Security shield - jurasko2

[jurasko2]

Zdravím prosim taktiež o pomoc s týmto svinstvom... Na PC mám velké množstvo dát a nechcem onič prísť, postup som preštudoval, takže zasielam log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Ja at 2012-07-15 10:26:53
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 1 GB (7%) free of 17 GB
Total RAM: 1023 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:28:09, on 15. 7. 2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Automatické vypnutí počítače\avp.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
D:\Software\winamp\winamp.exe
D:\Software\Fire fox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\DOCUME~1\Ja\LOCALS~1\DATAAP~1\mibdnxvz.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Ja\Plocha\RSIT.exe
C:\Program Files\trend micro\Ja.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Automatické vypnutí počítače.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\Software\MSOFFI~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Prevziať pomocou FDM - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Prevziať video pomocou FDM - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Prevziať vybrané pomocou FDM - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Prevziať všetko pomocou FDM - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c9a01a865887b4) (gupdate1c9a01a865887b4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 8381 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Ja\Data aplikací\Mozilla\Firefox\Profiles\79j90jeh.default

prefs.js - "browser.startup.homepage" - "google.sk"
prefs.js - "extensions.enabledItems" - "{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9, fdm_ffext@freedownloadmanager.org:1.3.4, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.8, {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {66822507-a6f9-9e39-e658-97ba12dc5f8f}:4.6.6.8, personas@christopher.beard:1.5.1, {a6e4a4eb-d169-4e99-8988-250fcbafe767}:2.2.0.9, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.18"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.1.9&q="

"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Program Files\Real\RealPlayer\browserrecord
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@joj.sk/TV_JOJ_Media_Player]
"Description"=TV JOJ Media Player
"Path"=C:\Program Files\TV JOJ Media Player\npplugin_netscape.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69]
"Description"=6.0.12.69
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc;version=0.8.6d]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

D:\Software\Fire fox\extensions\
{66822507-a6f9-9e39-e658-97ba12dc5f8f}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

D:\Software\Fire fox\components\
aboutCertError.js
aboutPrivateBrowsing.js
aboutRights.js
aboutRobots.js
aboutSessionRestore.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nppl3260.xpt
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

D:\Software\Fire fox\plugins\
npdeployJava1.dll
npnul32.dll
NPOFF12.DLL
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpjplug.dll
QuickTimePlugin.class

D:\Software\Fire fox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Ja\Data aplikací\Mozilla\Firefox\Profiles\79j90jeh.default\extensions\
personas@christopher.beard
staged-xpis
{800b5000-a755-47e1-992b-48a1c1357f07}
{a6e4a4eb-d169-4e99-8988-250fcbafe767}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

C:\Documents and Settings\Ja\Data aplikací\Mozilla\Firefox\Profiles\79j90jeh.default\searchplugins\
icqplugin.xml
Search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-08-31 1312040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-12-21 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431}
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-11-21 1054520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-01-16 13680640]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-12-21 185872]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2010-04-12 180224]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-05-02 348624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
""C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe""= []
"fsm"= []
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2008-11-09 2356088]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2012-06-08 880496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-07-18 451872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 171008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ja^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-01-15 393216]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Documents and Settings\Ja\Nabídka Start\Programy\Po spuštění
Automatické vypnutí počítače.lnk - C:\Program Files\Automatické vypnutí počítače\avp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Software\ICQ\ICQ6\ICQ.exe"="D:\Software\ICQ\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\Software\inštalačky\uTorrent\uTorrent.exe"="D:\Software\inštalačky\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Software\HRY\Valve\hl.exe"="D:\Software\HRY\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\Software\Ares\Ares.exe"="D:\Software\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Documents and Settings\Ja\Plocha\ODKAZY\uTorrent.exe"="C:\Documents and Settings\Ja\Plocha\ODKAZY\uTorrent.exe:*:Enabled:µTorrent"
"D:\Software\inštalačky\Age Of Empires II\empires2.exe"="D:\Software\inštalačky\Age Of Empires II\empires2.exe:*:Disabled:Age of Empires II"
"D:\Software\HRY\cs source\CSS\hl2.exe"="D:\Software\HRY\cs source\CSS\hl2.exe:*:Enabled:hl2"
"D:\Software\flashget\flashget.exe"="D:\Software\flashget\flashget.exe:*:Enabled:Flashget"
"D:\Software\aresko\Ares\Ares.exe"="D:\Software\aresko\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Disabled:Run a DLL as an App"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Scientist\Plocha\ODKAZY\uTorrent.exe"="C:\Documents and Settings\Scientist\Plocha\ODKAZY\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\winbox.exe"="E:\winbox.exe:*:Enabled:winbox"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"D:\Software\winamp\winamp.exe"="D:\Software\winamp\winamp.exe:*:Enabled:Winamp"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"E:\Battlefield 2\Bf2_w32ded.exe"="E:\Battlefield 2\Bf2_w32ded.exe:*:Disabled:Bf2_w32ded"
"C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter"
"C:\Documents and Settings\Ja\Local Settings\Temp\OnlineUpdate8\SetupXu.exe"="C:\Documents and Settings\Ja\Local Settings\Temp\OnlineUpdate8\SetupXu.exe:*:Enabled:Nero ControlCenter"
"D:\Software\Nero 8\Nero\Nero8\Nero ShowTime\ShowTime.exe"="D:\Software\Nero 8\Nero\Nero8\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime"
"D:\Software\HRY\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe"="D:\Software\HRY\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"D:\CALL OF DUTY 5\call.of.duty.world.at.war\Call.Of.Duty.World.At.War-RELOADED\rld-cod5\Setup\Data\CoDWaW.exe"="D:\CALL OF DUTY 5\call.of.duty.world.at.war\Call.Of.Duty.World.At.War-RELOADED\rld-cod5\Setup\Data\CoDWaW.exe:*:Disabled:Call of Duty(R): World at War Campaign/Coop"
"D:\Software\HRY\GTA IV\Grand Theft Auto IV\GTAIV.exe"="D:\Software\HRY\GTA IV\Grand Theft Auto IV\GTAIV.exe:*:Disabled:Grand Theft Auto IV"
"D:\Software\ICQ\ICQ6.5\ICQ.exe"="D:\Software\ICQ\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Software\VOip\12Voip\12Voip.exe"="D:\Software\VOip\12Voip\12Voip.exe:*:Enabled:12Voip"
"D:\Software\Fire fox\firefox.exe"="D:\Software\Fire fox\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\Ja\Local Settings\Temp\IXP000.TMP\smwinvnc.exe"="C:\Documents and Settings\Ja\Local Settings\Temp\IXP000.TMP\smwinvnc.exe:*:Enabled:TightVNC Win32 Server"
"C:\Documents and Settings\Ja\Local Settings\Temp\IXP000.TMP\SMPCSetup.exe"="C:\Documents and Settings\Ja\Local Settings\Temp\IXP000.TMP\SMPCSetup.exe:*:Enabled:SMPCSetup"
"C:\Documents and Settings\Ja\Local Settings\Temp\IXP001.TMP\SMPCSetup.exe"="C:\Documents and Settings\Ja\Local Settings\Temp\IXP001.TMP\SMPCSetup.exe:*:Enabled:SMPCSetup"
"C:\Documents and Settings\Ja\Local Settings\Temp\IXP001.TMP\smwinvnc.exe"="C:\Documents and Settings\Ja\Local Settings\Temp\IXP001.TMP\smwinvnc.exe:*:Enabled:TightVNC Win32 Server"
"C:\Documents and Settings\Ja\Local Settings\Temp\IXP002.TMP\SMPCSetup.exe"="C:\Documents and Settings\Ja\Local Settings\Temp\IXP002.TMP\SMPCSetup.exe:*:Enabled:SMPCSetup"
"C:\Documents and Settings\Ja\Local Settings\Temp\IXP002.TMP\smwinvnc.exe"="C:\Documents and Settings\Ja\Local Settings\Temp\IXP002.TMP\smwinvnc.exe:*:Enabled:TightVNC Win32 Server"
"C:\Documents and Settings\Ja\Local Settings\Temp\IXP004.TMP\SMPCSetup.exe"="C:\Documents and Settings\Ja\Local Settings\Temp\IXP004.TMP\SMPCSetup.exe:*:Enabled:SMPCSetup"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"F:\Age of empires2\AgeofEmpires2\Age of Empires II\Age of Empires II\EMPIRES2.EXE"="F:\Age of empires2\AgeofEmpires2\Age of Empires II\Age of Empires II\EMPIRES2.EXE:*:Disabled:Age of Empires II"
"G:\Age of empires2\AgeofEmpires2\Age of Empires II\Age of Empires II\EMPIRES2.EXE"="G:\Age of empires2\AgeofEmpires2\Age of Empires II\Age of Empires II\EMPIRES2.EXE:*:Disabled:Age of Empires II"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"msacm.divxa32"=msaud32_divx.acm
"vidc.XVID"=xvidvfw.dll
"VIDC.YV12"=xvidvfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-07-15 10:26:55 ----D---- C:\Program Files\trend micro
2012-07-15 10:26:53 ----D---- C:\rsit
2012-06-30 12:01:33 ----D---- C:\Program Files\Panasonic
2012-06-25 21:00:26 ----D---- C:\WINDOWS\system32\NtmsData
2012-06-25 20:59:40 ----D---- C:\Documents and Settings\Ja\Data aplikací\Avira
2012-06-25 20:53:56 ----A---- C:\WINDOWS\system32\drivers\avkmgr.sys
2012-06-25 20:53:55 ----D---- C:\Program Files\Avira
2012-06-25 20:53:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2012-06-25 20:53:55 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys

======List of files/folders modified in the last 1 month======

2012-07-15 10:27:29 ----D---- C:\WINDOWS\Temp
2012-07-15 10:26:55 ----D---- C:\Program Files
2012-07-15 09:18:48 ----D---- C:\WINDOWS\Prefetch
2012-07-14 20:33:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-07-14 11:17:35 ----D---- C:\Documents and Settings\Ja\Data aplikací\Adobe
2012-07-12 15:05:51 ----D---- C:\Documents and Settings\Ja\Data aplikací\uTorrent
2012-07-12 15:04:14 ----A---- C:\WINDOWS\avp.ini
2012-06-25 21:00:28 ----D---- C:\WINDOWS
2012-06-25 21:00:26 ----D---- C:\WINDOWS\system32
2012-06-25 21:00:26 ----D---- C:\WINDOWS\repair
2012-06-25 20:59:48 ----D---- C:\WINDOWS\Registration
2012-06-25 20:54:19 ----D---- C:\WINDOWS\system32\CatRoot
2012-06-25 20:53:56 ----D---- C:\WINDOWS\system32\drivers
2012-06-25 20:52:18 ----D---- C:\WINDOWS\system32\CatRoot2
2012-06-25 20:45:33 ----D---- C:\WINDOWS\system32\LogFiles
2012-06-25 20:43:38 ----D---- C:\Program Files\Spybot - Search & Destroy
2012-06-25 20:40:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2012-06-25 20:21:28 ----D---- C:\WINDOWS\system32\drivers\etc
2012-06-19 13:48:07 ----A---- C:\WINDOWS\wincmd.ini
2012-06-17 15:47:14 ----SHD---- C:\WINDOWS\Installer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-04-24 100736]
R0 nvgts;nvgts; C:\WINDOWS\system32\DRIVERS\nvgts.sys [2008-11-12 145952]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-09-28 682232]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 36864]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-04-27 137928]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 mbmiodrvr;mbmiodrvr; \??\C:\WINDOWS\system32\mbmiodrvr.sys []
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2010-04-12 59388]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2012-04-25 83392]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-16 6305120]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-01 54784]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-01 22016]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S1 glaide32;glaide32; \??\C:\WINDOWS\system32\drivers\glaide32.sys []
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 CoolerXPDriver;CoolerXPDriver; \??\D:\Software\pc alert\NTCooler.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\DOCUME~1\Ja\LOCALS~1\Temp\EverestDriver.sys []
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2007-11-20 104320]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2012-05-02 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-07-25 79136]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-16 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-06-20 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-06-20 103736]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate1c9a01a865887b4;Služba Google Update (gupdate1c9a01a865887b4); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-08 133104]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-12-23 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-08 133104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------
Pokračujem stiahnutím Rougekiller, scan a vložím log.

[Márty84]

Zdravim a omlouvam se kolegovi za vstup.

Zdravím prosim taktiež o pomoc s týmto svinstvom... Na PC mám velké množstvo dát a nechcem onič prísť, postup som preštudoval, takže zasielam log z RSIT:........

Pokračujem stiahnutím Rougekiller, scan a vložím log.

Takhle to tu nefunguje, prectete si pravidla fora.
Zalozte si vlastni tema, vlozte tam log z RSIT a pockejte, nez se vas nekdo ujme. Zadne dalsi kroky radeji nedelejte! Kazdy pocitac je jiny a stejny postup nemusi zabrat. Akorat tim znesnadnite lecbu

[jurasko2]

Správa z rougekiller :

RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operačný systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spustené v : Normálny režim
Užívateľ: Ja [Práva Správcu]
Režim: Kontrola -- Dátum: 07/15/2012 10:45:41

¤¤¤ Škodlivé procesy: 1 ¤¤¤
[WINDOW : Security Shield] mibdnxvz.exe -- C:\Documents and Settings\Ja\Local Settings\Data aplikací\mibdnxvz.exe -> KILLED [TermProc]

¤¤¤ Záznamy Registrov: 3 ¤¤¤
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač: [NAHRATÉ] ¤¤¤
SSDT[25] : NtClose @ 0x805B1CC6 -> HOOKED (Unknown @ 0xEF498764)
SSDT[41] : NtCreateKey @ 0x8061A312 -> HOOKED (Unknown @ 0xEF49871E)
SSDT[50] : NtCreateSection @ 0x805A076C -> HOOKED (Unknown @ 0xEF49876E)
SSDT[53] : NtCreateThread @ 0x805C7294 -> HOOKED (Unknown @ 0xEF498714)
SSDT[63] : NtDeleteKey @ 0x8061A7A2 -> HOOKED (Unknown @ 0xEF498723)
SSDT[65] : NtDeleteValueKey @ 0x8061A972 -> HOOKED (Unknown @ 0xEF49872D)
SSDT[68] : NtDuplicateObject @ 0x805B38DA -> HOOKED (Unknown @ 0xEF49875F)
SSDT[98] : NtLoadKey @ 0x8061C50E -> HOOKED (Unknown @ 0xEF498732)
SSDT[122] : NtOpenProcess @ 0x805C1322 -> HOOKED (Unknown @ 0xEF498700)
SSDT[128] : NtOpenThread @ 0x805C15AE -> HOOKED (Unknown @ 0xEF498705)
SSDT[177] : NtQueryValueKey @ 0x8061854A -> HOOKED (Unknown @ 0xEF498787)
SSDT[193] : NtReplaceKey @ 0x8061C3BE -> HOOKED (Unknown @ 0xEF49873C)
SSDT[200] : NtRequestWaitReplyPort @ 0x8059810E -> HOOKED (Unknown @ 0xEF498778)
SSDT[204] : NtRestoreKey @ 0x8061BCCA -> HOOKED (Unknown @ 0xEF498737)
SSDT[213] : NtSetContextThread @ 0x805C79B6 -> HOOKED (Unknown @ 0xEF498773)
SSDT[237] : NtSetSecurityObject @ 0x805B604C -> HOOKED (Unknown @ 0xEF49877D)
SSDT[247] : NtSetValueKey @ 0x80618898 -> HOOKED (Unknown @ 0xEF498728)
SSDT[255] : NtSystemDebugControl @ 0x8060E266 -> HOOKED (Unknown @ 0xEF498782)
SSDT[257] : NtTerminateProcess @ 0x805C8CB6 -> HOOKED (Unknown @ 0xEF49870F)
S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xEF498796)
S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xEF49879B)
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7219B40)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7219B40)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7219B40)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] prosync1.sys @ 0xF798D6C1)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7219B40)
IRP[IRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7219B40)

¤¤¤ Nákaza : Rogue.AntiSpy-ST ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
[...]


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: HDT72251 6DLA380 SCSI Disk Device +++++
--- User ---
[MBR] 77e91f9b2973f2e4f339cc116df09bf3
[BSP] 20137740145e4b8b19f1416352db2277 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 17006 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 34828920 | Size: 140058 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončené : << RKreport[1].txt >>
RKreport[1].txt

Pokračujem spustením Rougekiller, zmazaním a pridám ďalší log.

[jurasko2]

Log z Rougekiller po zmazaní :

RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operačný systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spustené v : Normálny režim
Užívateľ: Ja [Práva Správcu]
Režim: Odebrať -- Dátum: 07/15/2012 10:52:43

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrov: 3 ¤¤¤
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač: [NAHRATÉ] ¤¤¤
SSDT[25] : NtClose @ 0x805B1CC6 -> HOOKED (Unknown @ 0xEF498764)
SSDT[41] : NtCreateKey @ 0x8061A312 -> HOOKED (Unknown @ 0xEF49871E)
SSDT[50] : NtCreateSection @ 0x805A076C -> HOOKED (Unknown @ 0xEF49876E)
SSDT[53] : NtCreateThread @ 0x805C7294 -> HOOKED (Unknown @ 0xEF498714)
SSDT[63] : NtDeleteKey @ 0x8061A7A2 -> HOOKED (Unknown @ 0xEF498723)
SSDT[65] : NtDeleteValueKey @ 0x8061A972 -> HOOKED (Unknown @ 0xEF49872D)
SSDT[68] : NtDuplicateObject @ 0x805B38DA -> HOOKED (Unknown @ 0xEF49875F)
SSDT[98] : NtLoadKey @ 0x8061C50E -> HOOKED (Unknown @ 0xEF498732)
SSDT[122] : NtOpenProcess @ 0x805C1322 -> HOOKED (Unknown @ 0xEF498700)
SSDT[128] : NtOpenThread @ 0x805C15AE -> HOOKED (Unknown @ 0xEF498705)
SSDT[177] : NtQueryValueKey @ 0x8061854A -> HOOKED (Unknown @ 0xEF498787)
SSDT[193] : NtReplaceKey @ 0x8061C3BE -> HOOKED (Unknown @ 0xEF49873C)
SSDT[200] : NtRequestWaitReplyPort @ 0x8059810E -> HOOKED (Unknown @ 0xEF498778)
SSDT[204] : NtRestoreKey @ 0x8061BCCA -> HOOKED (Unknown @ 0xEF498737)
SSDT[213] : NtSetContextThread @ 0x805C79B6 -> HOOKED (Unknown @ 0xEF498773)
SSDT[237] : NtSetSecurityObject @ 0x805B604C -> HOOKED (Unknown @ 0xEF49877D)
SSDT[247] : NtSetValueKey @ 0x80618898 -> HOOKED (Unknown @ 0xEF498728)
SSDT[255] : NtSystemDebugControl @ 0x8060E266 -> HOOKED (Unknown @ 0xEF498782)
SSDT[257] : NtTerminateProcess @ 0x805C8CB6 -> HOOKED (Unknown @ 0xEF49870F)
S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xEF498796)
S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xEF49879B)
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7219B40)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7219B40)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7219B40)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] prosync1.sys @ 0xF798D6C1)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7219B40)
IRP[IRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7219B40)

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
[...]


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: HDT72251 6DLA380 SCSI Disk Device +++++
--- User ---
[MBR] 77e91f9b2973f2e4f339cc116df09bf3
[BSP] 20137740145e4b8b19f1416352db2277 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 17006 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 34828920 | Size: 140058 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončené : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt


Prisím, čo mám ďalej robiť?

[vyosek]

Zdravim

Kolega pise at si zalozite nove tema a vy stejne pokracujete v puvodnim. Temata jsem tedy z pozice moderatora rozdelil at se nam nepletou.

Odinstalujte ICQ Toolbar

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[jurasko2]

Zdravím, odpoveď som si všimol neskoro, založil som nové táma, prosím pokračujme tam, ICQ toolbar mažem.

[vyosek]

Nikoliv, pokracovani zde

Smazte ICQ Toolbar a udelejte ComboFix

[jurasko2]

Po restarte PC pri pouziti kombofix-u sa automaticky spustili programy po spustení (U torrent, Virtual clone drive, aktivoval sa antivirák Avira) utorrent a virtualnu mechaniku som hneď vypol.
to len pre info, ci to nemože mať vplyv na log z kombofixu, ten prikladám:

ComboFix 12-07-14.01 - Ja . 07. 2012 11:33:40.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1029.18.1023.573 [GMT 2:00]
Running from: c:\documents and settings\Ja\Plocha\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ja\Local Settings\Data aplikací\mibdnxvz.exe
c:\documents and settings\Ja\WINDOWS
C:\dsc_0664.jpg
c:\program files\FLV Direct Player
c:\program files\FLV Direct Player\downloading.swf
c:\program files\FLV Direct Player\FLVPlayer.exe
c:\program files\FLV Direct Player\player.swf
c:\program files\FLV Direct Player\preload.swf
c:\program files\FLV Direct Player\Skin\DirectFLV\Button.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\Logo.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\skin.xml
c:\program files\FLV Direct Player\Skin\DirectFLV\SysCloseButton.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\SysMaxButton.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\SysMinButton.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\Window.bmp
c:\program files\FLV Direct Player\uninstall.exe
C:\Thumbs.db
c:\windows\iun6002.exe
c:\windows\jestertb.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\ntfs.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_glaide32
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-15 08:26 . 2012-07-15 09:16 -------- d-----w- c:\program files\trend micro
2012-07-15 08:26 . 2012-07-15 08:28 -------- d-----w- C:\rsit
2012-07-02 12:40 . 2012-07-02 12:40 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\McAfee
2012-06-30 10:01 . 2012-06-30 10:01 -------- d-----w- c:\program files\Panasonic
2012-06-25 19:00 . 2012-06-25 19:00 -------- d-----w- c:\windows\system32\NtmsData
2012-06-25 18:59 . 2012-06-25 18:59 -------- d-----w- c:\documents and settings\Ja\Data aplikací\Avira
2012-06-25 18:53 . 2012-04-16 19:18 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-25 18:53 . 2012-06-25 18:53 -------- d-----w- c:\program files\Avira
2012-06-25 18:53 . 2012-06-25 18:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avira
2012-06-25 18:53 . 2012-04-27 08:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 22:32 . 2009-08-22 20:37 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2004-08-26 19:56 . 2004-08-26 19:56 837120 ----a-w- c:\program files\did_nem.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-06-08 880496]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-16 13680640]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-21 185872]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Ja\Nabídka Start\Programy\Po spuštění\
Automatické vypnutí počítače.lnk - c:\program files\Automatické vypnutí počítače\avp.exe [2004-12-28 443392]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ja^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Ja\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-07-18 15:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 07:52 171008 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-01-16 01:42 1657376 ----a-w- c:\windows\system32\nwiz.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Software\\HRY\\Valve\\hl.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"d:\\Software\\Ares\\Ares.exe"=
"d:\\Software\\HRY\\cs source\\CSS\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Software\\winamp\\winamp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Software\\Fire fox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28. 9. 2008 16:04 682232]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [25. 6. 2012 20:53 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25. 6. 2012 20:53 86224]
S2 gupdate1c9a01a865887b4;Služba Google Update (gupdate1c9a01a865887b4);c:\program files\Google\Update\GoogleUpdate.exe [8. 3. 2009 20:20 133104]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [4. 5. 2011 16:21 247608]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\docume~1\Ja\LOCALS~1\Temp\EverestDriver.sys --> c:\docume~1\Ja\LOCALS~1\Temp\EverestDriver.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8. 3. 2009 20:20 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15. 1. 2010 14:49 227232]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 15:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 18:19]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 18:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - d:\software\MSOFFI~1\Office12\EXCEL.EXE/3000
IE: Prevziať pomocou FDM - file://c:\program files\Free Download Manager\dllink.htm
IE: Prevziať video pomocou FDM - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Prevziať vybrané pomocou FDM - file://c:\program files\Free Download Manager\dlselected.htm
IE: Prevziať všetko pomocou FDM - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Ja\Data aplikací\Mozilla\Firefox\Profiles\79j90jeh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\software\Fire fox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: LoudMo Contextual Ad Assistant: {66822507-a6f9-9e39-e658-97ba12dc5f8f} - d:\software\Fire fox\extensions\{66822507-a6f9-9e39-e658-97ba12dc5f8f}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - d:\software\Fire fox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - d:\software\Fire fox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - d:\software\Fire fox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: isoHunt Toolbar: {a6e4a4eb-d169-4e99-8988-250fcbafe767} - %profile%\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{a6e4a4eb-d169-4e99-8988-250fcbafe767} - (no file)
HKCU-Run-c:\program files\Lavalys\EVEREST Ultimate Edition\everest.exe - (no file)
HKCU-Run-fsm - (no file)
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-15 11:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\"c:\\Program Files\\Lavalys\\EVEREST Ultimate Edition\\everest.exe\""=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\¤á*•‘|\comctl32.dll]
"MUIVer"=hex(b):52,04,f0,0a,00,00,06,00
"000600000b540ba6"=dword:00000001
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\č*•‘|\COMCTL32.dll]
"MUIVer"=hex(b):52,04,f0,0a,00,00,06,00
"000600000b540ba6"=dword:00000001
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\ěę*•‘|\comctl32.dll]
"MUIVer"=hex(b):52,04,f0,0a,00,00,06,00
"000600000b540884"=dword:00000001
"000600000b540ba6"=dword:00000001
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\Üí*•‘|\COMCTL32.dll]
"MUIVer"=hex(b):52,04,f0,0a,00,00,06,00
"000600000b540ba6"=dword:00000001
.
[HKEY_USERS\S-1-5-21-1547161642-725345543-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{32C3BCBA-B6C7-2697-979F-149552FB71F1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iafkhflcgdmjginnhf"=hex:69,61,6d,6e,67,63,63,68,6d,6c,65,65,6b,6d,61,63,6e,61,
00,00
"hapgbdlieeagobgm"=hex:6a,61,6a,6e,6c,62,67,66,67,68,68,66,67,65,6b,6e,6a,6f,
67,6f,00,00
"abjhhdnlfbfnhfepgefgajibamindkgkgl"=hex:61,61,00,74
"makhcanijmpmcehockpdpejfpf"=hex:61,61,00,74
.
[HKEY_USERS\S-1-5-21-1547161642-725345543-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:9b,f8,b0,9f,c7,13,e9,1c,e2,cb,3b,6b,b7,c8,16,ae,e4,1a,45,03,7c,
14,59,59,5d,67,d1,6d,71,bf,96,57,3c,27,23,74,bd,5f,06,d9,0e,84,53,74,a2,af,\
"rkeysecu"=hex:69,de,ff,d1,b0,3e,7e,b5,1e,e8,e8,7e,ed,3a,f4,95
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="18B770D1EC93506E100A57741953AE38DBB8E09673133C72222874CF3A934E5F64EF644B7AF0B515402B0F673A348D1F7653C8E6E976513BCEA5252A2714C41ABD24FD80D4ED2ABA639B5C07FEBAD34B5BBF24188BECEF28D255164644A2BBD67A6B9E6C27A87728C0A9F84F8D0EAB57DCA61F481EC4C94230D4880314D40D316AFB3BD0512237AA11452E8244B7975F4351F7591C31E399D7E9CE854D2A6148CD35DC316540DA930405592532276B0648B002F1B1CA99BF347CD3B1D901B73F5817A0D4ACCB24B539A46D009CAE51719B5624FB418C96CCA11791FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79338EDD5E5BE2F6E667BA7FD869164D67943B8166EA7D8DC6D36526EDF676AB31AAF441A30A3A98B18E7AF5AC9B30394201A41C543CC00093712B7BF0EF4D81373952CAD654B8E3D7727806D61DF79B0A10AE9552D540F721D7F03F6202B87F1C9ADBEA03FE4199204B7F3AD941C91200593E6A895A3A5C5B66B9899253E53947C35178C2D2931B074433C63D9516E959DB754C8ABCEE09CF904AA73B5D87B7BD3CBB7E18EDF43DAD1AFA90E90152E5F0A9BD9E4647254B33DDAD9C766DD3F6AC20663BE645AA495A9D06352D3876BA43E7C57993952767D969331D452706E5E3A0E021F81E027B7334C083B6C87F9473527E2B2C97C013C0E16A13097EDDE8D601FC557815CA0507D7E2009E116E1047B79B332F94447B860C2B9A8ABD1CD81D1AD1B47616580B4715E1E0DCC6C6BF28F718459E24083EEC3D0F0775030981F4D8BB4DE8668127868D7A914FEF91A9A38B2FCA6132E5EDDCE1F45D58406D22BA3BD95F279A22E54076AD323869DB47EDFBE36041803A935E78FDD526B91AEF74580E64EB209A470F183F17BA62B686D9677AD66CA3E728A39591DFB78BE0914AD68005DA33CEC1B5D13746615FB54AE27FFBB17604541B7D5F599BC721972586731C21F568A53E9813E0FC99B6F2E7A70CB4AA555F68D0E191C2DFF53E98B71BFD104AA6A50B9A40E1CE28B5960AA9E8E6B8ADE245129DEE7B0035C47745CF1ADBCE473926ED25D8D7D1ED697C9A4E0C7D59DB5E1B4350E00188599BB6FC64BC831192DDF7C2A5B42285A550BC4C869C52B387E81A72A41C18953D48BA29625E04515AA87F01534801C358E400C4F8C7FBA03C8ACE974FA6CCA4877793B1A8FE7ACD829271A45C2CCBAC480B40B2BFDD25C534AB99B1762BBE79913DA8088BC11D0B9F77D9AD609E69A568865045E8578B05E19C2F4136792019E891331DD36F33CEFD98171EF67E58D65E82D03276CC0208680F98CC9B0538CD4D4FBF673D749AA51B9A5B7FA6512A2B080B3B31DEFCEC3DA099B2DE2CE2E3A6B737B263765FC15D2904AFDB"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3592)
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Automatické vypnutí poc:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\avira\antivir desktop\ipmGui.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-07-15 11:44:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-15 09:44
.
Pre-Run: 1 099 616 256
Post-Run: 1 208 496 128
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F4A3B4784AD9BE7411A1A950ABB0D7AB

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  DeQuarantine::
  c:\Qoobox\c\program files\FLV Direct Player
  
  Ignore::
  c:\program files\FLV Direct Player
  
  FileLook::
  c:\windows\pchealth\helpctr\binaries\msconfig.exe
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "uTorrent"=-
  "ctfmon.exe"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "TkBellExe"=-
  "PWRISOVM.EXE"=-
  "SunJavaUpdateSched"=-
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
  
  File::
  c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  
  Folder::
  c:\program files\ICQ6Toolbar
  
  Driver::
  gupdate1c9a01a865887b4
  gupdatem
  ICQ Service
  
  DDS::
  uStart Page = hxxp://start.icq.com/
  
  Firefox::
  FF - ProfilePath - c:\documents and settings\Ja\Data aplikací\Mozilla\Firefox\Profiles\79j90jeh.default\
  FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch ... ps&search=
  FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.9&q=
  
  RegLock::
  [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\¤á*•‘|\comctl32.dll]
  [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\č*•‘|\COMCTL32.dll]
  [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\ěę*•‘|\comctl32.dll]
  [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\Üí*•‘|\COMCTL32.dll]
  
  RegNull::
  [HKEY_USERS\S-1-5-21-1547161642-725345543-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{32C3BCBA-B6C7-2697-979F-149552FB71F1}*]
  [HKEY_USERS\S-1-5-21-1547161642-725345543-682003330-1004\Software\SecuROM\License information*]
  [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[jurasko2]

Combo fix ma upozornil že mám vypnúť Aviru a potom stlačiť OK.
tak som to spravil.

ComboFix 12-07-14.01 - Ja . 07. 2012 12:13:39.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1029.18.1023.600 [GMT 2:00]
Running from: c:\documents and settings\Ja\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Ja\Plocha\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\ICQ6Toolbar\voucher.bmp
c:\program files\ICQ6Toolbar\voucher2.bmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE1C9A01A865887B4
-------\Legacy_ICQ_SERVICE
-------\Service_gupdate1c9a01a865887b4
-------\Service_gupdatem
-------\Service_ICQ Service
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-15 08:26 . 2012-07-15 09:16 -------- d-----w- c:\program files\trend micro
2012-07-15 08:26 . 2012-07-15 08:28 -------- d-----w- C:\rsit
2012-07-02 12:40 . 2012-07-02 12:40 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\McAfee
2012-06-30 10:01 . 2012-06-30 10:01 -------- d-----w- c:\program files\Panasonic
2012-06-25 19:00 . 2012-06-25 19:00 -------- d-----w- c:\windows\system32\NtmsData
2012-06-25 18:59 . 2012-06-25 18:59 -------- d-----w- c:\documents and settings\Ja\Data aplikací\Avira
2012-06-25 18:53 . 2012-04-16 19:18 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-25 18:53 . 2012-06-25 18:53 -------- d-----w- c:\program files\Avira
2012-06-25 18:53 . 2012-06-25 18:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avira
2012-06-25 18:53 . 2012-04-27 08:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 22:32 . 2009-08-22 20:37 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2004-08-26 19:56 . 2004-08-26 19:56 837120 ----a-w- c:\program files\did_nem.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\pchealth\helpctr\binaries\msconfig.exe ---
Company: Microsoft Corporation
File Description: Nástroj pro konfiguraci systému
File Version: 5.1.2600.5512 (xpsp.080413-2108)
Product Name: Operační systém Microsoft® Windows®
Copyright: © Microsoft Corporation. Všechna práva vyhrazena.
Original Filename: msconfig.EXE
File size: 171008
Created time: 2008-02-13 17:47
Modified time: 2008-04-14 07:52
MD5: FD81126B2CD9BE077A56B27A84CF11B7
SHA1: F759088AC0E9D94F47BC620809EFFA35D08DE4BC
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-15_09.40.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-15 10:19 . 2012-07-15 10:19 16384 c:\windows\temp\Perflib_Perfdata_48c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-16 13680640]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Ja\Nabídka Start\Programy\Po spuštění\
Automatické vypnutí počítače.lnk - c:\program files\Automatické vypnutí počítače\avp.exe [2004-12-28 443392]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ja^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Ja\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-07-18 15:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-01-16 01:42 1657376 ----a-w- c:\windows\system32\nwiz.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Software\\HRY\\Valve\\hl.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"d:\\Software\\Ares\\Ares.exe"=
"d:\\Software\\HRY\\cs source\\CSS\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Software\\winamp\\winamp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Software\\Fire fox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28. 9. 2008 16:04 682232]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [25. 6. 2012 20:53 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25. 6. 2012 20:53 86224]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\docume~1\Ja\LOCALS~1\Temp\EverestDriver.sys --> c:\docume~1\Ja\LOCALS~1\Temp\EverestDriver.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15. 1. 2010 14:49 227232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 15:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - d:\software\MSOFFI~1\Office12\EXCEL.EXE/3000
IE: Prevziať pomocou FDM - file://c:\program files\Free Download Manager\dllink.htm
IE: Prevziať video pomocou FDM - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Prevziať vybrané pomocou FDM - file://c:\program files\Free Download Manager\dlselected.htm
IE: Prevziať všetko pomocou FDM - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Ja\Data aplikací\Mozilla\Firefox\Profiles\79j90jeh.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - google.sk
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\software\Fire fox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: LoudMo Contextual Ad Assistant: {66822507-a6f9-9e39-e658-97ba12dc5f8f} - d:\software\Fire fox\extensions\{66822507-a6f9-9e39-e658-97ba12dc5f8f}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - d:\software\Fire fox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - d:\software\Fire fox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - d:\software\Fire fox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: isoHunt Toolbar: {a6e4a4eb-d169-4e99-8988-250fcbafe767} - %profile%\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-c:\program files\Lavalys\EVEREST Ultimate Edition\everest.exe - (no file)
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-15 12:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\"c:\\Program Files\\Lavalys\\EVEREST Ultimate Edition\\everest.exe\""=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\¤á*•‘|\comctl32.dll]
"MUIVer"=hex(b):52,04,f0,0a,00,00,06,00
"000600000b540ba6"=dword:00000001
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\č*•‘|\COMCTL32.dll]
"MUIVer"=hex(b):52,04,f0,0a,00,00,06,00
"000600000b540ba6"=dword:00000001
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\ěę*•‘|\comctl32.dll]
"MUIVer"=hex(b):52,04,f0,0a,00,00,06,00
"000600000b540884"=dword:00000001
"000600000b540ba6"=dword:00000001
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\Üí*•‘|\COMCTL32.dll]
"MUIVer"=hex(b):52,04,f0,0a,00,00,06,00
"000600000b540ba6"=dword:00000001
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(508)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
c:\program files\avira\antivir desktop\ipmGui.exe
.
**************************************************************************
.
Completion time: 2012-07-15 12:23:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-15 10:23
ComboFix2.txt 2012-07-15 09:44
.
Pre-Run: 1 223 323 648
Post-Run: 1 200 807 936
.
- - End Of File - - 50431005D98C7084E952912ED3318FA6

[vyosek]

Super, jak se chova nas pacient

[jurasko2]

Zatial je všetko na prvý pohľad v poriadku, velká vďaka!!
Tomu pánovi čo mal rovnaký problém ako ja ste ešte naordinovali
vyčistenie PC pomocou myslím troch rôznych programov, posledný bol CC cleaner.
Spravíme aj niečo také? prípadne čo s antivirákom? Tá Avira asi nieje dobrá, keď pustila toto svinstvo?

[vyosek]

Uklid se dela vzdy po ukonceni leceni, ani vas "nemine"

Avira je slusny antivir, tyto smejdy se daji chytit mnoho zpusoby a zadny antivir vas neochrani na 100%

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

[jurasko2]

Som veľmi povďačný a ako sa môžem vyvarovať opätovnému nakazeniu napríklad tým
Security shield? netuším od kial som to mohol schytať, len som hladal nejaké obrázky cez google..

[vyosek]

Pro bezpeci PC je nejdulezitejsi rozum = neklikat na kdejakou skakajici a blikajici blbinu, nenavstevovat pochybne weby (porno apod), cracky atd...Zkratka at nejsou prsty rychlejsi nez hlava...

Jinak nemate zac, rado se stalo