255.255.255.255,192.168.1.42,1"=""
"176.227.199.194,255.255.255.255,192.168.1.42,1"=""
"46.252.196.1,255.255.255.255,192.168.1.42,1"=""
"85.153.48.2,255.255.255.255,192.168.1.42,1"=""
"188.72.213.65,255.255.255.255,192.168.1.42,1"=""
"80.190.202.44,255.255.255.255,192.168.1.42,1"=""
"188.72.201.254,255.255.255.255,192.168.1.42,1"=""
"91.227.4.115,255.255.255.255,192.168.1.42,1"=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi6"=mapledxp.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Antanda"=f:\docume~1\GTASA~1\LOCALS~1\Temp\InstallValidator.exe
"CTFMON.EXE"=f:\windows\system32\ctfmon.exe
"Taskbar Shuffle"=f:\program files\Taskbar Shuffle\taskbarshuffle.exe
"Google Update"="f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"4Sync"="f:\program files\4Sync\4Sync.exe" -startup
"Akamai NetSession Interface"="f:\documents and settings\GTA SA\Local Settings\Application Data\Akamai\netsession_win.exe"
"ICQ"="f:\program files\ICQ7.2\ICQ.exe" silent loginmode=4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Microsoft Default Manager"="f:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
"ATICCC"="f:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"Google Desktop Search"="f:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"SunJavaUpdateSched"="f:\program files\Common Files\Java\Java Update\jusched.exe"
"tsnpstd3"=f:\windows\tsnpstd3.exe
"snpstd3"=f:\windows\vsnpstd3.exe
"Aeria Ignite"="f:\program files\Aeria Games\Ignite\aeriaignite.exe" silent
"Malwarebytes' Anti-Malware"="f:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Opera\\opera.exe"=
"f:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
"f:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"f:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"f:\\Program Files\\Sun\\SDK\\jdk\\bin\\java.exe"=
"f:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"f:\\Program Files\\MSI\\MyGuard Live\\MyGuard Live.exe"=
"f:\\Program Files\\VertrigoServ\\Mysql\\bin\\v_mysqld.exe"=
"f:\\Program Files\\VertrigoServ\\Apache\\bin\\v_apache.exe"=
"f:\\Documents and Settings\\GTA SA\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"f:\\Documents and Settings\\GTA SA\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"f:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"f:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\LegendenMt2\\client.exe"=
"f:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"f:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"f:\\Documents and Settings\\GTA SA\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"f:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"f:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"f:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"f:\\Program Files\\ICQ7.2\\ICQ.exe"=
"f:\\Program Files\\ICQ7.2\\aolload.exe"=
"f:\\Program Files\\Metin2\\metin2.exe"=
"f:\\Program Files\\Metin2\\hshield\\hsupdate.exe"=
"f:\\Documents and Settings\\GTA SA\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"f:\\AeriaGames\\Wolfteam\\Wolfteam.bin"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56965:TCP"= 56965:TCP:Pando Media Booster
"56965:UDP"= 56965:UDP:Pando Media Booster
"56140:TCP"= 56140:TCP:Pando Media Booster
"56140:UDP"= 56140:UDP:Pando Media Booster
"1134:TCP"= 1134:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;f:\windows\system32\drivers\sptd.sys [21. 8. 2008 20:41 691696]
R1 epfwtdir;epfwtdir;f:\windows\system32\drivers\epfwtdir.sys [1. 7. 2008 10:04 35168]
R1 eusk2par;EUTRON SmartKey Parallel Driver;f:\windows\system32\drivers\eusk2par.sys [24. 1. 2009 18:09 24786]
R1 mapledxp;mapledxp;f:\windows\system32\drivers\mapledxp.sys [8. 5. 2010 10:48 24720]
R2 ekrn;Eset Service;f:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7. 10. 2009 10:16 472280]
R2 MBAMService;MBAMService;f:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22. 7. 2012 11:53 655944]
R2 OMSI download service;Sony Ericsson OMSI download service;f:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [30. 11. 2009 15:30 90112]
R3 MBAMProtector;MBAMProtector;f:\windows\system32\drivers\mbam.sys [22. 7. 2012 11:53 22344]
R3 MusCAudio;MusCAudio;f:\windows\system32\drivers\MusCAudio.sys [11. 7. 2012 14:45 23608]
R3 SDVPlus;Pinnacle Studio DVplus WDM Renderer;f:\windows\system32\drivers\SDVPlus.sys [9. 8. 2008 3:43 42102]
R3 seehcri;Sony Ericsson seehcri Device Driver;f:\windows\system32\drivers\seehcri.sys [30. 11. 2009 15:38 27632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;f:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [28. 6. 2012 8:45 250056]
S3 apf001;apf001;f:\aeriagames\Wolfteam\apf001.sys [15. 3. 2012 18:56 10872]
S3 eusk3usb;SmartKey 3 USB;f:\windows\system32\drivers\eusk3usb.sys [24. 1. 2009 18:09 45534]
S3 ggflt;SEMC USB Flash Driver Filter;f:\windows\system32\drivers\ggflt.sys [11. 10. 2008 9:32 13224]
S3 GSService;GSService;f:\windows\system32\GSService.exe [11. 7. 2012 14:45 252928]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);f:\windows\system32\drivers\s0016bus.sys [30. 11. 2009 15:32 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;f:\windows\system32\drivers\s0016mdfl.sys [30. 11. 2009 15:32 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;f:\windows\system32\drivers\s0016mdm.sys [30. 11. 2009 15:32 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);f:\windows\system32\drivers\s0016mgmt.sys [30. 11. 2009 15:32 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);f:\windows\system32\drivers\s0016nd5.sys [30. 11. 2009 15:32 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;f:\windows\system32\drivers\s0016obex.sys [30. 11. 2009 15:32 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);f:\windows\system32\drivers\s0016unic.sys [30. 11. 2009 15:32 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);f:\windows\system32\drivers\s1018bus.sys [30. 11. 2009 15:32 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;f:\windows\system32\drivers\s1018mdfl.sys [30. 11. 2009 15:32 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;f:\windows\system32\drivers\s1018mdm.sys [30. 11. 2009 15:32 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);f:\windows\system32\drivers\s1018mgmt.sys [30. 11. 2009 15:32 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);f:\windows\system32\drivers\s1018nd5.sys [30. 11. 2009 15:32 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;f:\windows\system32\drivers\s1018obex.sys [30. 11. 2009 15:32 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);f:\windows\system32\drivers\s1018unic.sys [30. 11. 2009 15:33 109864]
S3 SMServer;SMServer;f:\windows\system32\snmvtsvc.exe [11. 7. 2012 14:45 260608]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;f:\windows\system32\drivers\VBoxNetAdp.sys [4. 11. 2011 14:42 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;f:\windows\system32\DRIVERS\VBoxNetFlt.sys --> f:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-23 f:\windows\Tasks\Adobe Flash Player Updater.job
- f:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-28 12:32]
.
2009-01-06 f:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8220263802.job
- f:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - f:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Link to &MidpX - f:\program files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
IE: Sothink SWF Catcher - f:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - f:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - f:\program files\SpeedBit Video Downloader\SPFireFox
FF - Ext: Java Quick Starter: jqs@sun.com - f:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-23 23:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-515967899-1957994488-682003330-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-515967899-1957994488-682003330-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:33,30,fe,fb,62,b9,f6,79,6d,c2,45,85,79,e5,7e,cb,ff,53,7b,6e,d4,2b,4f,
2a,4e,21,2b,5a,6b,a9,46,ac,8f,75,a7,eb,5a,6d,37,13,69,ef,1a,9a,52,c6,7b,29,\
"??"=hex:a7,fe,27,8e,5f,cd,16,f0,f2,2c,f2,b2,ea,cb,b9,ac
.
[HKEY_USERS\S-1-5-21-515967899-1957994488-682003330-1007\Software\SecuROM\License information*]
"datasecu"=hex:fe,c4,57,4c,8c,c6,ab,77,5e,5e,d6,68,a9,4d,a5,51,ce,c9,94,62,13,
53,d9,6b,e0,d9,69,73,05,57,27,fc,a1,fe,ca,e5,b9,9d,96,a4,d2,54,cf,36,4a,15,\
"rkeysecu"=hex:2b,bd,85,26,0b,f2,a6,bd,94,ae,b2,1e,23,26,14,d4
.
[HKEY_LOCAL_MACHINE\software\Classes\FlashProp.FlashProp\CurVer]
@DACL=(02 0000)
@="FlashProp.FlashProp.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\FlashProp.FlashProp.1\CLSID]
@DACL=(02 0000)
@="{1171A62F-05D2-11D1-83FC-00A0C9089C5A}"
.
[HKEY_LOCAL_MACHINE\software\Classes\ShockwaveFlash.ShockwaveFlash\Shell]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1084)
f:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1980)
f:\windows\system32\WININET.dll
f:\program files\4Sync\ShellExt.dll
f:\progra~1\WINDOW~2\wmpband.dll
f:\windows\system32\msi.dll
f:\windows\system32\ieframe.dll
f:\windows\system32\WPDShServiceObj.dll
f:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
f:\program files\4Sync\ShellCp.dll
f:\program files\Microsoft Virtual PC\VPCShExH.DLL
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
f:\windows\system32\Ati2evxx.exe
f:\windows\system32\Ati2evxx.exe
f:\program files\Bonjour\mDNSResponder.exe
f:\program files\Java\jre6\bin\jqs.exe
f:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
f:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
f:\windows\system32\IoctlSvc.exe
f:\windows\system32\PnkBstrA.exe
f:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
f:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
f:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
f:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
f:\windows\system32\wbem\wmiapsrv.exe
f:\program files\Opera\opera.exe
f:\program files\Opera\pluginwrapper\opera_plugin_wrapper.exe
.
**************************************************************************
.
Completion time: 2012-07-23 23:08:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-23 21:08
ComboFix2.txt 2012-07-23 10:54
.
Pre-Run: 6 239 883 264 bytes free
Post-Run: 6 233 096 192 voľných bajtov
.
- - End Of File - - 1B92A353A2E05F34D2B6BF8C9820B167

2. Tu sú linky na tie 2 súbory na virustotal (obidvoje majú 0/XY):
https://www.virustotal.com/file/20a1a53 ... 343077935/
https://www.virustotal.com/file/7e61b98 ... 343078102/

3. K TCPIP - toto som ja nenastavoval, takže neviem ako sa to tam vzalo. Je s tým potreba niečo urobiť ? A vlastne čo to znamená ?
Myslím toto:

Kód: Vybrat vše

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"203.85.0.92,255.255.255.255,192.168.1.42,1"=""
"203.85.93.210,255.255.255.255,192.168.1.42,1"=""
a dále , sis nastavoval sám?

Příspěvekod **jaro3** » 24 črc 2012 10:12

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
File::
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

Folder::
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update

Driver::
VBoxNetFlt

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"203.85.0.92,255.255.255.255,192.168.1.42,1"=-
"203.85.93.210,255.255.255.255,192.168.1.42,1"=-
"188.138.106.112,255.255.255.255,192.168.1.42,1"=-
"199.27.135.167,255.255.255.255,192.168.1.42,1"=-
"94.102.0.108,255.255.255.255,192.168.1.42,1"=-
"184.173.197.241,255.255.255.255,192.168.1.42,1"=-
"79.110.87.198,255.255.255.255,192.168.1.42,1"=-
"80.84.58.203,255.255.255.255,192.168.1.42,1"=-
"178.63.49.78,255.255.255.255,192.168.1.42,1"=-
"176.9.9.227,255.255.255.255,192.168.1.42,1"=-
"184.22.200.176,255.255.255.255,192.168.1.42,1"=-
"176.227.199.194,255.255.255.255,192.168.1.42,1"=-
"46.252.196.1,255.255.255.255,192.168.1.42,1"=-
"85.153.48.2,255.255.255.255,192.168.1.42,1"=-
"188.72.213.65,255.255.255.255,192.168.1.42,1"=-
"80.190.202.44,255.255.255.255,192.168.1.42,1"=-
"188.72.201.254,255.255.255.255,192.168.1.42,1"=-
"91.227.4.115,255.255.255.255,192.168.1.42,1"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Stáhni si RogueKiller
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- Až se objeví úvodní okno programu , klikni na „Prohledat“.
- Program skenuje PC. Po proskenování klikni na „Zpráva“, celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

TheDaniLikker · Příspěvekod **TheDaniLikker** » 24 črc 2012 12:01

Tu je log z ComboFixu:

ComboFix 12-07-21.01 - GTA SA . 07. 2012 11:17:41.3.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1791.1259 [GMT 2:00]
Running from: f:\documents and settings\GTA SA\Desktop\ComboFix.exe
Command switches used :: f:\documents and settings\GTA SA\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleUpdate.exe
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleUpdateBroker.exe
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleUpdateHelper.msi
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleUpdateOnDemand.exe
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleUpdateSetup.exe
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdate.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_am.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_ar.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_bg.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_bn.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_ca.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_cs.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_da.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_de.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_el.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_en-GB.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_en.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_es-419.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_es.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_et.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_fa.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_fi.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_fil.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_fr.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_gu.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_hi.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_hr.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_hu.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_id.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_is.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_it.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_iw.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_ja.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_kn.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_ko.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_lt.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_lv.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_ml.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_mr.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_ms.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_nl.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_no.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_pl.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_pt-BR.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_pt-PT.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_ro.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_ru.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_sk.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_sl.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_sr.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_sv.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_sw.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_ta.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_te.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_th.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_tr.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_uk.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_ur.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_vi.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_zh-CN.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\goopdateres_zh-TW.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\psmachine.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dll
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.115\GoogleUpdateSetup.exe
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\20.0.1132.57\20.0.1132.57_20.0.1132.47_chrome_updater.exe
f:\documents and settings\GTA SA\Local Settings\Application Data\Google\Update\Download\{D0AB2EBC-931B-4013-9FEB-C9C4C2225C8C}\3.2.4.8431\googletalkpluginaccel.msi
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_VBoxNetFlt
.
.
((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 )))))))))))))))))))))))))))))))
.
.
2012-07-23 13:37 . 2012-07-23 13:37 12920 ----a-w- f:\windows\system32\apl001.sys
2012-07-23 13:37 . 2012-07-23 13:37 10872 ----a-w- f:\windows\system32\apf001.sys
2012-07-23 13:26 . 2012-07-23 13:26 -------- d-----w- f:\documents and settings\GTA SA\Local Settings\Application Data\Aeria Games
2012-07-23 13:24 . 2012-07-23 13:24 -------- d-----w- F:\ProgramData
2012-07-23 12:06 . 2012-07-23 12:06 -------- d-sh--w- f:\windows\system32\AI_RecycleBin
2012-07-23 12:06 . 2012-07-23 12:06 -------- d-----w- f:\program files\Aeria Games
2012-07-23 11:53 . 2012-07-23 11:54 -------- d-----w- f:\documents and settings\GTA SA\Local Settings\Application Data\Akamai
2012-07-23 11:53 . 2012-07-23 12:06 -------- d-----w- F:\AeriaGames
2012-07-22 09:55 . 2012-07-22 09:55 -------- d-----w- f:\documents and settings\GTA SA\Application Data\Malwarebytes
2012-07-22 09:53 . 2012-07-22 09:53 -------- d-----w- f:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-22 09:53 . 2012-07-03 11:46 22344 ----a-w- f:\windows\system32\drivers\mbam.sys
2012-07-22 09:53 . 2012-07-22 09:55 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware
2012-07-21 22:20 . 2012-07-23 19:22 -------- d-----w- f:\documents and settings\GTA SA\Application Data\4Sync
2012-07-21 22:19 . 2012-07-21 22:19 -------- d-----w- f:\documents and settings\All Users\Application Data\4Sync
2012-07-21 22:19 . 2012-07-21 22:19 -------- d-----w- f:\program files\4Sync
2012-07-21 21:16 . 2012-07-21 21:16 -------- d-----w- f:\program files\Lavalys
2012-07-21 21:13 . 2012-07-21 21:13 -------- d-----w- f:\documents and settings\GTA SA\Local Settings\Application Data\AOL
2012-07-21 21:12 . 2012-07-22 08:52 -------- d-----w- f:\program files\ICQ7.2
2012-07-21 20:47 . 2012-07-21 20:47 -------- d-----w- f:\program files\iWEB Studio
2012-07-21 20:47 . 2012-07-21 20:47 796672 ----a-w- f:\windows\GPInstall.exe
2012-07-21 19:10 . 2012-07-22 11:47 -------- d-----w- f:\program files\Metin2
2012-07-21 13:34 . 2012-07-21 13:57 -------- d-----w- f:\program files\Counter-Strike 1.6
2012-07-21 13:23 . 2012-07-21 13:23 654944 ----a-w- f:\windows\system32\xsherlock.xem
2012-07-21 13:16 . 2012-03-27 17:13 230920 ----a-w- f:\windows\system32\EPWZCmnCtrl.dll
2012-07-21 13:15 . 2012-07-21 13:16 -------- d-----w- f:\documents and settings\All Users\Application Data\WEBZEN
2012-07-21 13:04 . 2012-07-21 22:17 -------- d-----w- f:\program files\Overwolf
2012-07-21 13:02 . 2012-07-21 13:10 -------- d-----w- f:\documents and settings\GTA SA\Local Settings\Application Data\Overwolf
2012-07-21 13:02 . 2012-07-21 13:02 -------- d-----w- f:\program files\NVIDIA Corporation
2012-07-21 12:24 . 2012-07-21 13:26 -------- d-----w- f:\program files\WEBZEN
2012-07-16 07:23 . 2012-07-24 09:06 -------- d-----w- f:\documents and settings\GTA SA\Application Data\.minecraft
2012-07-16 06:53 . 2012-07-16 06:53 -------- d-----w- f:\documents and settings\LocalService\Application Data\TuneUp Software
2012-07-12 12:32 . 2012-07-12 12:32 9822920 ----a-w- f:\windows\system32\FlashPlayerInstaller.exe
2012-07-12 11:09 . 2010-02-12 10:03 293376 ------w- f:\windows\system32\browserchoice.exe
2012-07-12 11:01 . 2012-01-11 19:06 3072 -c----w- f:\windows\system32\dllcache\iacenc.dll
2012-07-12 11:01 . 2012-01-11 19:06 3072 ------w- f:\windows\system32\iacenc.dll
2012-07-12 11:00 . 2011-02-17 12:32 5120 ----a-w- f:\windows\system32\xpsp4res.dll
2012-07-11 12:54 . 2012-07-11 12:55 -------- d-----w- F:\Converted
2012-07-11 12:51 . 2012-07-11 12:51 -------- d-----w- f:\program files\GuerillaSoft
2012-07-11 12:48 . 2012-07-11 12:48 -------- d-----w- f:\program files\AllMusicConverter Media Suite
2012-07-11 12:45 . 2012-05-31 13:38 252928 ----a-w- f:\windows\system32\GSService.exe
2012-07-11 12:45 . 2012-06-01 13:20 260608 ----a-w- f:\windows\system32\snmvtsvc.exe
2012-07-11 12:45 . 2012-06-05 08:36 14392 ----a-w- f:\windows\system32\MusCVideo.dll
2012-07-11 12:45 . 2012-06-05 08:36 5688 ----a-w- f:\windows\system32\MusCVideo.sys
2012-07-11 12:45 . 2012-06-05 08:36 23608 ----a-w- f:\windows\system32\MusCAudio.sys
2012-07-11 12:45 . 2012-06-05 08:36 23608 ----a-w- f:\windows\system32\drivers\MusCAudio.sys
2012-07-11 12:45 . 2012-07-11 12:49 -------- d-----w- f:\program files\AllMusicConverter
2012-07-10 10:17 . 2012-07-10 10:17 -------- d-sh--w- f:\documents and settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-07-10 10:17 . 2012-07-10 10:17 -------- d--h--w- f:\documents and settings\All Users\Application Data\Common Files
2012-07-04 09:29 . 2012-07-04 09:29 -------- d-----w- f:\documents and settings\GTA SA\Application Data\SynthMaker
2012-07-04 06:23 . 2008-10-27 08:04 235856 ----a-w- f:\windows\system32\xactengine3_3.dll
2012-07-04 06:23 . 2008-10-27 08:04 23376 ----a-w- f:\windows\system32\X3DAudio1_5.dll
2012-07-04 06:23 . 2008-07-31 08:41 68616 ----a-w- f:\windows\system32\XAPOFX1_1.dll
2012-07-04 06:23 . 2008-07-31 08:40 509448 ----a-w- f:\windows\system32\XAudio2_2.dll
2012-07-04 06:23 . 2008-07-31 08:41 238088 ----a-w- f:\windows\system32\xactengine3_2.dll
2012-07-04 06:23 . 2008-07-10 09:01 467984 ----a-w- f:\windows\system32\d3dx10_39.dll
2012-07-04 06:23 . 2008-07-10 09:00 1493528 ----a-w- f:\windows\system32\D3DCompiler_39.dll
2012-07-04 06:23 . 2008-07-10 09:00 3851784 ----a-w- f:\windows\system32\D3DX9_39.dll
2012-07-04 06:12 . 2012-07-04 07:08 -------- d-----w- F:\MogreSDK
2012-07-03 11:21 . 2012-07-03 11:21 -------- d-----w- f:\documents and settings\GTA SA\Application Data\Image-Line
2012-07-03 10:26 . 2012-07-03 10:26 -------- d-----w- f:\program files\ASIO4ALL v2
2012-07-02 10:56 . 2012-07-04 10:45 -------- d-----w- f:\program files\Electronic Arts
2012-07-02 08:09 . 2012-07-02 08:09 -------- d-----w- f:\program files\uTorrent
2012-06-28 10:09 . 2012-07-21 22:20 -------- d-----w- f:\documents and settings\GTA SA\Application Data\Dropbox
2012-06-28 06:56 . 2006-04-12 10:11 147456 ----a-w- f:\windows\system32\rsnpstd3.dll
2012-06-28 06:56 . 2006-06-19 09:43 262144 ----a-w- f:\windows\tsnpstd3.exe
2012-06-28 06:56 . 2004-11-08 11:41 94208 ----a-w- f:\windows\amcap.exe
2012-06-28 06:56 . 2012-06-28 06:56 -------- d-----w- f:\program files\Common Files\StarCam
2012-06-28 06:45 . 2012-07-12 12:32 426184 ----a-w- f:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 12:32 . 2011-05-25 05:30 70344 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-04 06:34 . 2010-02-05 13:46 112640 -c--a-w- f:\documents and settings\All Users\Application Data\Microsoft\VCExpress\9.0\1033\ResourceCache.dll
2012-07-04 06:34 . 2009-09-27 19:52 416 -c--a-w- f:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-06-13 13:19 . 2004-08-04 12:00 1866112 ----a-w- f:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-09-03 11:18 1372672 ----a-w- f:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- f:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- f:\windows\system32\schannel.dll
2012-06-02 13:19 . 2007-07-30 17:18 22040 ----a-w- f:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-08-09 01:32 329240 ----a-w- f:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-08-09 01:32 219160 ----a-w- f:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-08-09 01:32 210968 ----a-w- f:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2007-07-30 17:19 15384 ----a-w- f:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-08-09 01:32 53784 ----a-w- f:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-08-09 01:32 35864 ----a-w- f:\windows\system32\wups.dll
2012-06-02 13:19 . 2007-07-30 17:19 45080 ----a-w- f:\windows\system32\wups2.dll
2012-06-02 13:19 . 2007-07-30 17:19 15384 ----a-w- f:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2004-08-04 12:00 97304 ----a-w- f:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-07-30 17:18 17944 ----a-w- f:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-08-09 01:32 577048 ----a-w- f:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-08-09 01:32 1933848 ----a-w- f:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- f:\windows\system32\crypt32.dll
2012-05-15 15:39 . 2004-08-04 12:00 832512 ----a-w- f:\windows\system32\wininet.dll
2012-05-04 13:12 . 2004-08-04 12:00 2192640 ----a-w- f:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2069120 ----a-w- f:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2008-08-09 01:30 139656 ----a-w- f:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-23_10.44.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-24 09:32 . 2012-07-24 09:32 16384 f:\windows\temp\Perflib_Perfdata_598.dat
+ 2012-07-23 12:06 . 2012-07-23 12:06 34494 f:\windows\Installer\{A696A783-CE10-4920-A03F-82FC6EE9C759}\application.exe
+ 2011-01-07 13:39 . 2011-01-07 13:39 768848 f:\windows\system32\msvcr100.dll
+ 2011-01-07 13:39 . 2011-01-07 13:39 421200 f:\windows\system32\msvcp100.dll
+ 2012-07-23 12:06 . 2012-07-23 12:06 1394688 f:\windows\Installer\4fd7ba.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay1]
@="{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}"
[HKEY_CLASSES_ROOT\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}]
2012-05-25 13:32 1338880 ----a-w- f:\program files\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay2]
@="{C72C6188-BEF2-46E5-A89A-52F0ED75219E}"
[HKEY_CLASSES_ROOT\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E}]
2012-05-25 13:32 1338880 ----a-w- f:\program files\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay3]
@="{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}"
[HKEY_CLASSES_ROOT\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}]
2012-05-25 13:32 1338880 ----a-w- f:\program files\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay4]
@="{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}"
[HKEY_CLASSES_ROOT\CLSID\{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}]
2012-05-25 13:32 1338880 ----a-w- f:\program files\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="f:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="f:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\tu_logonui.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi6"=mapledxp.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Antanda"=f:\docume~1\GTASA~1\LOCALS~1\Temp\InstallValidator.exe
"CTFMON.EXE"=f:\windows\system32\ctfmon.exe
"Taskbar Shuffle"=f:\program files\Taskbar Shuffle\taskbarshuffle.exe
"4Sync"="f:\program files\4Sync\4Sync.exe" -startup
"Akamai NetSession Interface"="f:\documents and settings\GTA SA\Local Settings\Application Data\Akamai\netsession_win.exe"
"ICQ"="f:\program files\ICQ7.2\ICQ.exe" silent loginmode=4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Microsoft Default Manager"="f:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
"ATICCC"="f:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"Google Desktop Search"="f:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"SunJavaUpdateSched"="f:\program files\Common Files\Java\Java Update\jusched.exe"
"tsnpstd3"=f:\windows\tsnpstd3.exe
"snpstd3"=f:\windows\vsnpstd3.exe
"Aeria Ignite"="f:\program files\Aeria Games\Ignite\aeriaignite.exe" silent
"Malwarebytes' Anti-Malware"="f:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Opera\\opera.exe"=
"f:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
"f:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"f:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"f:\\Program Files\\Sun\\SDK\\jdk\\bin\\java.exe"=
"f:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"f:\\Program Files\\MSI\\MyGuard Live\\MyGuard Live.exe"=
"f:\\Program Files\\VertrigoServ\\Mysql\\bin\\v_mysqld.exe"=
"f:\\Program Files\\VertrigoServ\\Apache\\bin\\v_apache.exe"=
"f:\\Documents and Settings\\GTA SA\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"f:\\Documents and Settings\\GTA SA\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"f:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"f:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\LegendenMt2\\client.exe"=
"f:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"f:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"f:\\Documents and Settings\\GTA SA\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"f:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"f:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"f:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"f:\\Program Files\\ICQ7.2\\ICQ.exe"=
"f:\\Program Files\\ICQ7.2\\aolload.exe"=
"f:\\Program Files\\Metin2\\metin2.exe"=
"f:\\Program Files\\Metin2\\hshield\\hsupdate.exe"=
"f:\\Documents and Settings\\GTA SA\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"f:\\AeriaGames\\Wolfteam\\Wolfteam.bin"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56965:TCP"= 56965:TCP:Pando Media Booster
"56965:UDP"= 56965:UDP:Pando Media Booster
"56140:TCP"= 56140:TCP:Pando Media Booster
"56140:UDP"= 56140:UDP:Pando Media Booster
"1134:TCP"= 1134:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;f:\windows\system32\drivers\sptd.sys [21. 8. 2008 20:41 691696]
R1 epfwtdir;epfwtdir;f:\windows\system32\drivers\epfwtdir.sys [1. 7. 2008 10:04 35168]
R1 eusk2par;EUTRON SmartKey Parallel Driver;f:\windows\system32\drivers\eusk2par.sys [24. 1. 2009 18:09 24786]
R1 mapledxp;mapledxp;f:\windows\system32\drivers\mapledxp.sys [8. 5. 2010 10:48 24720]
R2 ekrn;Eset Service;f:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7. 10. 2009 10:16 472280]
R2 OMSI download service;Sony Ericsson OMSI download service;f:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [30. 11. 2009 15:30 90112]
R3 MBAMProtector;MBAMProtector;f:\windows\system32\drivers\mbam.sys [22. 7. 2012 11:53 22344]
R3 MusCAudio;MusCAudio;f:\windows\system32\drivers\MusCAudio.sys [11. 7. 2012 14:45 23608]
R3 SDVPlus;Pinnacle Studio DVplus WDM Renderer;f:\windows\system32\drivers\SDVPlus.sys [9. 8. 2008 3:43 42102]
R3 seehcri;Sony Ericsson seehcri Device Driver;f:\windows\system32\drivers\seehcri.sys [30. 11. 2009 15:38 27632]
S2 MBAMService;MBAMService;f:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22. 7. 2012 11:53 655944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;f:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [28. 6. 2012 8:45 250056]
S3 apf001;apf001;f:\aeriagames\Wolfteam\apf001.sys [15. 3. 2012 18:56 10872]
S3 eusk3usb;SmartKey 3 USB;f:\windows\system32\drivers\eusk3usb.sys [24. 1. 2009 18:09 45534]
S3 ggflt;SEMC USB Flash Driver Filter;f:\windows\system32\drivers\ggflt.sys [11. 10. 2008 9:32 13224]
S3 GSService;GSService;f:\windows\system32\GSService.exe [11. 7. 2012 14:45 252928]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);f:\windows\system32\drivers\s0016bus.sys [30. 11. 2009 15:32 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;f:\windows\system32\drivers\s0016mdfl.sys [30. 11. 2009 15:32 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;f:\windows\system32\drivers\s0016mdm.sys [30. 11. 2009 15:32 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);f:\windows\system32\drivers\s0016mgmt.sys [30. 11. 2009 15:32 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);f:\windows\system32\drivers\s0016nd5.sys [30. 11. 2009 15:32 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;f:\windows\system32\drivers\s0016obex.sys [30. 11. 2009 15:32 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);f:\windows\system32\drivers\s0016unic.sys [30. 11. 2009 15:32 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);f:\windows\system32\drivers\s1018bus.sys [30. 11. 2009 15:32 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;f:\windows\system32\drivers\s1018mdfl.sys [30. 11. 2009 15:32 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;f:\windows\system32\drivers\s1018mdm.sys [30. 11. 2009 15:32 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);f:\windows\system32\drivers\s1018mgmt.sys [30. 11. 2009 15:32 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);f:\windows\system32\drivers\s1018nd5.sys [30. 11. 2009 15:32 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;f:\windows\system32\drivers\s1018obex.sys [30. 11. 2009 15:32 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);f:\windows\system32\drivers\s1018unic.sys [30. 11. 2009 15:33 109864]
S3 SMServer;SMServer;f:\windows\system32\snmvtsvc.exe [11. 7. 2012 14:45 260608]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;f:\windows\system32\drivers\VBoxNetAdp.sys [4. 11. 2011 14:42 104752]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-24 f:\windows\Tasks\Adobe Flash Player Updater.job
- f:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-28 12:32]
.
2009-01-06 f:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8220263802.job
- f:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - f:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Link to &MidpX - f:\program files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
IE: Sothink SWF Catcher - f:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - f:\documents and settings\GTA SA\Application Data\Mozilla\Firefox\Profiles\gb5xhkwq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - f:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - f:\program files\SpeedBit Video Downloader\SPFireFox
FF - Ext: Java Quick Starter: jqs@sun.com - f:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-24 11:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-515967899-1957994488-682003330-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-515967899-1957994488-682003330-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:33,30,fe,fb,62,b9,f6,79,6d,c2,45,85,79,e5,7e,cb,ff,53,7b,6e,d4,2b,4f,
2a,4e,21,2b,5a,6b,a9,46,ac,8f,75,a7,eb,5a,6d,37,13,69,ef,1a,9a,52,c6,7b,29,\
"??"=hex:a7,fe,27,8e,5f,cd,16,f0,f2,2c,f2,b2,ea,cb,b9,ac
.
[HKEY_USERS\S-1-5-21-515967899-1957994488-682003330-1007\Software\SecuROM\License information*]
"datasecu"=hex:fe,c4,57,4c,8c,c6,ab,77,5e,5e,d6,68,a9,4d,a5,51,ce,c9,94,62,13,
53,d9,6b,e0,d9,69,73,05,57,27,fc,a1,fe,ca,e5,b9,9d,96,a4,d2,54,cf,36,4a,15,\
"rkeysecu"=hex:2b,bd,85,26,0b,f2,a6,bd,94,ae,b2,1e,23,26,14,d4
.
[HKEY_LOCAL_MACHINE\software\Classes\FlashProp.FlashProp\CurVer]
@DACL=(02 0000)
@="FlashProp.FlashProp.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\FlashProp.FlashProp.1\CLSID]
@DACL=(02 0000)
@="{1171A62F-05D2-11D1-83FC-00A0C9089C5A}"
.
[HKEY_LOCAL_MACHINE\software\Classes\ShockwaveFlash.ShockwaveFlash\Shell]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1084)
f:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2924)
f:\windows\system32\WININET.dll
f:\program files\4Sync\ShellExt.dll
f:\progra~1\WINDOW~2\wmpband.dll
f:\windows\system32\msi.dll
f:\windows\system32\ieframe.dll
f:\windows\system32\WPDShServiceObj.dll
f:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
f:\program files\4Sync\ShellCp.dll
f:\program files\Microsoft Virtual PC\VPCShExH.DLL
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
f:\windows\system32\Ati2evxx.exe
f:\windows\system32\Ati2evxx.exe
f:\program files\Bonjour\mDNSResponder.exe
f:\program files\Java\jre6\bin\jqs.exe
f:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
f:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
f:\windows\system32\IoctlSvc.exe
f:\windows\system32\PnkBstrA.exe
f:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
f:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
f:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
f:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
f:\windows\system32\wbem\wmiapsrv.exe
f:\program files\Opera\opera.exe
f:\program files\Opera\pluginwrapper\opera_plugin_wrapper.exe
.
**************************************************************************
.
Completion time: 2012-07-24 11:40:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-24 09:40
ComboFix2.txt 2012-07-23 21:08
ComboFix3.txt 2012-07-23 10:54
.
Pre-Run: 6 159 175 680 bytes free
Post-Run: 6 123 687 936 voľných bajtov
.
- - End Of File - - 42EC122FCFF90649946B1883DAE7B33E

Tu je log z HiJackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:43:03, on 24. 7. 2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17110)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
F:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
F:\WINDOWS\system32\IoctlSvc.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
F:\WINDOWS\system32\wbem\wmiapsrv.exe
F:\WINDOWS\explorer.exe
F:\Program Files\Opera\opera.exe
F:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
F:\WINDOWS\system32\notepad.exe
F:\Documents and Settings\GTA SA\Local Settings\Application Data\Opera\Opera\temporary_downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - F:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - F:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - F:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - F:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - F:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll (file missing)
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - F:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O4 - HKLM\..\Run: [egui] "F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - F:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O8 - Extra context menu item: Sothink SWF Catcher - F:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - F:\Program Files\AllMusicConverter\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - F:\Program Files\AllMusicConverter\YouTubeRipper.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - F:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - F:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - F:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - F:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\Program Files\Overwolf\SKYPE4~2.DLL (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - F:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - F:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - F:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - F:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GSService - Unknown owner - F:\WINDOWS\system32\GSService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - F:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - F:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - F:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SMServer - SMServer - F:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O24 - Desktop Component 0: (no name) - file:///F:/DOCUME~1/GTASA~1/LOCALS~1/Temp/msohtml1/01/clip_image001.gif

--
End of file - 8487 bytes

Tu je log z aswMBR:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-24 11:54:32
-----------------------------
11:54:32.062 OS Version: Windows 5.1.2600 Service Pack 3
11:54:32.062 Number of processors: 1 586 0x207
11:54:32.062 ComputerName: VLASTNIK-0C199D UserName: GTA SA
11:54:33.562 Initialize success
11:54:40.062 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
11:54:40.062 Disk 0 Vendor: ST3320620A 3.AAF Size: 305245MB BusType: 3
11:54:40.062 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-24
11:54:40.062 Disk 1 Vendor: ST380021A 3.19 Size: 76319MB BusType: 3
11:54:40.078 Disk 1 MBR read successfully
11:54:40.078 Disk 1 MBR scan
11:54:40.078 Disk 1 Windows XP default MBR code
11:54:40.078 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 40005 MB offset 63
11:54:40.093 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 36310 MB offset 81931500
11:54:40.093 Disk 1 scanning sectors +156296385
11:54:40.156 Disk 1 scanning F:\WINDOWS\system32\drivers
11:54:56.093 Service scanning
11:55:11.468 Service sptd F:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
11:55:15.750 Modules scanning
11:55:27.343 Disk 1 trace - called modules:
11:55:27.359 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sphx.sys >>UNKNOWN [0x8a73a938]<<
11:55:27.375 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a64aab8]
11:55:27.375 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000078[0x8a6f37b0]
11:55:27.375 5 ACPI.sys[f74a3620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-24[0x8a652030]
11:55:27.375 Scan finished successfully
11:55:43.484 Disk 1 MBR has been saved successfully to "F:\Documents and Settings\GTA SA\Desktop\MBR.dat"
11:55:43.500 The log file has been saved successfully to "F:\Documents and Settings\GTA SA\Desktop\aswMBR.txt"

Tu je log z RogueKiller:

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operačný systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spustené v : Normálny režim
Užívateľ: GTA SA [Práva Správcu]
Režim: Kontrola -- Dátum: 07/24/2012 11:59:45

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrov: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤
[Faked.Drv][FAKED] ati1rvxx.sys : f:\windows\system32\drivers\ati1rvxx.sys --> CANNOT FIX
[Faked.Drv][FAKED] ati2mtaa.sys : f:\windows\system32\drivers\ati2mtaa.sys --> CANNOT FIX
[Faked.Drv][FAKED] atinxsxx.sys : f:\windows\system32\drivers\atinxsxx.sys --> CANNOT FIX
[Faked.Drv][FAKED] fltmgr.sys : f:\windows\system32\drivers\fltmgr.sys --> CANNOT FIX
[Faked.Drv][FAKED] mf.sys : f:\windows\system32\drivers\mf.sys --> CANNOT FIX
[Faked.Drv][FAKED] mtlstrm.sys : f:\windows\system32\drivers\mtlstrm.sys --> CANNOT FIX
[Faked.Drv][FAKED] nv4_mini.sys : f:\windows\system32\drivers\nv4_mini.sys --> CANNOT FIX
[Faked.Drv][FAKED] nwlnknb.sys : f:\windows\system32\drivers\nwlnknb.sys --> CANNOT FIX
[Faked.Drv][FAKED] rdpdr.sys : f:\windows\system32\drivers\rdpdr.sys --> CANNOT FIX
[Faked.Drv][FAKED] slnt7554.sys : f:\windows\system32\drivers\slnt7554.sys --> CANNOT FIX

¤¤¤ Ovládač: [NAHRATÉ] ¤¤¤
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7849B40)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7849B40)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7849B40)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7849B40)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7849B40)
IRP[IRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7849B40)

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST3320620A +++++
--- User ---
[MBR] a653c9a45cb08e17cdc285d3035c1605
[BSP] e0f7bd82ab7ccd1909b708e086da3757 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 199996 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409593240 | Size: 49999 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 511991550 | Size: 55246 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST380021A +++++
--- User ---
[MBR] da9b7e4e73f7dbc590d8767da054c5ab
[BSP] e51a38174c1a67007432731bd4a0fcc6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 40005 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81931500 | Size: 36310 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončené : << RKreport[1].txt >>
RKreport[1].txt

Spomalené PC - prosím prešetrenie logu Vyřešeno

Spomalené PC - prosím prešetrenie logu

Re: Spomalené PC - prosím prešetrenie logu

Re: Spomalené PC - prosím prešetrenie logu

Re: Spomalené PC - prosím prešetrenie logu

Re: Spomalené PC - prosím prešetrenie logu

Re: Spomalené PC - prosím prešetrenie logu

Re: Spomalené PC - prosím prešetrenie logu

Re: Spomalené PC - prosím prešetrenie logu

Re: Spomalené PC - prosím prešetrenie logu

Re: Spomalené PC - prosím prešetrenie logu

Re: Spomalené PC - prosím prešetrenie logu

Re: Spomalené PC - prosím prešetrenie logu

Kdo je online