Udomacneny spyware

Cavte dobry ludia. Spyware doctor mi v mojom notebooku nasiel spyware.known bad-sites lenze ked ho odstrani pri dalsej kontrole ho najde zase, skusal som aj ine programy ako spyware terminator, spy sweeper lenze tie ho nenasli, prikladam log, ak na nieco pridete, tak napiste a hlavne vysvetlite co a ako lebo lebo v tomto niesom nejaky zdatny. Za odpovede vopred vdaka

Tu je ten log z HijackThis :

Scan saved at 12:02:50, on 20. 3. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [CognizanceTS] "rundll32.exe" C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B0E1526D-A0C8-417E-9F8D-E8D11ADFAFC6} - http://192.168.14.122/img/IPCamActiveX_Setup.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8818 bytes

spyware.known bad-sites sú len odkazy(záložky) na pravdepodobne nebezpečné stránky. V logu nič nevidím.

A nevies ako to dostanem z pocitaca?Inak dik za odpoved.

Pošli log z combofix.

Tu je log z combofix:

ComboFix 08-03-22.1 - Matej Homola 2008-03-22 15:58:32.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.478 [GMT 1:00]
Running from: C:\Documents and Settings\Matej Homola\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
C:\WINDOWS\system32\x64
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASBroker
-------\ASBroker


((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.

2008-03-20 22:58 . 2008-03-20 22:58 <DIR> d---s---- C:\Documents and Settings\Matej Homola\UserData
2008-03-20 22:52 . 2008-03-20 22:52 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\ICQ Toolbar
2008-03-20 11:56 . 2008-03-20 11:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-20 11:02 . 2008-03-20 11:05 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-03-20 11:02 . 2008-03-20 11:03 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\Spyware Terminator
2008-03-20 11:02 . 2008-03-20 11:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-20 11:02 . 2008-03-20 11:02 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-20 09:39 . 2008-03-20 11:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-20 09:39 . 2008-03-20 10:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-19 18:53 . 2008-03-19 18:53 <DIR> d-------- C:\Program Files\Empire Interactive
2008-03-19 18:07 . 2008-03-20 22:53 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-19 18:07 . 2008-03-19 18:07 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\PC Tools
2008-03-19 18:07 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-19 18:07 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-19 18:07 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-19 18:07 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-19 15:50 . 2008-03-19 17:40 <DIR> d-------- C:\Program Files\FlatOut
2008-03-19 15:44 . 2008-03-19 15:44 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-03-19 15:40 . 2008-03-19 15:40 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\DAEMON Tools
2008-03-19 15:40 . 2008-03-19 15:40 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-15 11:18 . 2008-03-15 11:18 <DIR> d-------- C:\Program Files\AskSBar
2008-03-14 15:41 . 2008-03-15 17:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-03-14 15:33 . 2008-03-14 15:34 <DIR> d-------- C:\Program Files\QIP
2008-03-14 15:30 . 2008-03-14 15:30 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\Ashampoo
2008-03-14 15:30 . 2008-03-14 15:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-03-14 15:29 . 2008-03-14 15:29 <DIR> d-------- C:\Program Files\Ashampoo
2008-03-14 15:23 . 2008-03-14 15:24 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\Roxio
2008-03-14 14:44 . 2008-03-14 14:44 <DIR> d-------- C:\Program Files\Everest 4.10.1068 Ultimate Engineer Edition - Portable
2008-03-13 19:08 . 2008-03-13 19:08 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\SystemRequirementsLab
2008-03-11 20:13 . 2008-03-12 13:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-09 20:04 . 2008-03-09 20:04 <DIR> d-------- C:\Documents and Settings\Matej Homola\Bluetooth Software
2008-03-08 21:37 . 2008-03-08 21:40 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\Skype
2008-03-08 16:55 . 2008-03-08 16:55 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\AdobeUM
2008-03-08 16:14 . 2008-03-08 17:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-08 15:46 . 2008-03-08 16:08 <DIR> d-------- C:\Program Files\Adobe CS3
2008-03-03 17:57 . 2008-03-03 18:41 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-03 17:57 . 2008-03-03 17:58 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\Media Player Classic
2008-03-03 17:57 . 2007-09-28 18:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-03 17:57 . 2007-09-28 18:05 739,840 --a------ C:\WINDOWS\system32\divx.dll
2008-03-03 17:57 . 2006-09-24 17:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-03-03 17:57 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-03-03 17:57 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-03-03 17:57 . 2007-09-21 02:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-03-03 17:57 . 2007-09-28 18:05 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-03-03 17:57 . 2007-07-29 17:51 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-03-03 17:57 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-03-03 17:57 . 2007-10-03 17:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 10:30 --------- d-----w C:\Documents and Settings\Matej Homola\Application Data\AVG7
2008-03-21 19:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-20 21:52 --------- d-----w C:\Program Files\ICQToolbar
2008-03-17 19:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-03-08 16:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-03 16:51 --------- d-----w C:\Program Files\Electronic Arts
2008-03-01 14:13 --------- d-----w C:\Program Files\Xvid
2008-03-01 14:13 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-29 16:21 --------- d-----w C:\Program Files\TP
2008-02-21 21:28 --------- d-----w C:\Program Files\CDex_150
2008-02-21 21:20 --------- d-----w C:\Documents and Settings\Matej Homola\Application Data\PC Suite
2008-02-21 14:52 --------- d-----w C:\Program Files\EarthView
2008-02-21 14:45 --------- d-----w C:\Program Files\cdex
2008-02-21 14:34 --------- d-----w C:\Documents and Settings\Matej Homola\Application Data\DeskSoft
2008-02-21 13:00 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2008-02-18 18:55 --------- d-----w C:\Program Files\WinZip70
2008-02-18 18:55 --------- d-----w C:\Program Files\Total Comander 6.50
2008-02-18 18:33 --------- d-----w C:\Program Files\Godlike Developers
2008-02-11 16:18 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-02-11 14:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nokia
2008-01-27 15:08 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-27 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
2007-11-21 16:45 1,904,584 ----a-w C:\Program Files\daemon410-x86.exe
2007-03-17 06:00 35,979 ----a-w C:\Program Files\Photoshop CS3 Read Me.html
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-03-15 11:18 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-03-15 11:18 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-03-15 11:18 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-03-15 11:18 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-03 00:17 163840]
"CognizanceTS"="rundll32.exe" [2004-08-04 09:00 33280 C:\WINDOWS\system32\rundll32.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 16:36 579072]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 09:52 57344]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-14 19:27 1015808]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 21:21 472632]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-05-18 22:50 138008]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-05-18 22:50 138008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 19:13 219136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuPinnedList"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-09-27 05:23 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Orezávač obrazovky a spúšťač programu OneNote 2007.lnk]
backup=C:\WINDOWS\pss\Orezávač obrazovky a spúšťač programu OneNote 2007.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
backup=C:\WINDOWS\pss\DVD Check.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2008-03-14 12:55 486856 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-03-14 12:55 486856 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-05-18 22:50 162584 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 07:11 49152 c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-04-26 08:29 237568 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-04-11 17:52 1409024 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-12-21 00:51 1187840 C:\WINDOWS\Sminst\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2006-03-10 01:38 806912 C:\WINDOWS\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
--a------ 2006-10-09 19:23 697976 C:\WINDOWS\SMINST\Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
--a------ 2007-10-02 16:27 1065288 C:\Program Files\Spyware Doctor\SDTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2006-07-13 15:12 729088 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2007-01-05 17:36 872448 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2008-03-20 11:02 2957824 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-25 08:14 77824 C:\Program Files\Java\jre1.6.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
--a------ 2007-09-14 19:29 102400 C:\Program Files\Synaptics\SynTP\SynTPStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall_CToolbar]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--a------ 2007-05-23 10:00 192512 C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"stisvc"=3 (0x3)
"sp_rssrv"=2 (0x2)
"sp_clamsrv"=3 (0x3)
"RoxMediaDB9"=3 (0x3)
"IviRegMgr"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"AppMgmt"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"Wmi"=3 (0x3)
"VSS"=3 (0x3)
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"ImapiService"=3 (0x3)
"dmadmin"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"aspnet_state"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PTHOSTTR"=C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\QIP\\qip.exe"=

R0 SafeBoot;SafeBoot;C:\WINDOWS\system32\drivers\SafeBoot.sys [2007-04-23 00:24]
R0 SbAlg;SbAlg;C:\WINDOWS\system32\drivers\SbAlg.sys [2006-10-09 21:31]
R0 SbFsLock;SbFsLock;C:\WINDOWS\system32\drivers\SbFsLock.sys [2007-03-30 00:54]
R1 RsvLock;RsvLock;C:\WINDOWS\system32\drivers\RsvLock.sys [2007-04-23 00:25]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-20 11:02]
R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:00]
R2 HpFkCryptService;Drive Encryption Service;"c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe" [2007-04-23 00:32]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-09-19 17:58]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 09:00]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys []
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys []
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNP.sys []
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 16:02:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2008-03-22 16:04:27 - machine was rebooted [Matej Homola]
ComboFix-quarantined-files.txt 2008-03-22 15:04:22
.
2008-03-19 14:18:48 --- E O F ---

Do combofixu vlož:

ASWLNPkg.dll vráť z C:\QooBox späť do C:\Program Files\Hewlett-Packard\IAM\Bin (musiš odstrániť príponu .vir).

Tak som to tam vlozil aspon dufam ze spravne a daco sa zmenilo a to ASWLNPkg.dll som tam nenasiel.Hodim tu log po vlozeni toho registri...

ComboFix 08-03-22.1 - Matej Homola 2008-03-22 23:13:13.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.532 [GMT 1:00]
Running from: C:\Documents and Settings\Matej Homola\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.

2008-03-20 22:58 . 2008-03-20 22:58 <DIR> d---s---- C:\Documents and Settings\Matej Homola\UserData
2008-03-20 22:52 . 2008-03-20 22:52 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\ICQ Toolbar
2008-03-20 11:56 . 2008-03-20 11:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-20 11:02 . 2008-03-20 11:05 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-03-20 11:02 . 2008-03-20 11:03 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\Spyware Terminator
2008-03-20 11:02 . 2008-03-20 11:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-20 11:02 . 2008-03-20 11:02 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-20 09:39 . 2008-03-20 11:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-20 09:39 . 2008-03-20 10:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-19 18:53 . 2008-03-19 18:53 <DIR> d-------- C:\Program Files\Empire Interactive
2008-03-19 18:07 . 2008-03-20 22:53 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-19 18:07 . 2008-03-19 18:07 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\PC Tools
2008-03-19 18:07 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-19 18:07 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-19 18:07 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-19 18:07 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-19 15:50 . 2008-03-19 17:40 <DIR> d-------- C:\Program Files\FlatOut
2008-03-19 15:44 . 2008-03-19 15:44 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-03-19 15:40 . 2008-03-19 15:40 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\DAEMON Tools
2008-03-19 15:40 . 2008-03-19 15:40 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-15 11:18 . 2008-03-15 11:18 <DIR> d-------- C:\Program Files\AskSBar
2008-03-14 15:41 . 2008-03-15 17:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-03-14 15:33 . 2008-03-14 15:34 <DIR> d-------- C:\Program Files\QIP
2008-03-14 15:30 . 2008-03-14 15:30 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\Ashampoo
2008-03-14 15:30 . 2008-03-14 15:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-03-14 15:29 . 2008-03-14 15:29 <DIR> d-------- C:\Program Files\Ashampoo
2008-03-14 15:23 . 2008-03-14 15:24 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\Roxio
2008-03-14 14:44 . 2008-03-14 14:44 <DIR> d-------- C:\Program Files\Everest 4.10.1068 Ultimate Engineer Edition - Portable
2008-03-13 19:08 . 2008-03-13 19:08 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\SystemRequirementsLab
2008-03-11 20:13 . 2008-03-12 13:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-09 20:04 . 2008-03-09 20:04 <DIR> d-------- C:\Documents and Settings\Matej Homola\Bluetooth Software
2008-03-08 21:37 . 2008-03-08 21:40 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\Skype
2008-03-08 16:55 . 2008-03-08 16:55 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\AdobeUM
2008-03-08 16:14 . 2008-03-08 17:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-08 15:46 . 2008-03-08 16:08 <DIR> d-------- C:\Program Files\Adobe CS3
2008-03-03 17:57 . 2008-03-03 18:41 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-03 17:57 . 2008-03-03 17:58 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\Media Player Classic
2008-03-03 17:57 . 2007-09-28 18:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-03 17:57 . 2007-09-28 18:05 739,840 --a------ C:\WINDOWS\system32\divx.dll
2008-03-03 17:57 . 2006-09-24 17:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-03-03 17:57 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-03-03 17:57 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-03-03 17:57 . 2007-09-21 02:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-03-03 17:57 . 2007-09-28 18:05 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-03-03 17:57 . 2007-07-29 17:51 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-03-03 17:57 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-03-03 17:57 . 2007-10-03 17:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 10:30 --------- d-----w C:\Documents and Settings\Matej Homola\Application Data\AVG7
2008-03-21 19:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-20 21:52 --------- d-----w C:\Program Files\ICQToolbar
2008-03-17 19:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-03-08 16:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-03 16:51 --------- d-----w C:\Program Files\Electronic Arts
2008-03-01 14:13 --------- d-----w C:\Program Files\Xvid
2008-03-01 14:13 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-29 16:21 --------- d-----w C:\Program Files\TP
2008-02-21 21:28 --------- d-----w C:\Program Files\CDex_150
2008-02-21 21:20 --------- d-----w C:\Documents and Settings\Matej Homola\Application Data\PC Suite
2008-02-21 14:52 --------- d-----w C:\Program Files\EarthView
2008-02-21 14:45 --------- d-----w C:\Program Files\cdex
2008-02-21 14:34 --------- d-----w C:\Documents and Settings\Matej Homola\Application Data\DeskSoft
2008-02-21 13:00 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2008-02-18 18:55 --------- d-----w C:\Program Files\WinZip70
2008-02-18 18:55 --------- d-----w C:\Program Files\Total Comander 6.50
2008-02-18 18:33 --------- d-----w C:\Program Files\Godlike Developers
2008-02-11 16:18 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-02-11 14:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nokia
2008-01-27 15:08 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-27 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
2007-11-21 16:45 1,904,584 ----a-w C:\Program Files\daemon410-x86.exe
2007-03-17 06:00 35,979 ----a-w C:\Program Files\Photoshop CS3 Read Me.html
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-03-15 11:18 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-03-15 11:18 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-03-15 11:18 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-03-15 11:18 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-03 00:17 163840]
"CognizanceTS"="rundll32.exe" [2004-08-04 09:00 33280 C:\WINDOWS\system32\rundll32.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 16:36 579072]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 09:52 57344]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-14 19:27 1015808]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 21:21 472632]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-05-18 22:50 138008]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-05-18 22:50 138008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 19:13 219136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuPinnedList"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-09-27 05:23 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Orezávač obrazovky a spúšťač programu OneNote 2007.lnk]
backup=C:\WINDOWS\pss\Orezávač obrazovky a spúšťač programu OneNote 2007.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
backup=C:\WINDOWS\pss\DVD Check.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2008-03-14 12:55 486856 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-03-14 12:55 486856 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-05-18 22:50 162584 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 07:11 49152 c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-04-26 08:29 237568 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-04-11 17:52 1409024 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-12-21 00:51 1187840 C:\WINDOWS\Sminst\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2006-03-10 01:38 806912 C:\WINDOWS\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
--a------ 2006-10-09 19:23 697976 C:\WINDOWS\SMINST\Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
--a------ 2007-10-02 16:27 1065288 C:\Program Files\Spyware Doctor\SDTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2006-07-13 15:12 729088 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2007-01-05 17:36 872448 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2008-03-20 11:02 2957824 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-25 08:14 77824 C:\Program Files\Java\jre1.6.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
--a------ 2007-09-14 19:29 102400 C:\Program Files\Synaptics\SynTP\SynTPStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall_CToolbar]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--a------ 2007-05-23 10:00 192512 C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"stisvc"=3 (0x3)
"sp_rssrv"=2 (0x2)
"sp_clamsrv"=3 (0x3)
"RoxMediaDB9"=3 (0x3)
"IviRegMgr"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"AppMgmt"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"Wmi"=3 (0x3)
"VSS"=3 (0x3)
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"ImapiService"=3 (0x3)
"dmadmin"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"aspnet_state"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PTHOSTTR"=C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\QIP\\qip.exe"=

R0 SafeBoot;SafeBoot;C:\WINDOWS\system32\drivers\SafeBoot.sys [2007-04-23 00:24]
R0 SbAlg;SbAlg;C:\WINDOWS\system32\drivers\SbAlg.sys [2006-10-09 21:31]
R0 SbFsLock;SbFsLock;C:\WINDOWS\system32\drivers\SbFsLock.sys [2007-03-30 00:54]
R1 RsvLock;RsvLock;C:\WINDOWS\system32\drivers\RsvLock.sys [2007-04-23 00:25]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-20 11:02]
R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:00]
R2 HpFkCryptService;Drive Encryption Service;"c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe" [2007-04-23 00:32]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-09-19 17:58]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 09:00]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys []
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys []
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNP.sys []
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 23:14:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-22 23:14:43
ComboFix-quarantined-files.txt 2008-03-22 22:14:40
ComboFix2.txt 2008-03-22 15:04:27
.
2008-03-19 14:18:48 --- E O F ---

Este stale je tam ten parchant.

jj, zvoľ štart-spustiť-cmd a vlož tam (cez kontextové menu):

co to ake kontextove menu?Hodi cierne a neda sa tam nic vlozit, porad ako lebo vravim nesom nejaky odbornik. Dik.

Cez pravý klik-vložiť.

Tak sa mi to podarilo, tu je log:

ComboFix 08-03-22.1 - Matej Homola 2008-03-24 14:57:51.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.511 [GMT 1:00]
Running from: C:\Documents and Settings\Matej Homola\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))
.

2008-03-20 22:58 . 2008-03-20 22:58 <DIR> d---s---- C:\Documents and Settings\Matej Homola\UserData
2008-03-20 22:52 . 2008-03-20 22:52 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\ICQ Toolbar
2008-03-20 11:56 . 2008-03-20 11:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-20 11:02 . 2008-03-20 11:05 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-03-20 11:02 . 2008-03-20 11:03 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\Spyware Terminator
2008-03-20 11:02 . 2008-03-20 11:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-20 11:02 . 2008-03-20 11:02 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-20 09:39 . 2008-03-20 11:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-20 09:39 . 2008-03-20 10:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-19 18:53 . 2008-03-19 18:53 <DIR> d-------- C:\Program Files\Empire Interactive
2008-03-19 18:07 . 2008-03-20 22:53 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-19 18:07 . 2008-03-19 18:07 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\PC Tools
2008-03-19 18:07 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-19 18:07 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-19 18:07 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-19 18:07 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-19 15:50 . 2008-03-19 17:40 <DIR> d-------- C:\Program Files\FlatOut
2008-03-19 15:44 . 2008-03-19 15:44 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-03-19 15:40 . 2008-03-19 15:40 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\DAEMON Tools
2008-03-19 15:40 . 2008-03-19 15:40 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-15 11:18 . 2008-03-15 11:18 <DIR> d-------- C:\Program Files\AskSBar
2008-03-14 15:41 . 2008-03-15 17:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-03-14 15:33 . 2008-03-14 15:34 <DIR> d-------- C:\Program Files\QIP
2008-03-14 15:30 . 2008-03-14 15:30 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\Ashampoo
2008-03-14 15:30 . 2008-03-14 15:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-03-14 15:29 . 2008-03-14 15:29 <DIR> d-------- C:\Program Files\Ashampoo
2008-03-14 15:23 . 2008-03-14 15:24 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\Roxio
2008-03-14 14:44 . 2008-03-14 14:44 <DIR> d-------- C:\Program Files\Everest 4.10.1068 Ultimate Engineer Edition - Portable
2008-03-13 19:08 . 2008-03-13 19:08 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\SystemRequirementsLab
2008-03-11 20:13 . 2008-03-12 13:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-09 20:04 . 2008-03-09 20:04 <DIR> d-------- C:\Documents and Settings\Matej Homola\Bluetooth Software
2008-03-08 21:37 . 2008-03-08 21:40 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\Skype
2008-03-08 16:55 . 2008-03-08 16:55 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\AdobeUM
2008-03-08 16:14 . 2008-03-08 17:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-08 15:46 . 2008-03-08 16:08 <DIR> d-------- C:\Program Files\Adobe CS3
2008-03-03 17:57 . 2008-03-03 18:41 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-03 17:57 . 2008-03-03 17:58 <DIR> d-------- C:\Documents and Settings\Matej Homola\Application Data\Media Player Classic
2008-03-03 17:57 . 2007-09-28 18:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-03 17:57 . 2007-09-28 18:05 739,840 --a------ C:\WINDOWS\system32\divx.dll
2008-03-03 17:57 . 2006-09-24 17:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-03-03 17:57 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-03-03 17:57 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-03-03 17:57 . 2007-09-21 02:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-03-03 17:57 . 2007-09-28 18:05 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-03-03 17:57 . 2007-07-29 17:51 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-03-03 17:57 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-03-03 17:57 . 2007-10-03 17:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 12:31 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-22 10:30 --------- d-----w C:\Documents and Settings\Matej Homola\Application Data\AVG7
2008-03-20 21:52 --------- d-----w C:\Program Files\ICQToolbar
2008-03-17 19:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-03-08 16:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-03 16:51 --------- d-----w C:\Program Files\Electronic Arts
2008-03-01 14:13 --------- d-----w C:\Program Files\Xvid
2008-03-01 14:13 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-29 16:21 --------- d-----w C:\Program Files\TP
2008-02-21 21:28 --------- d-----w C:\Program Files\CDex_150
2008-02-21 21:20 --------- d-----w C:\Documents and Settings\Matej Homola\Application Data\PC Suite
2008-02-21 14:52 --------- d-----w C:\Program Files\EarthView
2008-02-21 14:45 --------- d-----w C:\Program Files\cdex
2008-02-21 14:34 --------- d-----w C:\Documents and Settings\Matej Homola\Application Data\DeskSoft
2008-02-21 13:00 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2008-02-18 18:55 --------- d-----w C:\Program Files\WinZip70
2008-02-18 18:55 --------- d-----w C:\Program Files\Total Comander 6.50
2008-02-18 18:33 --------- d-----w C:\Program Files\Godlike Developers
2008-02-11 16:18 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-02-11 14:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nokia
2008-01-27 15:08 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-27 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
2007-11-21 16:45 1,904,584 ----a-w C:\Program Files\daemon410-x86.exe
2007-03-17 06:00 35,979 ----a-w C:\Program Files\Photoshop CS3 Read Me.html
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-03-15 11:18 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-03-15 11:18 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-03-15 11:18 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-03-15 11:18 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-03 00:17 163840]
"CognizanceTS"="rundll32.exe" [2004-08-04 09:00 33280 C:\WINDOWS\system32\rundll32.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 16:36 579072]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 09:52 57344]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-14 19:27 1015808]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 21:21 472632]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-05-18 22:50 138008]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-05-18 22:50 138008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 19:13 219136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuPinnedList"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-09-27 05:23 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Orezávač obrazovky a spúšťač programu OneNote 2007.lnk]
backup=C:\WINDOWS\pss\Orezávač obrazovky a spúšťač programu OneNote 2007.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
backup=C:\WINDOWS\pss\DVD Check.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2008-03-14 12:55 486856 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-03-14 12:55 486856 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-05-18 22:50 162584 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 07:11 49152 c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-04-26 08:29 237568 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-04-11 17:52 1409024 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-12-21 00:51 1187840 C:\WINDOWS\Sminst\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2006-03-10 01:38 806912 C:\WINDOWS\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
--a------ 2006-10-09 19:23 697976 C:\WINDOWS\SMINST\Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
--a------ 2007-10-02 16:27 1065288 C:\Program Files\Spyware Doctor\SDTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2006-07-13 15:12 729088 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2007-01-05 17:36 872448 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2008-03-20 11:02 2957824 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-25 08:14 77824 C:\Program Files\Java\jre1.6.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
--a------ 2007-09-14 19:29 102400 C:\Program Files\Synaptics\SynTP\SynTPStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall_CToolbar]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--a------ 2007-05-23 10:00 192512 C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"stisvc"=3 (0x3)
"sp_rssrv"=2 (0x2)
"sp_clamsrv"=3 (0x3)
"RoxMediaDB9"=3 (0x3)
"IviRegMgr"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"AppMgmt"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"Wmi"=3 (0x3)
"VSS"=3 (0x3)
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"ImapiService"=3 (0x3)
"dmadmin"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"aspnet_state"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PTHOSTTR"=C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\QIP\\qip.exe"=

R0 SafeBoot;SafeBoot;C:\WINDOWS\system32\drivers\SafeBoot.sys [2007-04-23 00:24]
R0 SbAlg;SbAlg;C:\WINDOWS\system32\drivers\SbAlg.sys [2006-10-09 21:31]
R0 SbFsLock;SbFsLock;C:\WINDOWS\system32\drivers\SbFsLock.sys [2007-03-30 00:54]
R1 RsvLock;RsvLock;C:\WINDOWS\system32\drivers\RsvLock.sys [2007-04-23 00:25]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-20 11:02]
R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:00]
R2 HpFkCryptService;Drive Encryption Service;"c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe" [2007-04-23 00:32]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-09-19 17:58]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 09:00]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys []
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys []
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNP.sys []
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 14:59:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-24 15:00:14
ComboFix-quarantined-files.txt 2008-03-24 14:00:10
.
2008-03-19 14:18:48 --- E O F ---

Vyhľadaj info.exe a vymaž ho (príp. s killbox), ale myslím, že už by to aj tak nemalo byť aktívne.

Normalne hladat v ponuke start? Pozri ktore vymazat, neviem ci bude dobre vidno:

http://www.imghosting.eu/view.php?img=hladanie.JPG

Nie je tam. Neviem, prečo ten záznam v registroch nejde vymazať, ale aj tak nie je funkčný.

No tak dik za rady fakt VDAKA

A chcem sa este spitat na T-cleaner vlastne co vsetko vymaze, ci sa nemusim bat to pustit aby to nevimazalo nieco dolezite.

Nemyslis nahodou Ccleaner?

Môžeš sa pozrieť na jeho kód. Zmaže len rôzne nástroje používané na čistenie, zálohu combofixu, zálohu systému a vytvori novú.

Je to v poriadku neslo ho konecne.