nemohu spustit exe programy jako jsou IObit, Trojan remover

[ahmedan]

Dobry vecer, Chtel bych Vas moc poprosit o pomoc. Stahnul jsem si svou pitomosti do pocitace nejaky program ktery mel byt Keygen a kdyz jsem ho spustil tak neco probehlo a tento exe program ihned zmizel a neni videt. Od te doby mi bezel internet velni pomalu tim myslim ze kdyz jsem otevrel Mozilu stranky mi nabihaly nekonecne dlouho a kdyz jsem napsal napriklad do googlu - co je to Pmonitor.exe - stranka se nabihala dlouho a potom ukoncila nacitani a na strance nebylo vubec nic videt. Kdyz chci spustit programy jako je IObit.exe tak se nespusti. Kdyz pustim program Trojan remover a spustim scan - scan zacne a po chvilce se program vypne. Rovnez se mi stava ze kdyz stahnu napriklad exe programy jako RSIT.exe a spustim ho - hlasi mi to Ze nemam pristupova prava k tomuto programu a proto ho nelze spustit. Rovnez se mi stane ze tento program mi uz potom nejde vubec spusit -- hlasi to chyba pri spusteni programu. Prosim Vas z celeho srdce pomozte mi jak se toho mam zbavit !Predem Vam dekuji Petr

[Rudy]

Nejprve dejte log z RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 . Pokud by nešel normálně spustit, proveďte sken v nouz. režimu.

[ahmedan]

Podarilo se mi spustit a provest protoze LOG.TXT se mi vytvoril Ovsem bylo to s problemy o kterych jsem psal !

Logfile of random's system information tool 1.08 (written by random/random)
Run by Admin at 2011-07-08 20:18:04
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (5%) free of 57 GB
Total RAM: 1014 MB (60% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-776561741-1343024091-842925246-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-1343024091-842925246-1003.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000001-AB3B-4334-9DA2-EC6B2A02AFC6}]
FileServeManager - C:\Program Files\FileServe Manager\FileServeBHO.dll [2011-05-25 1253656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files\Internet Download Manager\IDMIECC.dll [2011-05-30 210352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
IObit Toolbar - C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll [2011-06-24 734048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - IObit Toolbar - C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll [2011-06-24 734048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2003-10-02 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2003-10-02 118784]
"LoadFujitsuQuickTouch"=C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [2002-08-29 353792]
"LoadBtnHnd"=C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe [2003-08-20 61440]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-09-08 421888]
"FileServe Manager Task"=C:\Program Files\FileServe Manager\FSStarter.exe [2011-05-25 954648]
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2011-05-18 1233856]
"IObit Malware Fighter"=C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [2011-06-01 4385112]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-07-06 88363]
"IObit Security 360"=C:\Program Files\IObit\IObit Security 360\IS360tray.exe [2010-06-11 1280344]
""= []
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-06-24 534880]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2011-04-06 399736]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"USDownloader"=C:\USDownloader_Plus\USDownloader Plus 1.35.40 Update 22.06.2010\USDownloader.exe [2010-12-01 545792]
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2011-06-25 3380632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpSharkk]
C:\Program Files\IpSharkk\IpSharkk.exe /auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2007-11-21 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2010-07-12 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Aktualizovat ESET licenci.lnk]
C:\PROGRA~1\ESET\MINODL~1\MINODL~1.EXE -u -d 10000 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Browser Defender Update Service"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-10-02 319488]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\VertrigoServ\Mysql\bin\v_mysqld.exe"="C:\Program Files\VertrigoServ\Mysql\bin\v_mysqld.exe:*:Enabled:v_mysqld"
"C:\Program Files\VertrigoServ\Apache\bin\v_apache.exe"="C:\Program Files\VertrigoServ\Apache\bin\v_apache.exe:*:Enabled:Apache HTTP Server"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Dictionaries\eclipse-php-helios-SR1-win32\eclipse\eclipse.exe"="C:\Dictionaries\eclipse-php-helios-SR1-win32\eclipse\eclipse.exe:*:Enabled:eclipse"
"C:\Dictionaries\eclipse-cpp-helios-SR1-win32\eclipse\eclipse.exe"="C:\Dictionaries\eclipse-cpp-helios-SR1-win32\eclipse\eclipse.exe:*:Enabled:eclipse"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"E:\eclipse-cpp-helios-SR1-win32\eclipse.exe"="E:\eclipse-cpp-helios-SR1-win32\eclipse.exe:*:Enabled:eclipse"
"E:\Program Files\Opera\opera.exe"="E:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\USDownloader_Plus\USDownloader Plus 1.35.40 Update 22.06.2010\USDownloader.exe"="C:\USDownloader_Plus\USDownloader Plus 1.35.40 Update 22.06.2010\USDownloader.exe:*:Enabled:Universal Share Downloader"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Internet Download Manager\IDMan.exe"="C:\Program Files\Internet Download Manager\IDMan.exe:*:Enabled:Internet Download Manager (IDM)"
"C:\Documents and Settings\Admin\Local Settings\Temp\is-6OQVQ.tmp\SpywareDoctor.tmp"="C:\Documents and Settings\Admin\Local Settings\Temp\is-6OQVQ.tmp\SpywareDoctor.tmp:*:Enabled:Setup/Uninstall"
"C:\Program Files\Spyware Doctor\Update.exe"="C:\Program Files\Spyware Doctor\Update.exe:*:Enabled:PC Tools Smart Update"
"C:\Program Files\Trojan Remover\trupd.exe"="C:\Program Files\Trojan Remover\trupd.exe:*:Enabled:Trojan Remover Updater"
"C:\Program Files\IObit\Protected Folder\ProtectedFolder.exe"="C:\Program Files\IObit\Protected Folder\ProtectedFolder.exe:*:Enabled:Protected Folder"
"C:\Documents and Settings\Admin\Local Settings\Temp\_iu14D2N.tmp"="C:\Documents and Settings\Admin\Local Settings\Temp\_iu14D2N.tmp:*:Enabled:Setup/Uninstall"
"C:\Documents and Settings\Admin\Local Settings\Temp\is-SPFGF.tmp\IObitToolbar-stub-1.exe"="C:\Documents and Settings\Admin\Local Settings\Temp\is-SPFGF.tmp\IObitToolbar-stub-1.exe:*:Enabled:Setup Launcher Unicode"
"C:\Program Files\IObit\IObit Security 360\is360tray.exe"="C:\Program Files\IObit\IObit Security 360\is360tray.exe:*:Enabled:IObit Security 360"
"C:\Program Files\IObit\IObit Security 360\is360updater.exe"="C:\Program Files\IObit\IObit Security 360\is360updater.exe:*:Enabled:IObit Security 360 Updater"
"C:\Program Files\IObit\IObit Security 360\is360.exe"="C:\Program Files\IObit\IObit Security 360\is360.exe:*:Enabled:IObit Security 360"
"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:Windows® installer"
"C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"="C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe:*:Enabled:Search Settings"
"C:\Program Files\FileServe Manager\FileManager.exe"="C:\Program Files\FileServe Manager\FileManager.exe:*:Enabled:FileManager"
"C:\Documents and Settings\Admin\Dokumenty\Downloads\Programs\RSIT.exe"="C:\Documents and Settings\Admin\Dokumenty\Downloads\Programs\RSIT.exe:*:Enabled:RSIT"
"C:\RSIT.exe"="C:\RSIT.exe:*:Enabled:RSIT"
"C:\Documents and Settings\Admin\Dokumenty\Downloads\Programs\RSIT_2.exe"="C:\Documents and Settings\Admin\Dokumenty\Downloads\Programs\RSIT_2.exe:*:Enabled:RSIT_2"
"C:\Documents and Settings\Admin\Dokumenty\Downloads\Programs\RSIT_3.exe"="C:\Documents and Settings\Admin\Dokumenty\Downloads\Programs\RSIT_3.exe:*:Disabled:RSIT_3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2011-07-08 20:37:02 ----A---- C:\RSIT.exe
2011-07-08 20:16:31 ----D---- C:\rsit
2011-07-08 16:15:09 ----D---- C:\Documents and Settings\Admin\Data aplikací\Search Settings
2011-07-08 16:15:04 ----D---- C:\Program Files\IObit Toolbar
2011-07-08 16:15:04 ----D---- C:\Program Files\Common Files\Spigot
2011-07-08 16:15:04 ----D---- C:\Program Files\Application Updater
2011-07-08 14:53:29 ----D---- C:\Program Files\Trend Micro
2011-07-07 23:49:22 ----D---- C:\WINDOWS\CSC
2011-07-07 23:49:11 ----A---- C:\WINDOWS\ntbtlog.txt
2011-07-07 23:37:18 ----D---- C:\Program Files\Common Files\PC Tools
2011-07-07 23:37:17 ----D---- C:\Program Files\Spyware Doctor
2011-07-07 23:02:49 ----A---- C:\WINDOWS\system32\drivers\1280335526.sys
2011-07-07 12:50:43 ----D---- C:\Documents and Settings\Admin\Data aplikací\IObit
2011-07-05 00:58:42 ----A---- C:\WINDOWS\system32\wups2.dll
2011-07-05 00:58:39 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2011-07-05 00:58:38 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2011-07-05 00:58:37 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2011-07-05 00:58:33 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2011-07-04 18:05:09 ----D---- C:\Data
2011-06-30 18:57:56 ----A---- C:\WINDOWS\system32\kbdkor.dll
2011-06-30 18:57:56 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2011-06-30 18:57:56 ----A---- C:\WINDOWS\system32\kbd103.dll
2011-06-30 18:57:56 ----A---- C:\WINDOWS\system32\kbd101c.dll
2011-06-30 18:57:55 ----A---- C:\WINDOWS\system32\kbd101b.dll
2011-06-30 18:57:54 ----A---- C:\WINDOWS\system32\kbd106.dll
2011-06-30 18:55:57 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
2011-06-26 21:59:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2011-06-26 21:59:32 ----D---- C:\Program Files\IObit
2011-06-26 21:42:17 ----A---- C:\WINDOWS\jodrive32.exe.vir
2011-06-26 21:42:15 ----A---- C:\Documents and Settings\Admin\Data aplikací\479.tmp
2011-06-26 16:18:23 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2011-06-26 16:18:22 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2011-06-26 16:18:22 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2011-06-26 16:18:22 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2011-06-26 16:18:22 ----A---- C:\WINDOWS\system32\unacev2.dll
2011-06-26 16:18:18 ----D---- C:\Program Files\Trojan Remover
2011-06-26 16:18:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Simply Super Software
2011-06-26 16:18:18 ----D---- C:\Documents and Settings\Admin\Data aplikací\Simply Super Software
2011-06-26 16:09:52 ----A---- C:\WINDOWS\system32\drivers\bghx.sys
2011-06-25 16:57:30 ----D---- C:\Documents and Settings\Admin\Data aplikací\ESET
2011-06-25 15:45:52 ----D---- C:\Program Files\Common Files\SynthEdit
2011-06-25 14:58:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\SynthEdit
2011-06-24 23:53:27 ----D---- C:\Program Files\SynthEdit 1.2 Alpha
2011-06-20 00:15:14 ----D---- C:\Program Files\Common Files\SoundToys
2011-06-16 17:28:24 ----SHD---- C:\found.000
2011-06-11 01:16:21 ----A---- C:\WINDOWS\ALCFDRTM.EXE

======List of files/folders modified in the last 1 months======

2011-07-08 20:18:48 ----A---- C:\WINDOWS\WINCMD.INI
2011-07-08 20:17:45 ----D---- C:\WINDOWS\Temp
2011-07-08 20:12:08 ----D---- C:\Documents and Settings\Admin\Data aplikací\uTorrent
2011-07-08 19:54:33 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-07-08 19:50:44 ----D---- C:\WINDOWS\system32\drivers
2011-07-08 16:15:09 ----SHD---- C:\WINDOWS\Installer
2011-07-08 16:15:04 ----RD---- C:\Program Files
2011-07-08 16:15:04 ----D---- C:\WINDOWS\WinSxS
2011-07-08 16:15:04 ----D---- C:\Program Files\Common Files
2011-07-08 16:11:10 ----D---- C:\WINDOWS\system32
2011-07-08 16:10:47 ----ASH---- C:\boot.ini
2011-07-08 16:10:47 ----A---- C:\WINDOWS\win.ini
2011-07-08 16:10:46 ----A---- C:\WINDOWS\system.ini
2011-07-08 16:09:50 ----D---- C:\Documents and Settings\Admin\Data aplikací\DMCache
2011-07-08 15:16:51 ----D---- C:\WINDOWS\Prefetch
2011-07-08 15:15:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-08 15:14:14 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-08 15:03:41 ----D---- C:\Program Files\ESET
2011-07-08 15:03:09 ----D---- C:\WINDOWS
2011-07-08 14:35:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-07 23:58:47 ----D---- C:\WINDOWS\pss
2011-07-07 23:10:22 ----D---- C:\Documents and Settings\Admin\Data aplikací\IDM
2011-07-07 13:01:21 ----SD---- C:\WINDOWS\Tasks
2011-07-05 00:58:48 ----HD---- C:\WINDOWS\inf
2011-07-05 00:58:48 ----D---- C:\WINDOWS\SoftwareDistribution
2011-07-05 00:58:48 ----D---- C:\WINDOWS\Help
2011-07-03 21:01:26 ----D---- C:\Program Files\VSTPlugins
2011-07-03 20:59:58 ----D---- C:\Downloads
2011-07-01 20:00:09 ----D---- C:\Dictionaries
2011-06-28 19:40:19 ----D---- C:\Release
2011-06-28 14:02:55 ----D---- C:\WINDOWS\system32\config
2011-06-27 16:46:11 ----D---- C:\audio
2011-06-27 02:15:17 ----D---- C:\WINDOWS\srchasst
2011-06-27 02:12:48 ----SHD---- C:\RECYCLER
2011-06-26 23:14:35 ----D---- C:\WINDOWS\Logs
2011-06-26 16:09:52 --

[Rudy]

Log není sice kompletní, nicméně svinstvo tam máte. Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

I tuto utiltu lze spustit případně v nouz. režimu.

[ahmedan]

Provedl jsem dle instrukci ale kdyz jsem spustil ComboFix.exe tak se program spustil a kdyz se dokonci Progress Bar progrm skonci a na obrazovce se mi objevi DialogBox --

Chyba
!! Varovani !! neni bezpecne dale pokracovat !
Obsah a soucasti ComboFixu byly naruseny.
Stahnete si prosim novou kopii z :
http://www.bleepingcomputer.com/combofi ... e-combofix
Poznamka: Muzete byt infikovani parazitickym souborovym virem (Typicky: Virut).

Prosim co mam delat ted ??

Podaril se mi udelat log pres program UPM !

Tady je :

Kód: Vybrat vše

Windows XP SP 3 (build 2600)
Boot Mode: Normal
Ověření souborů Microsoftu: Ano
Whitelist: Ano
Internet Explorer v6.00.2900.5512 (xpsp.080413-2105)
Log vygenerován: 9.7.2011 0:51:18
================================================================

SmallARK
================================================================
[?] -> spnz.sys
[?]NtEnumerateBootEntries           -> spnz.sys
[?]umerateSystemEnvironmentValuesEx -> spnz.sys
[?]NtOpenJobObject                  -> spnz.sys
[?]NtQueryIoCompletion              -> spnz.sys
[?]NtQueryValueKey                  -> spnz.sys
[?] -> spnz.sys



Běžící procesy
================================================================

                   
C:\WINDOWS\SYSTEM32\IGFXTRAY.EXE
C:\WINDOWS\SYSTEM32\HKCMD.EXE
C:\PROGRAM FILES\FUJITSU\APPLICATION PANEL\QUICKTOUCH.EXE
C:\PROGRAM FILES\FUJITSU\BTNHND\BTNHND.EXE
C:\WINDOWS\AGRSMMSG.EXE
C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE
C:\PROGRAM FILES\JAVA\JRE6\BIN\JQS.EXE
C:\TOTALCMD\TOTALCMD.EXE
C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMAN.EXE

Scanner
================================================================
[S] services.exe                                                           
Podvržená cesta modulu:     (00050000) C:\WINDOWS\system32\CRYPTUI.dll
                                               
[?] svchost.exe                                                            
Bez výrobce                                                                
Shodná jména, jiná cesta:   SVCHOST.EXE X SVCHOST.EXE
Skrytá cesta EXE:           \.\globalroot\Device\svchost.exe\svchost.exe
Podvržená cesta modulu:     (00400000) 
Nemá okno                                                                  
                                               
[S] svchost.exe                                                            
Shodná jména, jiná cesta:   SVCHOST.EXE X SVCHOST.EXE
                                               
[S] svchost.exe                                                            
Shodná jména, jiná cesta:   SVCHOST.EXE X SVCHOST.EXE
                                               
[S] svchost.exe                                                            
Shodná jména, jiná cesta:   SVCHOST.EXE X SVCHOST.EXE
                                               
[S] svchost.exe                                                            
Shodná jména, jiná cesta:   SVCHOST.EXE X SVCHOST.EXE
                                               
[S] svchost.exe                                                            
Shodná jména, jiná cesta:   SVCHOST.EXE X SVCHOST.EXE
                                               
[S] explorer.exe                                                           
Spouští se po startu        HKLM Winlogon [Shell]
                                               
[?] igfxtray.exe                                                           
Non Microsoft v System32:                                                  
Spouští se po startu        HKLM Run [IgfxTray]
                                               
[?] hkcmd.exe                                                              
Non Microsoft v System32:                                                  
Spouští se po startu        HKLM Run [HotKeysCmds]
                                               
[?] QuickTouch.exe                                                         
Spouští se po startu        HKLM Run [LoadFujitsuQuickTouch]
Soubor                      14%
                                               
[?] BtnHnd.exe                                                             
Spouští se po startu        HKLM Run [LoadBtnHnd]
Soubor                      7%
                                               
[R] jusched.exe                                                            
Spouští se po startu        HKLM Run [SunJavaUpdateSched]
                                               
[?] AGRSMMSG.exe                                                           
Spouští se po startu        HKLM Run [AGRSMMSG]
                                               
[S] ctfmon.exe                                                             
Spouští se po startu        HKCU Run [CTFMON.EXE]
                                               
[?] ApplicationUpdater.exe                                                 
EntryPoint v sekci:         .RELOC
|_ Celkový počet sekcí:     5
Nemá okno                                                                  
Soubor                      70%
                                               
[R] is360srv.exe                                                           
EntryPoint v sekci:         .ITEXT
|_ Celkový počet sekcí:     7
                                               
[?] jqs.exe                                                                
EntryPoint v sekci:         .RSRC
|_ Celkový počet sekcí:     4
Nemá okno                                                                  
Soubor                      70%
                                               
[R] sqlservr.exe                                                           
Ověřený Microsoft:          Ne
                                               
[R] sqlwriter.exe                                                          
Ověřený Microsoft:          Ne
                                               
[?] TOTALCMD.EXE                                                           
EntryPoint v sekci:         UPX1
|_ Celkový počet sekcí:     3
Soubor                      63%
                                               
[?] IDMan.exe                                                              
Spouští se po startu        HKCU Run [IDMan]
EntryPoint v sekci:         .BRD
|_ Celkový počet sekcí:     4
Soubor                      63%
                                               
[S] svchost.exe                                                            
Shodná jména, jiná cesta:   SVCHOST.EXE X SVCHOST.EXE
                                               

Po spuštění
================================================================

HKCU Run
 |_ [R][DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun
 |_ [!][USDownloader] C:\USDownloader_Plus\USDownloader Plus 1.35.40 Update 22.06.2010\USDownloader.exe
 |_ [!][IDMan]                       C:\Program Files\Internet Download Manager\IDMan.exe /onboot

HKLM Run
 |_ [?][IgfxTray]                    C:\WINDOWS\system32\igfxtray.exe
 |_ [?][HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
 |_ [?][LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
 |_ [?][LoadBtnHnd]                  C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
 |_ [R][AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe -launchedbylogin
 |_ [?][QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime
 |_ [?][TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
 |_ [!][IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe /autostart
 |_ [?][AGRSMMSG]                    C:\WINDOWS\AGRSMMSG.exe
 |_ [R][IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe /autostart
 |_  (Soubor nenalezen)

HKLM IC
 |_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (Soubor nenalezen)
 |_ [?][{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] C:\WINDOWS\INF\msnetmtg.inf ,NetMtg.Install.PerUser.NT
 |_ [?][{5945c046-1e7d-11d1-bc44-00c04fd912be}] C:\WINDOWS\INF\msmsgs.inf ,BLC.QuietInstall.PerUser
 |_ [?][{6BF52A52-394A-11d3-B153-00C04F79FAA6}] C:\WINDOWS\INF\wmp.inf ,PerUserStub
 |_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll

HKLM Winlogon Notify
 |_ [?][igfxcui]                     C:\WINDOWS\system32\igfxsrvc.dll

Job
 |_ [X][ASC4_P~1.JOB] C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe (Soubor nenalezen)
 |_ [X][REALUP~2.JOB] C:\Program Files\Real\RealUpgrade\realupgrade.exe (Soubor nenalezen)
 |_ [X][REALUP~1.JOB] C:\Program Files\Real\RealUpgrade\realupgrade.exe (Soubor nenalezen)


HKCU IE WebBrowser Toolbar
 |_ [X][{D4027C7F-154A-4066-A1AD-4243D8127440}]  (Soubor nenalezen)
 |_ [X][{531C49A7-179F-43CA-AF5E-AF375FBB8840}]  (Soubor nenalezen)

Služby (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[!] Application Updater
 |_ Cesta: C:\Program Files\Application Updater\ApplicationUpdater.exe
 |   |_ Výrobce:  Spigot, Inc.
 |   |_ Popis: Application Updater
 |   |_ MD5: C78A95FDF197D72B6B72487E8C4D7BEB
 |   
 |_ Jméno:  Application Updater
 |_ StartName: LocalSystem
 |_ Typ spouštění:  Auto Start
 |_ Status: Spuštěno
 |_ Typ:  Win32 Own Process
 |_ Dependency: 

[!] IMF Service
 |_ Cesta: C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
 |   |_ Výrobce:  IObit
 |   |_ Popis: IObit Malware Fighter Service
 |   |_ MD5: 82767800D62B05650A3577385C469207
 |   
 |_ Jméno:  IMFservice
 |_ StartName: LocalSystem
 |_ Typ spouštění:  Auto Start
 |_ Status: Zastaveno
 |_ Typ:  Win32 Own Process
 |_ Dependency: 

[X] Java Quick Starter
 |_ Cesta: C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
 |   |_ Výrobce:  
 |   |_ Popis: 
 |   |_ MD5: 
 |   
 |_ Jméno:  JavaQuickStarterService
 |_ StartName: LocalSystem
 |_ Typ spouštění:  Auto Start
 |_ Status: Spuštěno
 |_ Typ:  Win32 Own Process
 |_ Dependency: 

[X] SQL Server (SQLEXPRESS)
 |_ Cesta: c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -sSQLEXPRESS
 |   |_ Výrobce:  
 |   |_ Popis: 
 |   |_ MD5: 
 |   
 |_ Jméno:  MSSQL$SQLEXPRESS
 |_ StartName: NT AUTHORITY\NETWORKSERVICE
 |_ Typ spouštění:  Auto Start
 |_ Status: Spuštěno
 |_ Typ:  Win32 Own Process
 |_ Dependency: 


Ovladače (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] Agere Systems Soft Modem
 |_ Cesta: C:\WINDOWS\system32\DRIVERS\AGRSM.sys
 |   |_ Výrobce:  Agere Systems
 |   |_ Popis: SoftModem Device Driver
 |   |_ MD5: B2B65DF27EDD281A757972E13B36FF33
 |   
 |_ Jméno:  AgereSoftModem
 |_ StartName: 
 |_ Typ spouštění:  Ruční spuštění
 |_ Status: Spuštěno
 |_ Typ:  Kernel Driver
 |_ Dependency: 

[?] Service for Realtek AC97 Audio (WDM)
 |_ Cesta: C:\WINDOWS\system32\drivers\ALCXWDM.SYS
 |   |_ Výrobce:  Realtek Semiconductor Corp.
 |   |_ Popis: Realtek AC'97 Audio Driver (WDM)
 |   |_ MD5: DD8520280304B6145A6BE31008748C7C
 |   
 |_ Jméno:  ALCXWDM
 |_ StartName: 
 |_ Typ spouštění:  Ruční spuštění
 |_ Status: Spuštěno
 |_ Typ:  Kernel Driver
 |_ Dependency: 

[?] Broadcom NetXtreme Gigabit Ethernet
 |_ Cesta: C:\WINDOWS\system32\DRIVERS\b57xp32.sys
 |   |_ Výrobce:  Broadcom Corporation
 |   |_ Popis: Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.
 |   |_ MD5: 3F09AC7CBEF693554092664DEEF9AD00
 |   
 |_ Jméno:  b57w2k
 |_ StartName: 
 |_ Typ spouštění:  Ruční spuštění
 |_ Status: Spuštěno
 |_ Typ:  Kernel Driver
 |_ Dependency: 

[?] BtnHnd
 |_ Cesta: C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys
 |   |_ Výrobce:  FUJITSU LIMITED
 |   |_ Popis: Button handler driver (SYS)
 |   |_ MD5: D4B47530831024434D780E6BE25F0AB7
 |   
 |_ Jméno:  BtnHnd
 |_ StartName: 
 |_ Typ spouštění:  Auto Start
 |_ Status: Spuštěno
 |_ Typ:  Kernel Driver
 |_ Dependency: 

[!] Ovladač jednotky CD-ROM
 |_ Cesta: C:\WINDOWS\system32\DRIVERS\cdrom.sys
 |   |_ Výrobce:  
 |   |_ Popis: 
 |   |_ MD5: A81CCDF17EB658C72511ABD1A093ADB5
 |   
 |_ Jméno:  Cdrom
 |_ StartName: 
 |_ Typ spouštění:  System Start
 |_ Status: Spuštěno
 |_ Typ:  Kernel Driver
 |_ Dependency: +SCSI miniport

[?] CONAN
 |_ Cesta: C:\WINDOWS\system32\drivers\o2mmb.sys
 |   |_ Výrobce:  O2 Micro 
 |   |_ Popis: o2mmb
 |   |_ MD5: 0D4905AA2C08E373ABE3B018F7826E96
 |   
 |_ Jméno:  CONAN
 |_ StartName: 
 |_ Typ spouštění:  Ruční spuštění
 |_ Status: Spuštěno
 |_ Typ:  Kernel Driver
 |_ Dependency: 

[?] Fujitsu FUJ02B1 Device Driver
 |_ Cesta: C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys
 |   |_ Výrobce:  FUJITSU LIMITED
 |   |_ Popis: WDM driver for FUJ02B1 PnP device
 |   |_ MD5: 00845DCD64FE6348DDF7890C310C17B9
 |   
 |_ Jméno:  FUJ02B1
 |_ StartName: 
 |_ Typ spouštění:  Ruční spuštění
 |_ Status: Spuštěno
 |_ Typ:  Kernel Driver
 |_ Dependency: 

[?] ialm
 |_ Cesta: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
 |   |_ Výrobce:  Intel Corporation
 |   |_ Popis: Controller Hub for Intel Graphics Driver
 |   |_ MD5: B076EB745EC3C669D4AE953225366F1D
 |   
 |_ Jméno:  ialm
 |_ StartName: 
 |_ Typ spouštění:  Ruční spuštění
 |_ Status: Spuštěno
 |_ Typ:  Kernel Driver
 |_ Dependency: 

[?] MbxStby
 |_ Cesta: C:\WINDOWS\system32\drivers\MbxStby.sys
 |   |_ Výrobce:  O2 Micro
 |   |_ Popis: O2Micro MemoryCardBus Slot Manager
 |   |_ MD5: C5D77B47F413EB62D41E523E2B4700E2
 |   
 |_ Jméno:  MbxStby
 |_ StartName: 
 |_ Typ spouštění:  Ruční spuštění
 |_ Status: Spuštěno
 |_ Typ:  Kernel Driver
 |_ Dependency: 

[?] PHASE26 WDM Audio
 |_ Cesta: C:\WINDOWS\system32\drivers\Phase26m.sys
 |   |_ Výrobce:  TerraTec Electronic GmbH
 |   |_ Popis: Phase 26
 |   |_ MD5: 89ED7ACC68001675F6F9F5F94331145B
 |   
 |_ Jméno:  Phase26
 |_ StartName: 
 |_ Typ spouštění:  Ruční spuštění
 |_ Status: Spuštěno
 |_ Typ:  Kernel Driver
 |_ Dependency: 

[?] SMC IrCC Miniport Device Driver
 |_ Cesta: C:\WINDOWS\system32\DRIVERS\smcirda.sys
 |   |_ Výrobce:  SMC
 |   |_ Popis: SMC IrCC NDIS 5.0 IrDA FIR Device Driver
 |   |_ MD5: 12224AC3A6FD3577036F038A0C03F2F5
 |   
 |_ Jméno:  SMCIRDA
 |_ StartName: 
 |_ Typ spouštění:  Ruční spuštění
 |_ Status: Spuštěno
 |_ Typ:  Kernel Driver
 |_ Dependency: 

[?] sptd
 |_ Cesta: C:\WINDOWS\System32\Drivers\sptd.sys
 |   |_ Výrobce:  
 |   |_ Popis: 
 |   |_ MD5: 
 |   
 |_ Jméno:  sptd
 |_ StartName: 
 |_ Typ spouštění:  Boot Start
 |_ Status: Spuštěno
 |_ Typ:  Kernel Driver
 |_ Dependency: 

[?] Intel(R) Graphics Platform (SoftBIOS) Driver
 |_ Cesta: C:\WINDOWS\system32\drivers\ialmsbw.sys
 |   |_ Výrobce:  Intel Corporation
 |   |_ Popis: Intel Graphics Platform (SoftBIOS) Driver for Windows 2000(R) & Windows XP(TM)
 |   |_ MD5: 61002DB7B6EFB5711685B9D79B8E8CE6
 |   
 |_ Jméno:  {6080A529-897E-4629-A488-ABA0C29B635E}
 |_ StartName: 
 |_ Typ spouštění:  Ruční spuštění
 |_ Status: Spuštěno
 |_ Typ:  Kernel Driver
 |_ Dependency: 

[?] Intel(R) Graphics Chipset (KCH) Driver
 |_ Cesta: C:\WINDOWS\system32\drivers\ialmkchw.sys
 |   |_ Výrobce:  Intel Corporation
 |   |_ Popis: Intel Graphics Chipset (KCH) Driver for Windows 2000(R) & Windows XP(TM)
 |   |_ MD5: 35CE2BAA708EA038AB72359DE87BAB87
 |   
 |_ Jméno:  {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}
 |_ StartName: 
 |_ Typ spouštění:  Ruční spuštění
 |_ Status: Spuštěno
 |_ Typ:  Kernel Driver
 |_ Dependency: 

[?] AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011
 |_ Cesta: C:\WINDOWS\system32\drivers\wA301a.sys
 |   |_ Výrobce:  Intel Corporation
 |   |_ Popis: Ch7009 Minidriver
 |   |_ MD5: 36E942C48FF453926DFC3956F5804E69
 |   
 |_ Jméno:  {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}
 |_ StartName: 
 |_ Typ spouštění:  Ruční spuštění
 |_ Status: Spuštěno
 |_ Typ:  Kernel Driver
 |_ Dependency: 

[?] AIM 3.0 SI164
 |_ Cesta: C:\WINDOWS\system32\drivers\A302.sys
 |   |_ Výrobce:  Intel Corporation
 |   |_ Popis: Silicon Image 164 Minidriver
 |   |_ MD5: 255A0B9C167F3390DC940BB407A1D5D0
 |   
 |_ Jméno:  {E6759E0C-470B-44DC-A4A1-627E68BB3A85}
 |_ StartName: 
 |_ Typ spouštění:  Ruční spuštění
 |_ Status: Spuštěno
 |_ Typ:  Kernel Driver
 |_ Dependency: 


lNetStat
================================================================
Typ:  PID       Proces              Local <-> Remote                             Status
-----------------------------------------------------------------------------------------
TCP (1080)    svchost.exe         0.0.0.0:135                                  LISTENING
TCP (4)       Systém              0.0.0.0:445                                  LISTENING
TCP (1396)    IEXPLORE.EXE        0.0.0.0:2964                                 LISTENING
TCP (2408)    IDMan.exe           0.0.0.0:3243                                 LISTENING
TCP (2408)    IDMan.exe           0.0.0.0:3249                                 LISTENING
TCP (2584)    firefox.exe         0.0.0.0:3530                                 LISTENING
TCP (2408)    IDMan.exe           0.0.0.0:3580                                 LISTENING
TCP (2408)    IDMan.exe           0.0.0.0:3583                                 LISTENING
TCP (2408)    IDMan.exe           0.0.0.0:3586                                 LISTENING
TCP (2408)    IDMan.exe           0.0.0.0:3595                                 LISTENING
TCP (2408)    IDMan.exe           0.0.0.0:3607                                 LISTENING
TCP (1396)    IEXPLORE.EXE        0.0.0.0:4339                                 LISTENING
TCP (2584)    firefox.exe         0.0.0.0:4341                                 LISTENING
TCP (3164)    UPM.exe             0.0.0.0:4345                                 LISTENING
TCP (2584)    firefox.exe         0.0.0.0:4347                                 LISTENING
TCP (3164)    UPM.exe             0.0.0.0:4351                                 LISTENING
TCP (3164)    UPM.exe             0.0.0.0:4354                                 LISTENING
TCP (3164)    UPM.exe             0.0.0.0:4357                                 LISTENING
TCP (3164)    UPM.exe             0.0.0.0:4360                                 LISTENING
TCP (3164)    UPM.exe             0.0.0.0:4363                                 LISTENING
TCP (3164)    UPM.exe             0.0.0.0:4366                                 LISTENING
TCP (4)       Systém              89.103.83.144:139                            LISTENING
TCP (400)     IDMan.exe           89.103.83.144:1523                           FIN_WAIT2
TCP (400)     IDMan.exe           89.103.83.144:1526                           FIN_WAIT2
TCP (2408)    IDMan.exe           89.103.83.144:3245                           FIN_WAIT2
TCP (2408)    IDMan.exe           89.103.83.144:3251                           FIN_WAIT2
TCP (3408)    RSIT_3.exe          89.103.83.144:3256                           FIN_WAIT2
TCP (2584)    firefox.exe         89.103.83.144:3532 <-> 69.63.190.10:80       ESTABLISHED
TCP (2408)    IDMan.exe           89.103.83.144:3582                           FIN_WAIT2
TCP (2408)    IDMan.exe           89.103.83.144:3585                           FIN_WAIT2
TCP (2408)    IDMan.exe           89.103.83.144:3588                           FIN_WAIT2
TCP (2408)    IDMan.exe           89.103.83.144:3597                           FIN_WAIT2
TCP (2408)    IDMan.exe           89.103.83.144:3609                           FIN_WAIT2
TCP (0)       89.103.83.144:4295                           TIME_WAIT
TCP (0)       89.103.83.144:4301                           TIME_WAIT
TCP (0)       89.103.83.144:4304                           TIME_WAIT
TCP (0)       89.103.83.144:4313                           TIME_WAIT
TCP (0)       89.103.83.144:4316                           TIME_WAIT
TCP (0)       89.103.83.144:4319                           TIME_WAIT
TCP (0)       89.103.83.144:4322                           TIME_WAIT
TCP (0)       89.103.83.144:4325                           TIME_WAIT
TCP (0)       89.103.83.144:4331                           TIME_WAIT
TCP (0)       89.103.83.144:4334                           TIME_WAIT
TCP (2584)    firefox.exe         89.103.83.144:4343 <-> 66.220.151.72:80      ESTABLISHED
TCP (3164)    UPM.exe             89.103.83.144:4346 <-> 109.123.209.238:80    ESTABLISHED
TCP (3164)    UPM.exe             89.103.83.144:4352 <-> 199.7.71.190:80       ESTABLISHED
TCP (3164)    UPM.exe             89.103.83.144:4355 <-> 199.7.71.190:80       ESTABLISHED
TCP (3164)    UPM.exe             89.103.83.144:4358 <-> 199.7.52.190:80       ESTABLISHED
TCP (3164)    UPM.exe             89.103.83.144:4361 <-> 199.7.48.190:80       ESTABLISHED
TCP (3164)    UPM.exe             89.103.83.144:4364 <-> 199.7.51.190:80       ESTABLISHED
TCP (3164)    UPM.exe             89.103.83.144:4367 <-> 92.122.50.96:80       ESTABLISHED
TCP (2920)    alg.exe             127.0.0.1:1069                               LISTENING
TCP (2584)    firefox.exe         127.0.0.1:1309 <-> 127.0.0.1:1310            ESTABLISHED
TCP (2584)    firefox.exe         127.0.0.1:1310 <-> 127.0.0.1:1309            ESTABLISHED
TCP (2584)    firefox.exe         127.0.0.1:1311 <-> 127.0.0.1:1312            ESTABLISHED
TCP (2584)    firefox.exe         127.0.0.1:1312 <-> 127.0.0.1:1311            ESTABLISHED
TCP (0)       127.0.0.1:1358                               TIME_WAIT
TCP (1396)    IEXPLORE.EXE        127.0.0.1:2964 <-> 127.0.0.1:2965            ESTABLISHED
TCP (1396)    IEXPLORE.EXE        127.0.0.1:2965 <-> 127.0.0.1:2964            ESTABLISHED
TCP (2584)    firefox.exe         127.0.0.1:3530 <-> 127.0.0.1:3531            ESTABLISHED
TCP (2584)    firefox.exe         127.0.0.1:3531 <-> 127.0.0.1:3530            ESTABLISHED
TCP (0)       127.0.0.1:4294                               TIME_WAIT
TCP (0)       127.0.0.1:4296                               TIME_WAIT
TCP (0)       127.0.0.1:4300                               TIME_WAIT
TCP (0)       127.0.0.1:4303                               TIME_WAIT
TCP (0)       127.0.0.1:4315                               TIME_WAIT
TCP (0)       127.0.0.1:4318                               TIME_WAIT
TCP (0)       127.0.0.1:4321                               TIME_WAIT
TCP (0)       127.0.0.1:4324                               TIME_WAIT
TCP (0)       127.0.0.1:4326                               TIME_WAIT
TCP (0)       127.0.0.1:4330                               TIME_WAIT
TCP (0)       127.0.0.1:4333                               TIME_WAIT
TCP (0)       127.0.0.1:4335                               TIME_WAIT
TCP (1396)    IEXPLORE.EXE        127.0.0.1:4339 <-> 127.0.0.1:4340            ESTABLISHED
TCP (1396)    IEXPLORE.EXE        127.0.0.1:4340 <-> 127.0.0.1:4339            ESTABLISHED
TCP (2584)    firefox.exe         127.0.0.1:4341 <-> 127.0.0.1:4342            ESTABLISHED
TCP (2584)    firefox.exe         127.0.0.1:4342 <-> 127.0.0.1:4341            ESTABLISHED
TCP (3164)    UPM.exe             127.0.0.1:4344 <-> 127.0.0.1:4345            ESTABLISHED
TCP (3164)    UPM.exe             127.0.0.1:4345 <-> 127.0.0.1:4344            ESTABLISHED
TCP (2584)    firefox.exe         127.0.0.1:4347                               FIN_WAIT2
TCP (2584)    firefox.exe         127.0.0.1:4348                               CLOSE_WAIT
TCP (3164)    UPM.exe             127.0.0.1:4350 <-> 127.0.0.1:4351            ESTABLISHED
TCP (3164)    UPM.exe             127.0.0.1:4351 <-> 127.0.0.1:4350            ESTABLISHED
TCP (3164)    UPM.exe             127.0.0.1:4353 <-> 127.0.0.1:4354            ESTABLISHED
TCP (3164)    UPM.exe             127.0.0.1:4354 <-> 127.0.0.1:4353            ESTABLISHED
TCP (3164)    UPM.exe             127.0.0.1:4356 <-> 127.0.0.1:4357            ESTABLISHED
TCP (3164)    UPM.exe             127.0.0.1:4357 <-> 127.0.0.1:4356            ESTABLISHED
TCP (3164)    UPM.exe             127.0.0.1:4359 <-> 127.0.0.1:4360            ESTABLISHED
TCP (3164)    UPM.exe             127.0.0.1:4360 <-> 127.0.0.1:4359            ESTABLISHED
TCP (3164)    UPM.exe             127.0.0.1:4362 <-> 127.0.0.1:4363            ESTABLISHED
TCP (3164)    UPM.exe             127.0.0.1:4363 <-> 127.0.0.1:4362            ESTABLISHED
TCP (3164)    UPM.exe             127.0.0.1:4365 <-> 127.0.0.1:4366            ESTABLISHED
TCP (3164)    UPM.exe             127.0.0.1:4366 <-> 127.0.0.1:4365            ESTABLISHED
TCP (1376)    jqs.exe             127.0.0.1:5152                               LISTENING
UDP (4)       Systém              0.0.0.0:445                                  CLOSE_WAIT
UDP (828)     lsass.exe           0.0.0.0:500                                  
UDP (1224)    svchost.exe         0.0.0.0:1025                                 
UDP (1224)    svchost.exe         0.0.0.0:1237                                 
UDP (1224)    svchost.exe         0.0.0.0:1297                                 
UDP (1224)    svchost.exe         0.0.0.0:1578                                 
UDP (1224)    svchost.exe         0.0.0.0:1590                                 
UDP (828)     lsass.exe           0.0.0.0:4500                                 
UDP (4)       Systém              0.0.0.0:21315                                
UDP (1176)    svchost.exe         89.103.83.144:123                            
UDP (4)       Systém              89.103.83.144:137                            
UDP (4)       Systém              89.103.83.144:138                            
UDP (1316)    svchost.exe         89.103.83.144:1900                           
UDP (1176)    svchost.exe         127.0.0.1:123                                
UDP (1736)    explorer.exe        127.0.0.1:1226                               
UDP (1396)    IEXPLORE.EXE        127.0.0.1:1634                               
UDP (1316)    svchost.exe         127.0.0.1:1900                               

Moduly (Zobraz i bezpečné DLL: False, Jen bez výrobce: True, Zobraz registrované: False)
================================================================
[?] bib.dll
 |_ Cesta: C:\Program Files\Common Files\Adobe\Adobe Drive CS4\BIB.dll
 |_ MD5: 87AF77718E3BFB5A7766F575609C057A
 |_ Výrobce:  Adobe Systems Incorporated
 |_ Procesy
     |_ explorer.exe (1736)

[?] cdplayer.dll
 |_ Cesta: C:\Program Files\Fujitsu\Application Panel\CDPlayer.dll
 |_ MD5: 892C58DE35F43154BE63C0E3F597BE51
 |_ Výrobce:  FUJITSU LIMITED
 |_ Procesy
     |_ QuickTouch.exe (1896)

[?] scrollbutton.dll
 |_ Cesta: C:\Program Files\Fujitsu\Application Panel\ScrollButton.dll
 |_ MD5: 0E51605EA7295B3819F2B839B2FC98D2
 |_ Výrobce:  FUJITSU LIMITED
 |_ Procesy
     |_ QuickTouch.exe (1896)

[?] quickmail.dll
 |_ Cesta: C:\Program Files\Fujitsu\Application Panel\QuickMail.dll
 |_ MD5: 2BD3345F3AA3E599A9EF0CD01C746234
 |_ Výrobce:  FUJITSU LIMITED
 |_ Procesy
     |_ QuickTouch.exe (1896)

[?] psapi.dll
 |_ Cesta: C:\Program Files\Fujitsu\Application Panel\PSAPI.Dll
 |_ MD5: 597B64C9E4862F92F003DE802F16CDC6
 |_ Výrobce:  Microsoft Corporation
 |_ Procesy
     |_ QuickTouch.exe (1896)
     |_ BtnHnd.exe (1904)
     |_ jusched.exe (1912)
     |_ AGRSMMSG.exe (2016)
     |_ ctfmon.exe (260)
     |_ jqs.exe (1376)
     |_ sqlservr.exe (1968)
     |_ wmiapsrv.exe (2728)
     |_ TOTALCMD.EXE (552)
     |_ firefox.exe (2584)
     |_ plugin-container.exe (3384)
     |_ IEXPLORE.EXE (1396)
     |_ IDMan.exe (2408)
     |_ UPM.exe (3164)

[?] btnhnd.dll
 |_ Cesta: C:\Program Files\Fujitsu\BtnHnd\BtnHnd.dll
 |_ MD5: 0188A1B69A614A0BA46656B8C70F417D
 |_ Výrobce:  FUJITSU LIMITED
 |_ Procesy
     |_ BtnHnd.exe (1904)

[!] rtl120.bpl
 |_ Cesta: C:\Program Files\IObit\IObit Security 360\rtl120.bpl
 |_ MD5: DD82EB68D97944B192C7803EB585B03C
 |_ Výrobce:  Embarcadero Technologies, Inc.
 |_ Procesy
     |_ is360srv.exe (1840)

[!] vcl120.bpl
 |_ Cesta: C:\Program Files\IObit\IObit Security 360\vcl120.bpl
 |_ MD5: 773EBD87010A6F644869A59D98792C9C
 |_ Výrobce:  Embarcadero Technologies, Inc.
 |_ Procesy
     |_ is360srv.exe (1840)

[X] rarlng.dll
 |_ Cesta: C:\Program Files\WinRAR\rarlng.dll
 |_ MD5: 82C6E0E74EB68B7A7C0C4B41631F16D2
 |_ Výrobce:  
 |_ Procesy
     |_ TOTALCMD.EXE (552)

[?] msvbvm60.dll
 |_ Cesta: C:\WINDOWS\system32\msvbvm60.dll
 |_ MD5: F40C65CBA5AC3F6570D2C88AA2D3C68E
 |_ Výrobce:  Microsoft Corporation
 |_ Procesy
     |_ UPM.exe (3164)


Výpis souborů
================================================================
\System32:
[?] audcon.sys                                      37     ncmpny,                   {8F4F88C7}
[?] bconvert.dll                                    7      no vrfy,                  {E2C3BF3C}
[?] com.fxpansion.fxshared.dll     COMFXP~1.DLL     12     ncmpny,                   {F67D917E}
[?] dao360.dll                                      12     ncmpny,                   {8406CC8B}
[?] EASIDS.dll                                      7      no vrfy,                  {6B0B1BDD}
[?] EASIMME.dll                                     7      no vrfy,                  {F81A0B5C}
[?] FxShared.dll                                    12     ncmpny,                   {F67D917E}
[?] gdiplus.dll                                     12     ncmpny,                   {33118127}
[?] iacenc.dll                                      7      no vrfy,                  {A050EA07}
[?] ir32_32.dll                                     7      no vrfy,                  {F77287F3}
[?] ir41_32.ax                                      7      no vrfy,                  {0FE0D4AA}
[?] ir50_32.dll                                     7      no vrfy,                  {BBBAC8BA}
[?] Ivfsrc.ax                                       7      no vrfy,                  {7338BD47}
[?] iyvu9_32.dll                                    12     ncmpny,                   {C814E976}
[?] javacpl.cpl                                     14     no vrfy,                  {18FC2C5E}
[!] KsDHTMLEDLib.ocx               KSDHTM~1.OCX     63     no vrfy, cx (CODE)?,      {648EBA20}
[?] libeay32.dll                                    7      no vrfy,                  {D6D6D3C5}
[?] Log_ds2.ax                                      12     ncmpny,                   {0D19979B}
[?] msihnd.dll                                      12     ncmpny,                   {957DFC0F}
[?] msisip.dll                                      12     ncmpny,                   {1793D70A}
[?] msvbvm60.dll                                    12     ncmpny,                   {183AE492}
[?] NI_DFD_1_5.dll                 NI_DFD~1.DLL     7      no vrfy,                  {C043E7BE}
[?] NI_IRC_1_2.dll                 NI_IRC~1.DLL     7      no vrfy,                  {0BCBB1FC}
[?] NVUNINST.EXE                                    14     no vrfy,                  {C353F768}
[?] PSP 84.dll                     PSP84~1.DLL      25     ncmpny,                   {EAF2DE09}
[?] QuickTime.qts                  QUICKT~1.QTS     7      no vrfy,                  {294DE661}
[?] QuickTimeVR.qtx                QUICKT~1.QTX     7      no vrfy,                  {2B5FEF82}
[?] QuickTouch.cpl                 QUICKT~1.CPL     14     no vrfy,                  {C54C761F}
[?] rbap350.dll                                     12     ncmpny,                   {BEAC4418}
[?] RBQT350.DLL                                     12     ncmpny,                   {A7354D31}
[?] ReWire.dll                                      7      no vrfy,                  {4A48EDA4}
[?] REX Shared Library.dll         REXSHA~1.DLL     7      no vrfy,                  {B3DADC7F}
[?] SSL Bus Compressor Mono.dll    SSLBUS~1.DLL     12     ncmpny,                   {CFA08D26}
[?] SSL Bus Compressor Stereo.dll  SSLBUS~2.DLL     12     ncmpny,                   {18739944}
[?] SSL Channel Mono.dll           SSLCHA~1.DLL     12     ncmpny,                   {A6B4DE6C}
[?] SSL Channel Stereo.dll         SSLCHA~2.DLL     12     ncmpny,                   {9E5E40F0}
[?] SSL Drumstrip Mono.dll         SSLDRU~1.DLL     12     ncmpny,                   {DBAE8DDF}
[?] SSL Drumstrip Stereo.dll       SSLDRU~2.DLL     12     ncmpny,                   {AB3E6F8D}
[?] SSL Vocalstrip Mono.dll        SSLVOC~1.DLL     12     ncmpny,                   {0052D00E}
[?] SSL Vocalstrip Stereo.dll      SSLVOC~2.DLL     12     ncmpny,                   {E9A938B0}
[?] SSL X-Comp Mono.dll            SSLX-C~1.DLL     12     ncmpny,                   {68431C36}
[?] SSL X-Comp Stereo.dll          SSLX-C~2.DLL     12     ncmpny,                   {36EDB6BF}
[?] SSL X-Eq Mono.dll              SSLX-E~1.DLL     12     ncmpny,                   {EF48B39F}
[?] SSL X-Eq Stereo.dll            SSLX-E~2.DLL     12     ncmpny,                   {E4EB21BA}
[?] SSL X-Verb Stereo.dll          SSLX-V~1.DLL     12     ncmpny,                   {5929DEEB}
[?] ssleay32.dll                                    7      no vrfy,                  {3AA8349C}
[X] SVPTE.DRV                                       98     hdn + ncmpny, time mism., {91078567}
[X] SVPTE4.DRV                                      98     hdn + ncmpny, time mism., {9403741C}
[?] SYNSOACC.dll                                    7      no vrfy,                  {76B918F2}
[?] SYNSOEMU.DLL                                    7      no vrfy,                  {2D5379D3}
[?] SynsoLChk.dll                  SYNSOL~1.DLL     7      no vrfy,                  {F5D51898}
[?] SYNSOPOS.exe                                    12     ncmpny,                   {3EC5B9AB}
[?] tsccvid.dll                                     7      no vrfy,                  {68C3979D}
[?] TT_RIAA.ax                                      7      no vrfy,                  {A7C5DF15}
[X] unacev2.dll                                     100    ncmpny, cx (AUTO)?,       {51C45B85}
[?] unrar.dll                                       12     ncmpny,                   {22464CF1}
[?] UNRAR3.dll                                      12     ncmpny,                   {1BC88242}
[?] UNWISE.EXE                                      25     ncmpny,                   {612CBE29}
[?] vorbis.acm                                      7      no vrfy,                  {4CED94DE}
[?] VSM Manager.dll                VSMMAN~1.DLL     12     ncmpny,                   {3AF2A8D4}
[X] wuauclt.exe                                     100    ncmpny, cx ()?,           {B1F16A02}
[X] ztvunace26.dll                 ZTVUNA~1.DLL     100    ncmpny, cx (AUTO)?,       {6CCDE686}
[?] ztvunrar36.dll                 ZTVUNR~1.DLL     12     ncmpny,                   {52E27BD1}

\Drivers:
[?] bghx.sys     25     ncmpny,                  {1EC794CD}
[!] cdrom.sys    88     ncmpny, time mism.,      {BC44365E}
[?] cledx.sys    14     no vrfy,                 {062BD80A}
[?] PHASE26U.sys 7      no vrfy,                 {36F7304F}
[?] synasUSB.sys 21     no vrfy,                 {7F859AA0}
[?] ttp7up.sys   14     no vrfy,                 {6ECF4AED}

Access violations - HKCU
================================================================


================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ]

[Rudy]

OK. Pokud je tam Virut (nic typického pro něj jsem ale nenašel). Zkuste toto:

1. Udělejte zálohy všech důležitých věcí, které v PC máte.
2. Stáhněte a nainstalujte nejprve VirutRemover: http://www.softpedia.com/get/Antivirus/ ... over.shtml . Pokud nebude úspěšný, stáhněte trial Kasperského: http://www.kaspersky.cz/pages/downloads . Před instalací vypněte rez. štít stávajícího antiviru.
3. KAV updatujte, spusťte a pokuste se vyléčit vše, co půjde.
4. Po akci KAV odinstalujte a zapněte rez.štít.
5. Dejte log z ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

[ahmedan]

Provedl jsem vse dle instrukci ale nepodarilo se mi naistalovat KAV !

Stahnul jsem ten VirutRemover a provedl jsem scan a scan nic nenasel !

Pote jsem stahnul KAV a pokusil se nainstalovat. Instalace zacala a pozadalo me to o restartovani pocitace -- pocitac jsem restartoval a pri nabehnuti systemu mi nabehl message -- ze nemam autorsky pristup ke ( asi uz si to nepamatuju - misexe.exe ) tak jsem kliknul na OK a system nabehl. Pote jsem zkusil znovu instalaci KAV ale nahlasilo mi to ze pruvodce aplikaci nemohl nainstalovat aplikaci Kaspersky Anti-Virus 2011. Pocitac je pravdepodobne infikovany.
Chcete stahnout nastroj AVPTool a zkontrolovat pocitac na pritomnost viru ?

Kliknul jsem ano a nabehlo okno pripojovani.
Toto okno zkoncilo po chvilce a nabehl mi message : Pruvodce instalaci nemohl automaticky nainstalovat AVPTool. Pocitac muze byt infikovany a proto si ho mam stahnout rucne na www....

Tak jsem ho stahnul a spustil a pri behu scanu mi nasel ze tento soubor 1313614rar.exe je zaheslovany a jeste soubor # je zaheslovany a ze jqs.exe obsahuje Trojsky kun a tak jsem kliknul zmazat po restartu ale program AVPTool asi na 80 % prerusil a skoncil !

Pocitac jsem restartoval a spustil AVPTool znovu a ten mi zase hlasil 1313614rar.exe je zaheslovany a jeste soubor # je zaheslovany ale uz nenasel jqs.exe obsahuje Trojsky kun ! V 80 % se program AVPTool prerusil a skoncil

Kdyz stahnu Combofix a spustim tak na konci Progress Baru mi to zase hlasi tu chybu ze je tam asi virut ?

Prosim co mam delat dal ?

[Rudy]

Tohle opravdu vypadá na Virut. Z praxe: osobně se mi podařilo odstranit Viruta pouze 2x (z asi 10ti případů), které jsem řešil. Většina pokusů o vyčištění konči poškozeným systémem a reinstalem s formatem C:\. Zkuste ještě ten AVPTool spustit v nouz. režimu.

[ahmedan]

Prosim o kontrolu logu !

Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2011-07-13 18:47:10
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 638 MB (1%) free of 57 GB
Total RAM: 1014 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:47:14, on 13.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\FileServe Manager\FSStarter.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\USDownloader_Plus\USDownloader Plus 1.35.40 Update 22.06.2010\USDownloader.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Winamp\winamp.exe
C:\totalcmd\TOTALCMD.EXE
c:\Documents and Settings\Admin\Dokumenty\Downloads\Programs\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll
O2 - BHO: FileServeManager - {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files\FileServe Manager\FileServeBHO.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FileServe Manager Task] "C:\Program Files\FileServe Manager\FSStarter.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [USDownloader] "C:\USDownloader_Plus\USDownloader Plus 1.35.40 Update 22.06.2010\USDownloader.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download with FileServe Manager - C:\Program Files\FileServe Manager\GetUrl.htm
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) - http://www.hdprint.co.uk/UMediaControl5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.7.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABDZFIBZPGZB - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Admin\LOCALS~1\Temp\ABDZFIBZPGZB.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: OBJPPNFXMTW - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Admin\LOCALS~1\Temp\OBJPPNFXMTW.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TEJIDH - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Admin\LOCALS~1\Temp\TEJIDH.exe

--
End of file - 7737 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-776561741-1343024091-842925246-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-1343024091-842925246-1003.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xzqlctyu.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =723823&p="

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}"=C:\Program Files\FileServe Manager\FireFox_Extension\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}
"searchpredict@speedbit.com"=C:\Program Files\SearchPredict\PRFireFox
"{0329E7D6-6F54-462D-93F6-F5C3118BADF2}"=C:\Program Files\SpeedBit Video Downloader\SPFireFox
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/wpi,version=1.0]
"Description"=
"Path"=C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
npwachk.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
crawlersrch.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xzqlctyu.default\extensions\
{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}

C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\xzqlctyu.default\searchplugins\
daemon-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000001-AB3B-4334-9DA2-EC6B2A02AFC6}]
FileServeManager - C:\Program Files\FileServe Manager\FileServeBHO.dll [2011-05-25 1253656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files\Internet Download Manager\IDMIECC.dll [2011-05-30 210352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
IObit Toolbar - C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll [2011-06-24 734048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - IObit Toolbar - C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll [2011-06-24 734048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2003-10-02 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2003-10-02 118784]
"LoadFujitsuQuickTouch"=C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [2002-08-29 353792]
"LoadBtnHnd"=C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe [2003-08-20 61440]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-09-08 421888]
"FileServe Manager Task"=C:\Program Files\FileServe Manager\FSStarter.exe [2011-05-25 954648]
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2011-05-18 1233856]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-07-06 88363]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2011-07-11 2216960]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-11-21 86016]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2011-04-06 399736]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"USDownloader"=C:\USDownloader_Plus\USDownloader Plus 1.35.40 Update 22.06.2010\USDownloader.exe [2010-12-01 545792]
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2011-06-25 3380632]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-07-11 3037696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpSharkk]
C:\Program Files\IpSharkk\IpSharkk.exe /auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-06-24 534880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2010-07-12 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Nabídka Start^Programy^Po spuštění^_uninst_.lnk]
C:\DOCUME~1\Admin\LOCALS~1\Temp\_uninst_.bat [2011-07-10 216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Nabídka Start^Programy^Po spuštění^_uninst_39012686.lnk]
C:\DOCUME~1\Admin\LOCALS~1\Temp\_UNINS~1.BAT [2011-07-09 216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Aktualizovat ESET licenci.lnk]
C:\PROGRA~1\ESET\MINODL~1\MINODL~1.EXE -u -d 10000 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Browser Defender Update Service"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-10-02 319488]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\VertrigoServ\Mysql\bin\v_mysqld.exe"="C:\Program Files\VertrigoServ\Mysql\bin\v_mysqld.exe:*:Enabled:v_mysqld"
"C:\Program Files\VertrigoServ\Apache\bin\v_apache.exe"="C:\Program Files\VertrigoServ\Apache\bin\v_apache.exe:*:Enabled:Apache HTTP Server"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Dictionaries\eclipse-php-helios-SR1-win32\eclipse\eclipse.exe"="C:\Dictionaries\eclipse-php-helios-SR1-win32\eclipse\eclipse.exe:*:Enabled:eclipse"
"C:\Dictionaries\eclipse-cpp-helios-SR1-win32\eclipse\eclipse.exe"="C:\Dictionaries\eclipse-cpp-helios-SR1-win32\eclipse\eclipse.exe:*:Enabled:eclipse"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"E:\eclipse-cpp-helios-SR1-win32\eclipse.exe"="E:\eclipse-cpp-helios-SR1-win32\eclipse.exe:*:Enabled:eclipse"
"E:\Program Files\Opera\opera.exe"="E:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\USDownloader_Plus\USDownloader Plus 1.35.40 Update 22.06.2010\USDownloader.exe"="C:\USDownloader_Plus\USDownloader Plus 1.35.40 Update 22.06.2010\USDownloader.exe:*:Enabled:Universal Share Downloader"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Internet Download Manager\IDMan.exe"="C:\Program Files\Internet Download Manager\IDMan.exe:*:Enabled:Internet Download Manager (IDM)"
"C:\Documents and Settings\Admin\Local Settings\Temp\is-6OQVQ.tmp\SpywareDoctor.tmp"="C:\Documents and Settings\Admin\Local Settings\Temp\is-6OQVQ.tmp\SpywareDoctor.tmp:*:Enabled:Setup/Uninstall"
"C:\Program Files\Spyware Doctor\Update.exe"="C:\Program Files\Spyware Doctor\Update.exe:*:Enabled:PC Tools Smart Update"
"C:\Program Files\Trojan Remover\trupd.exe"="C:\Program Files\Trojan Remover\trupd.exe:*:Enabled:Trojan Remover Updater"
"C:\Program Files\IObit\Protected Folder\ProtectedFolder.exe"="C:\Program Files\IObit\Protected Folder\ProtectedFolder.exe:*:Enabled:Protected Folder"
"C:\Documents and Settings\Admin\Local Settings\Temp\_iu14D2N.tmp"="C:\Documents and Settings\Admin\Local Settings\Temp\_iu14D2N.tmp:*:Enabled:Setup/Uninstall"
"C:\Documents and Settings\Admin\Local Settings\Temp\is-SPFGF.tmp\IObitToolbar-stub-1.exe"="C:\Documents and Settings\Admin\Local Settings\Temp\is-SPFGF.tmp\IObitToolbar-stub-1.exe:*:Enabled:Setup Launcher Unicode"
"C:\Program Files\IObit\IObit Security 360\is360tray.exe"="C:\Program Files\IObit\IObit Security 360\is360tray.exe:*:Enabled:IObit Security 360"
"C:\Program Files\IObit\IObit Security 360\is360updater.exe"="C:\Program Files\IObit\IObit Security 360\is360updater.exe:*:Enabled:IObit Security 360 Updater"
"C:\Program Files\IObit\IObit Security 360\is360.exe"="C:\Program Files\IObit\IObit Security 360\is360.exe:*:Enabled:IObit Security 360"
"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:Windows® installer"
"C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"="C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe:*:Enabled:Search Settings"
"C:\Program Files\FileServe Manager\FileManager.exe"="C:\Program Files\FileServe Manager\FileManager.exe:*:Enabled:FileManager"
"C:\Documents and Settings\Admin\Dokumenty\Downloads\Programs\RSIT.exe"="C:\Documents and Settings\Admin\Dokumenty\Downloads\Programs\RSIT.exe:*:Enabled:RSIT"
"C:\RSIT.exe"="C:\RSIT.exe:*:Enabled:RSIT"
"C:\Documents and Settings\Admin\Dokumenty\Downloads\Programs\RSIT_2.exe"="C:\Documents and Settings\Admin\Dokumenty\Downloads\Programs\RSIT_2.exe:*:Enabled:RSIT_2"
"C:\Documents and Settings\Admin\Dokumenty\Downloads\Programs\RSIT_3.exe"="C:\Documents and Settings\Admin\Dokumenty\Downloads\Programs\RSIT_3.exe:*:Enabled:RSIT_3"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Průzkumník Windows"
"C:\ResEdit-win32\ResEdit.exe"="C:\ResEdit-win32\ResEdit.exe:*:Enabled:ResEdit"
"C:\Program Files\Ultimate Process Manager\UPM.exe"="C:\Program Files\Ultimate Process Manager\UPM.exe:*:Enabled:UPM"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.2.556\cs\setup.exe"="C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.2.556\cs\setup.exe:*:Enabled:Kaspersky Internet Security"
"C:\Documents and Settings\Admin\Local Settings\Temp\1962986\3613614.exe"="C:\Documents and Settings\Admin\Local Settings\Temp\1962986\3613614.exe:*:Enabled:Kaspersky Virus Removal Tool"
"C:\Documents and Settings\Admin\Local Settings\Temp\0049736\3613614.exe"="C:\Documents and Settings\Admin\Local Settings\Temp\0049736\3613614.exe:*:Enabled:Kaspersky Virus Removal Tool"
"C:\Documents and Settings\Admin\Local Settings\Temp\1230811\3613614.exe"="C:\Documents and Settings\Admin\Local Settings\Temp\1230811\3613614.exe:*:Disabled:Kaspersky Virus Removal Tool"
"C:\Documents and Settings\Admin\Local Settings\Temp\8685005\3613614.exe"="C:\Documents and Settings\Admin\Local Settings\Temp\8685005\3613614.exe:*:Enabled:Kaspersky Virus Removal Tool"
"C:\Documents and Settings\Admin\Local Settings\Temp\2539940\3613614.exe"="C:\Documents and Settings\Admin\Local Settings\Temp\2539940\3613614.exe:*:Enabled:Kaspersky Virus Removal Tool"
"C:\Documents and Settings\Admin\Local Settings\Temp\3955766\3613614.exe"="C:\Documents and Settings\Admin\Local Settings\Temp\3955766\3613614.exe:*:Enabled:Kaspersky Virus Removal Tool"
"C:\Documents and Settings\Admin\Dokumenty\Downloads\Compressed\MCG\MCG (tomtest.net).exe"="C:\Documents and Settings\Admin\Dokumenty\Downloads\Compressed\MCG\MCG (tomtest.net).exe:*:Enabled:MCG 2.1 by TomTest - tomtest.net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=iyvu9_32.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.tscc"=tsccvid.dll
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux4"=wdmaud.drv
"wave"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux5"=wdmaud.drv
"wave7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"mixer8"=wdmaud.drv
"msacm.vorbis"=vorbis.acm
"Midi"=wdmaud.drv

======File associations======

.txt - open - Notepad.exe %1

======List of files/folders created in the last 1 month======

2011-07-13 18:45:48 ----D---- C:\Program Files\trend micro
2011-07-13 18:08:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Agnitum
2011-07-13 00:06:04 ----A---- C:\setup_11.0.0.1245.x01_2011_07_13_01_13.exe
2011-07-12 23:47:11 ----A---- C:\WINDOWS\isRS-000.tmp
2011-07-12 02:40:20 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-07-12 02:40:19 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-07-12 02:40:17 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-07-12 02:40:16 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-07-12 02:40:16 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-07-12 02:40:14 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-07-12 02:40:14 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-07-12 02:39:50 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-07-12 02:36:08 ----A---- C:\WINDOWS\avastSS.scr
2011-07-12 02:36:06 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-07-12 02:11:02 ----D---- C:\Program Files\AVAST Software
2011-07-12 02:11:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-07-11 22:46:27 ----D---- C:\Program Files\Anti-Virus&Trojan
2011-07-11 22:43:01 ----D---- C:\Documents and Settings\Admin\Data aplikací\GetRightToGo
2011-07-11 21:37:06 ----SD---- C:\ComboFix
2011-07-11 20:45:44 ----A---- C:\WINDOWS\zip.exe
2011-07-11 20:45:44 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-07-11 20:45:44 ----A---- C:\WINDOWS\SWSC.exe
2011-07-11 20:45:44 ----A---- C:\WINDOWS\SWREG.exe
2011-07-11 20:45:44 ----A---- C:\WINDOWS\sed.exe
2011-07-11 20:45:44 ----A---- C:\WINDOWS\PEV.exe
2011-07-11 20:45:44 ----A---- C:\WINDOWS\NIRCMD.exe
2011-07-11 20:45:44 ----A---- C:\WINDOWS\MBR.exe
2011-07-11 20:45:44 ----A---- C:\WINDOWS\grep.exe
2011-07-11 20:45:33 ----D---- C:\WINDOWS\ERDNT
2011-07-11 20:29:56 ----D---- C:\Program Files\Common Files\BitDefender
2011-07-11 02:20:23 ----D---- C:\Program Files\WinClamAVShield
2011-07-11 02:11:12 ----D---- C:\Documents and Settings\Admin\Data aplikací\Spyware Terminator
2011-07-11 02:11:12 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2011-07-11 02:11:06 ----D---- C:\Program Files\Spyware Terminator
2011-07-11 02:11:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2011-07-11 01:49:07 ----D---- C:\Documents and Settings\Admin\Data aplikací\QuickScan
2011-07-10 00:34:23 ----HD---- C:\WINDOWS\PIF
2011-07-09 23:24:09 ----D---- C:\Program Files\Common Files\EZB Systems
2011-07-09 23:24:08 ----D---- C:\Program Files\UltraISO
2011-07-09 17:10:01 ----D---- C:\Qoobox
2011-07-09 15:28:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2011-07-09 00:50:49 ----D---- C:\Program Files\Ultimate Process Manager
2011-07-08 21:50:39 ----D---- C:\RootkitRevealer
2011-07-08 21:24:12 ----A---- C:\upmsfx.exe
2011-07-08 21:21:28 ----A---- C:\SpywareTerminator.exe
2011-07-08 20:16:31 ----D---- C:\rsit
2011-07-08 16:15:09 ----D---- C:\Documents and Settings\Admin\Data aplikací\Search Settings
2011-07-08 16:15:04 ----D---- C:\Program Files\IObit Toolbar
2011-07-08 16:15:04 ----D---- C:\Program Files\Common Files\Spigot
2011-07-08 16:15:04 ----D---- C:\Program Files\Application Updater
2011-07-07 23:49:22 ----SHD---- C:\WINDOWS\CSC
2011-07-07 23:49:11 ----A---- C:\WINDOWS\ntbtlog.txt
2011-07-07 23:37:18 ----D---- C:\Program Files\Common Files\PC Tools
2011-07-07 23:37:17 ----D---- C:\Program Files\Spyware Doctor
2011-07-07 12:50:43 ----D---- C:\Documents and Settings\Admin\Data aplikací\IObit
2011-07-05 00:58:42 ----A---- C:\WINDOWS\system32\wups2.dll
2011-07-05 00:58:39 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2011-07-04 18:05:09 ----D---- C:\Data
2011-06-30 18:57:56 ----A---- C:\WINDOWS\system32\kbdkor.dll
2011-06-30 18:57:56 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2011-06-30 18:57:56 ----A---- C:\WINDOWS\system32\kbd103.dll
2011-06-30 18:57:56 ----A---- C:\WINDOWS\system32\kbd101c.dll
2011-06-30 18:57:55 ----A---- C:\WINDOWS\system32\kbd101b.dll
2011-06-30 18:57:54 ----A---- C:\WINDOWS\system32\kbd106.dll
2011-06-30 18:55:57 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
2011-06-26 21:59:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2011-06-26 21:59:32 ----D---- C:\Program Files\IObit
2011-06-26 16:18:23 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2011-06-26 16:18:22 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2011-06-26 16:18:22 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2011-06-26 16:18:22 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2011-06-26 16:18:22 ----A---- C:\WINDOWS\system32\unacev2.dll
2011-06-26 16:18:18 ----D---- C:\Program Files\Trojan Remover
2011-06-26 16:18:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Simply Super Software
2011-06-26 16:18:18 ----D---- C:\Documents and Settings\Admin\Data aplikací\Simply Super Software
2011-06-26 16:09:52 ----A---- C:\WINDOWS\system32\drivers\bghx.sys
2011-06-25 16:57:30 ----D---- C:\Documents and Settings\Admin\Data aplikací\ESET
2011-06-25 15:45:52 ----D---- C:\Program Files\Common Files\SynthEdit
2011-06-25 14:58:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\SynthEdit
2011-06-24 23:53:27 ----D---- C:\Program Files\SynthEdit 1.2 Alpha
2011-06-20 00:15:14 ----D---- C:\Program Files\Common Files\SoundToys
2011-06-19 23:04:23 ----A---- C:\WINDOWS\AF_Osc.dat
2011-06-16 17:28:24 ----SHD---- C:\found.000

======List of files/folders modified in the last 1 month======

2011-07-13 18:45:48 ----RD---- C:\Program Files
2011-07-13 18:44:08 ----D---- C:\Documents and Settings\Admin\Data aplikací\DMCache
2011-07-13 18:37:23 ----D---- C:\Documents and Settings\Admin\Data aplikací\uTorrent
2011-07-13 18:27:32 ----D---- C:\WINDOWS\system32
2011-07-13 18:18:36 ----D---- C:\WINDOWS\system32\drivers
2011-07-13 18:07:43 ----A---- C:\WINDOWS\WINCMD.INI
2011-07-13 16:26:38 ----D---- C:\WINDOWS\Temp
2011-07-13 12:09:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-13 11:57:54 ----D---- C:\WINDOWS
2011-07-13 00:40:23 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-13 00:38:13 ----HD---- C:\WINDOWS\inf
2011-07-13 00:10:42 ----D---- C:\WINDOWS\Minidump
2011-07-12 23:08:22 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-07-12 20:17:54 ----SHD---- C:\System Volume Information
2011-07-12 19:46:35 ----D---- C:\Program Files\Fileserve Link Generator
2011-07-12 03:42:21 ----D---- C:\WINDOWS\Microsoft.NET
2011-07-12 03:39:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-12 00:31:21 ----D---- C:\Downloads
2011-07-11 23:47:33 ----D---- C:\Documents and Settings\Admin\Data aplikací\IDM
2011-07-11 21:14:27 ----D---- C:\WINDOWS\system32\config
2011-07-11 20:29:56 ----D---- C:\Program Files\Common Files
2011-07-11 20:00:23 ----D---- C:\WINDOWS\pss
2011-07-11 20:00:22 ----ASH---- C:\boot.ini
2011-07-11 20:00:22 ----A---- C:\WINDOWS\win.ini
2011-07-11 20:00:22 ----A---- C:\WINDOWS\system.ini
2011-07-11 03:21:18 ----D---- C:\WINDOWS\system
2011-07-11 03:19:38 ----SHD---- C:\RECYCLER
2011-07-11 01:49:07 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-07-11 01:38:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958655-v2$
2011-07-11 00:49:46 ----SHD---- C:\WINDOWS\Installer
2011-07-10 19:37:03 ----D---- C:\WINDOWS\symbols
2011-07-10 19:36:30 ----D---- C:\WINDOWS\Cursors
2011-07-09 23:10:24 ----D---- C:\a
2011-07-09 22:35:50 ----D---- C:\Software
2011-07-08 16:15:04 ----D---- C:\WINDOWS\WinSxS
2011-07-08 15:16:51 ----D---- C:\WINDOWS\Prefetch
2011-07-08 15:03:41 ----D---- C:\Program Files\ESET
2011-07-07 13:01:21 ----SD---- C:\WINDOWS\Tasks
2011-07-05 00:58:48 ----D---- C:\WINDOWS\SoftwareDistribution
2011-07-05 00:58:48 ----D---- C:\WINDOWS\Help
2011-07-03 21:01:26 ----D---- C:\Program Files\VSTPlugins
2011-07-01 20:00:09 ----D---- C:\Dictionaries
2011-06-28 19:40:19 ----D---- C:\Release
2011-06-27 16:46:11 ----D---- C:\audio
2011-06-27 02:15:17 ----D---- C:\WINDOWS\srchasst
2011-06-26 23:14:35 ----D---- C:\WINDOWS\Logs
2011-06-26 16:09:52 ----RSD---- C:\WINDOWS\Fonts
2011-06-26 02:36:17 ----D---- C:\Program Files\Internet Download Manager
2011-06-25 16:51:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2011-06-25 01:56:32 ----D---- C:\Program Files\Mozilla Firefox
2011-06-23 16:08:17 ----D---- C:\Drivers
2011-06-16 18:31:31 ----A---- C:\WINDOWS\wcx_ftp.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-07-29 691696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-07-04 30808]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 IDMTDI;IDMTDI; C:\WINDOWS\system32\DRIVERS\idmtdi.sys [2011-06-09 101360]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-07-04 102616]
R2 BtnHnd;BtnHnd; \??\C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 PfFilter;PfFilter; \??\C:\Program Files\IObit\Protected Folder\pffilter.sys []
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-08 120830]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-08 98842]
R3 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011; C:\WINDOWS\system32\drivers\wA301a.sys [2003-10-08 33847]
R3 {E6759E0C-470B-44DC-A4A1-627E68BB3A85};AIM 3.0 SI164; C:\WINDOWS\system32\drivers\A302.sys [2003-10-08 11831]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-07-06 1267724]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-08-05 121344]
R3 CONAN;CONAN; C:\WINDOWS\system32\drivers\o2mmb.sys [2004-04-06 191264]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys [2001-08-01 5248]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-10-08 93979]
R3 MbxStby;MbxStby; C:\WINDOWS\system32\drivers\MbxStby.sys [2004-04-06 5760]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 Phase26;PHASE26 WDM Audio; C:\WINDOWS\system32\drivers\Phase26m.sys [2005-11-10 19008]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S0 ufneadd;ufneadd; C:\WINDOWS\System32\drivers\ufohmo.sys []
S0 vagxvgx;vagxvgx; C:\WINDOWS\System32\drivers\wxkcsr.sys []
S1 anf0100.sys;anf0100.sys; \??\C:\WINDOWS\system32\drivers\anf0100.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 1280335526;Virtual Bus for Microsoft ACPI-Compliant System; C:\WINDOWS\system32\drivers\1280335526.sys []
S3 a7lb8r8o;a7lb8r8o; C:\WINDOWS\system32\drivers\a7lb8r8o.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys []
S3 DELTAFW;%FW.SvcDesc%; C:\WINDOWS\system32\drivers\deltafw.sys []
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
S3 MAFWBOOT;Bootloader Service for M-Audio FW Driver (WDM); C:\WINDOWS\system32\drivers\mafwboot.sys []
S3 PHASE26U;usb-audio.de driver for Terratec Phase 26 USB; C:\WINDOWS\System32\Drivers\PHASE26U.sys [2008-03-18 344064]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2011-04-26 111280]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys []
S3 VBoxUSB;VirtualBox USB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [2011-04-26 33712]
S3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-09-12 3298432]
S4 RsFx0103;RsFx0103 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2011-07-09 387072]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2011-07-11 496128]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 ABDZFIBZPGZB;ABDZFIBZPGZB; C:\DOCUME~1\Admin\LOCALS~1\Temp\ABDZFIBZPGZB.exe [2011-07-10 486272]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-08-01 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 OBJPPNFXMTW;OBJPPNFXMTW; C:\DOCUME~1\Admin\LOCALS~1\Temp\OBJPPNFXMTW.exe [2011-07-10 588672]
S3 TEJIDH;TEJIDH; C:\DOCUME~1\Admin\LOCALS~1\Temp\TEJIDH.exe [2011-07-09 424832]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]

-----------------EOF-----------------

[Rudy]

V logu vidím více stejných bezpečnostních programů. Ponechte si 1 antivir, příp. 1 firewall a jeden antispy. Ostatní odinstalujte, mohlo by to způsobovat kolize. Dejte ještě log z ComboFix, RSIT vypadá OK.

[ahmedan]

Dobre provedu,

mohl by jste mi prosim Vas poradit ktery antivir anebo firewall + antispy je nejlepsi ? Napriklad ktery pouzivate vy ?

Prosim jeste mi poradte jak se zachazi s Combofixem ?

Dekuji !

[Rudy]

1: Návod na CF jsem opoměl uvést, omlouvám se. Tady je:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

2: Moje zabezpečení (plně free): AV Avira: http://www.stahuj.centrum.cz/utility_a_ ... ivirhbedv/ , FW Comodo: http://www.stahuj.centrum.cz/internet_a ... ewall-pro/ (antivir nezapínat!), antispy SuperAntispyware: http://www.stahuj.centrum.cz/utility_a_ ... tispyware/ pouze jako občasný skener.

[ahmedan]

Zdravim Vas Rudy,

Snazim se zprovoznit ComboFix ale nejde mi to !

Pokazde kdyz ho spustim a zacne scan -- asi po 10 minutach mi to zamrzne a musim restartovat !

Mam v pocitaci Avast pro antivirus a ten mi nic nehlasi zadne viry ??

Ale kdyz zapnu pocitac tak mi to hlasi ze zastavil utok pres svchost.exe -- lpdd.exe a da ho vzdycky do truhly

ComboFix mi hlasi jednu vec a to je RootKit ZeroAccess a pak zkolabuje jak jsem psal !

Co mam delat prosim Vas ?

[Rudy]

Zkuste ho spustit v nouz. režimu.

[ahmedan]

Tak jsem to zkousel v nouzovem rezimu a zmrzlo mi to jeste drive nez zacal scan !

Co mam delat ted ?