Facebook vir.

Zpráva

kuca88 · #1 Příspěvek od **kuca88** » 26 črc 2011 00:52

Dobrý den,
nevím jestli se stačilo po kliknutí na odkaz něco natáhnout. Zatím jsem PC nevypínal. Díky za vaší pomoc.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Já at 2011-07-26 00:44:49
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (14%) free of 40 GB
Total RAM: 1023 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:43:29, on 26.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\update.tray-7-0\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\update.1\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Documents and Settings\Já\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Já\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Já\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Já\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
C:\Documents and Settings\Já\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Já.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\ufa\ufa.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idnes.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [wxpdrv] C:\WINDOWS\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\WINDOWS\update.tray-7-0\svchost.exe
O4 - HKLM\..\Run: [8801939.exe] "C:\DOCUME~1\J1EA4~1\LOCALS~1\Temp\8801939.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [2189469.exe] "C:\WINDOWS\TEMP\2189469.exe"
O4 - HKLM\..\Run: [2585416.exe] "C:\WINDOWS\TEMP\2585416.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [1994827.exe] "C:\WINDOWS\TEMP\1994827.exe"
O4 - HKLM\..\Run: [4226056.exe] "C:\WINDOWS\TEMP\4226056.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Já\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Port pro program Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1029\OLFSNT40.EXE
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6228003703
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ArcGIS License Manager - Acresso Software Inc. - C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: srvbtcclient - Unknown owner - C:\WINDOWS\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\WINDOWS\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: wxpdrivers - Unknown owner - C:\WINDOWS\update.1\svchost.exe

--
End of file - 11016 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1958367476-682003330-1003Core1cb70eebb104888.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1958367476-682003330-1003UA.job
C:\WINDOWS\tasks\WGASetup.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Já\Data aplikací\Mozilla\Firefox\Profiles\etpmokqv.default

prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, battlefieldheroespatcher@ea.com:4.0.53.0, {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
NPAskSBr.dll
npdeployJava1.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Já\Data aplikací\Mozilla\Firefox\Profiles\etpmokqv.default\extensions\
battlefieldheroespatcher@ea.com
{7b13ec3e-999a-4b70-b9cb-2617b8323822}

C:\Documents and Settings\Já\Data aplikací\Mozilla\Firefox\Profiles\etpmokqv.default\searchplugins\
daemon-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2006-12-18 726568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngin0.dll [2011-01-28 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-25 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-01 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2011-07-25 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-14 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-07-14 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
Ask Toolbar BHO - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2009-03-16 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2009-03-16 262144]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngin0.dll [2011-01-28 3911776]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-25 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NWEReboot"= []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"UVS11 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [2007-03-03 341488]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"wxpdrv"=C:\WINDOWS\services32.exe []
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-7-0\svchost.exe [2011-07-25 1185280]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"8801939.exe"=C:\DOCUME~1\J1EA4~1\LOCALS~1\Temp\8801939.exe [2011-07-25 247296]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-07-25 256000]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-07-25 256000]
"2189469.exe"=C:\WINDOWS\TEMP\2189469.exe [2011-07-25 247296]
"2585416.exe"=C:\WINDOWS\TEMP\2585416.exe [2011-07-25 495616]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"1994827.exe"=C:\WINDOWS\TEMP\1994827.exe [2011-07-25 247296]
"4226056.exe"=C:\WINDOWS\TEMP\4226056.exe [2011-07-25 256000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-06-18 1122816]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-18 68856]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-10 216520]
"Google Update"=C:\Documents and Settings\Já\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-03-15 135664]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Port pro program Symantec Fax Starter Edition.lnk - C:\Program Files\Microsoft Office\Office\1029\OLFSNT40.EXE

C:\Documents and Settings\Já\Nabídka Start\Programy\Po spuštění
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-04 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\Dokumenty\TEREZA\miranda\miranda32.exe"="D:\Dokumenty\TEREZA\miranda\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Nortel Networks\Extranet.exe"="C:\Program Files\Nortel Networks\Extranet.exe:*:Enabled:Contivity VPN Client"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"D:\Hry\Conter strike 1.6\cstrike.exe"="D:\Hry\Conter strike 1.6\cstrike.exe:*:Enabled:Counter-Strike Launcher"
"D:\Hry\CS\hl.exe"="D:\Hry\CS\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\BoontyGames\Commandos 3\commandos3.exe"="C:\Program Files\BoontyGames\Commandos 3\commandos3.exe:*:Enabled:commandos3"
"D:\Hry\Call of Duty\CoDMP.exe"="D:\Hry\Call of Duty\CoDMP.exe:*:Enabled:CoDMP"
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe"="C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942"
"D:\XX\Program Files\BitLord\BitLord.exe"="D:\XX\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Documents and Settings\Já\Plocha\BitLord.exe"="C:\Documents and Settings\Já\Plocha\BitLord.exe:*:Enabled:BitLord"
"D:\Hry\Anno 1701\Anno1701.exe"="D:\Hry\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Attack on Pearl Harbor\Attack On Pearl Harbor.exe"="C:\Program Files\Attack on Pearl Harbor\Attack On Pearl Harbor.exe:*:Enabled:Attack On Pearl Harbor"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"E:\Hry\Anno 1701\Anno1701.exe"="E:\Hry\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701"
"C:\Documents and Settings\Já\Dokumenty\Downloads\Counter-Strike CS 1.6 p47\hl.exe"="C:\Documents and Settings\Já\Dokumenty\Downloads\Counter-Strike CS 1.6 p47\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"="C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Disabled:Sentinel Protection Server"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"E:\Hry\Stronghold - Crusader\Stronghold Crusader.exe"="E:\Hry\Stronghold - Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"C:\Documents and Settings\Já\Dokumenty\Downloads\Flash-Player.exe"="C:\Documents and Settings\Já\Dokumenty\Downloads\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Já\Dokumenty\Downloads\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\update.tray-7-0\svchost.exe"="C:\WINDOWS\update.tray-7-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-7-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"VIDC.MP42"=mpg4c32.dll
"VIDC.MPG4"=mpg4c32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"msacm.dvacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"=C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

======List of files/folders created in the last 1 month======

2011-07-26 00:44:55 ----D---- C:\Program Files\trend micro
2011-07-26 00:44:49 ----D---- C:\rsit
2011-07-25 16:33:19 ----D---- C:\Program Files\AMD APP
2011-07-25 16:33:06 ----D---- C:\Program Files\ATI
2011-07-25 16:32:28 ----D---- C:\Program Files\ATI Technologies
2011-07-25 16:21:49 ----D---- C:\ATI
2011-07-25 16:16:50 ----D---- C:\WINDOWS\ufa
2011-07-25 16:16:50 ----D---- C:\WINDOWS\rpcminer
2011-07-25 16:16:50 ----D---- C:\WINDOWS\phoenix
2011-07-25 15:58:35 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-25 15:58:12 ----A---- C:\WINDOWS\systemup.exe
2011-07-25 15:56:23 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-25 15:55:52 ----HD---- C:\WINDOWS\update.5.0
2011-07-25 15:54:53 ----A---- C:\WINDOWS\l1rezerv.exe
2011-07-25 15:49:27 ----D---- C:\Program Files\Common Files\Java
2011-07-25 15:49:05 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-25 15:48:53 ----A---- C:\WINDOWS\system32\javaws.exe
2011-07-25 15:48:53 ----A---- C:\WINDOWS\system32\javaw.exe
2011-07-25 15:48:53 ----A---- C:\WINDOWS\system32\java.exe
2011-07-25 15:46:43 ----HD---- C:\WINDOWS\update.2
2011-07-25 15:45:05 ----A---- C:\WINDOWS\unrar.exe
2011-07-25 15:39:05 ----A---- C:\WINDOWS\iplist.txt
2011-07-25 15:36:14 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-07-25 15:35:59 ----A---- C:\WINDOWS\sysdriver32.exe
2011-07-25 15:35:35 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-25 15:35:30 ----D---- C:\WINDOWS\av_ico
2011-07-25 15:33:53 ----HD---- C:\WINDOWS\update.1
2011-07-25 15:33:44 ----HD---- C:\WINDOWS\update.tray-7-0-lnk
2011-07-25 15:33:44 ----HD---- C:\WINDOWS\update.tray-7-0
2011-07-25 15:21:32 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-25 15:21:32 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-13 23:31:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-13 23:27:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-06-30 02:58:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$

======List of files/folders modified in the last 1 month======

2011-07-26 01:42:27 ----A---- C:\WINDOWS\NeroDigital.ini
2011-07-26 01:37:57 ----D---- C:\WINDOWS\Prefetch
2011-07-26 01:35:13 ----D---- C:\WINDOWS\Temp
2011-07-26 00:44:55 ----RD---- C:\Program Files
2011-07-25 19:06:38 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2011-07-25 16:33:24 ----SHD---- C:\WINDOWS\Installer
2011-07-25 16:33:21 ----D---- C:\WINDOWS\system32
2011-07-25 16:32:39 ----HD---- C:\WINDOWS\inf
2011-07-25 16:32:35 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-25 16:16:50 ----D---- C:\WINDOWS
2011-07-25 16:09:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-25 16:04:14 ----D---- C:\Program Files\Google
2011-07-25 15:59:37 ----SHD---- C:\System Volume Information
2011-07-25 15:59:37 ----D---- C:\WINDOWS\system32\Restore
2011-07-25 15:49:27 ----D---- C:\Program Files\Common Files
2011-07-25 15:48:42 ----D---- C:\Program Files\Java
2011-07-25 15:47:34 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-25 15:34:03 ----A---- C:\boot.ini
2011-07-24 21:11:40 ----A---- C:\WINDOWS\winamp.ini
2011-07-22 13:45:09 ----D---- C:\Program Files\Mozilla Firefox
2011-07-13 23:31:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-13 23:27:47 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-13 23:27:28 ----A---- C:\WINDOWS\imsins.BAK
2011-07-13 22:37:34 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-11 15:10:34 ----D---- C:\Documents and Settings\Já\Data aplikací\vlc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-14 42368]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\Drivers\PxHelp20.sys [2006-11-02 36624]
R0 sojubus;sojubus; C:\WINDOWS\system32\DRIVERS\sojubus.sys [2003-10-05 123520]
R0 sojuscsi;sojuscsi; C:\WINDOWS\system32\DRIVERS\sojuscsi.sys [2003-09-28 5504]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-12-15 717296]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2006-03-14 90176]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 Eacfilt;Eacfilt Miniport; C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2004-09-30 11113]
R3 IPSECSHM;Nortel IPSECSHM Adapter; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-09-30 216459]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 TDSSserv.sys;TDSSserv.sys; C:\WINDOWS\system32\drivers\TDSSpaxt.sys []
S3 allfh66y;allfh66y; C:\WINDOWS\system32\drivers\allfh66y.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-03-04 145408]
S3 IPSECEXT;Nortel Extranet Access Protocol; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-09-30 216459]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-14 22016]
S3 mvusbews;USB EWS Device; C:\WINDOWS\System32\Drivers\mvusbews.sys [2009-10-26 17408]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-08-17 26624]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-03-27 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2011-07-25 111928]
R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2006-03-14 206400]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 32768]
R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-07-26 348672]
R2 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe [2011-07-25 495616]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-07-25 256000]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2007-03-03 67056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-07-25 1185280]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-05-30 572416]
S2 ArcGIS License Manager;ArcGIS License Manager; C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe [2008-08-02 1431440]
S3 Boonty Games;Boonty Games; C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2008-12-15 69120]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-07-25 182768]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

#2 Příspěvek od **cernohous13** » 26 črc 2011 04:41

Vítám tě u nás Obrázek

Smůla - je tam

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Kontrolor" -> Úplná kontrola -> Prohledat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení a program nech spuštěný

kuca88 · #3 Příspěvek od **kuca88** » 26 črc 2011 11:28

Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26.7.2011 12:28:03
mbam-log-2011-07-26 (12-27-52).txt

Typ: Úplná kontrola (C:\|D:\|E:\|)
Kontrolované objekty: 309762
Uplynulý čas: 1 hodin, 19 minut, 51 sekund

Infikované procesy v paměti: 7
Infikované moduly v paměti: 0
Infikované klíče v registru: 11
Infikované hodnoty v registru: 4
Infikované datové položky v registru: 3
Infikované složky: 0
Infikované soubory: 25

Infikované procesy v paměti:
c:\WINDOWS\update.tray-7-0\svchost.exe (Trojan.Dropper) -> 1776 -> No action taken.
c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> 3820 -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Delf) -> 3612 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 2324 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 3144 -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 424 -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 3548 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BA4271E-5C1E-48E2-B432-D8BF420DD31D} (Rogue.DeusCleaner) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Delf) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\TDSS (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TDSSserv.sys (Rootkit.TDSS) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Delf) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Delf) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\WINDOWS\update.tray-7-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\Já\dokumenty\downloads\flash-player (1).exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\Já\dokumenty\downloads\flash-player.exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\Já\dokumenty\stažené soubory\flash-player.exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\Já\local settings\temporary internet files\Content.IE5\O3J3AK9X\flash-player[1].exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\systemup.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\update.tray-7-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\Temp\1283628.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\3405559.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\3624445.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\417200.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\4934425.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\5076125.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\6681299.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\7984308.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\7995811.exe (Trojan.Agent) -> No action taken.
e:\I\winrar 3.80 beta 2 cz\wrar.3.80 beta.2\keygenpatch.exe (Malware.Packer.Gen) -> No action taken.
c:\WINDOWS\system32\shell31.dll (Trojan.Agent) -> No action taken.
c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Delf) -> No action taken.
c:\WINDOWS\sysdriver32_.exe (Trojan.Delf) -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\WINDOWS\system32\TDSSfxwp.dll (Rootkit.TDSS) -> No action taken.

#4 Příspěvek od **cernohous13** » 26 črc 2011 13:40

MBAM po ukončení -> Zobrazit výsledky -> zkontrolovat zda je vše označeno -> Odstranit označené
vyběhne log, ve kterém budou záznamy tohoto typu:
Infikované adresáře:
C:\Program Files\xxxxxx -> Quarantined and deleted successfully.
ten bych taky rád viděl

Stáhni si ComboFix
a ulož ho na plochu.
návod na použití: http://www.bleepingcomputer.com/combofi ... t-combofix
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

kuca88 · #5 Příspěvek od **kuca88** » 26 črc 2011 14:00

Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26.7.2011 14:59:28
mbam-log-2011-07-26 (14-59-28).txt

Typ: Úplná kontrola (C:\|D:\|E:\|)
Kontrolované objekty: 309762
Uplynulý čas: 1 hodin, 19 minut, 51 sekund

Infikované procesy v paměti: 7
Infikované moduly v paměti: 0
Infikované klíče v registru: 11
Infikované hodnoty v registru: 4
Infikované datové položky v registru: 3
Infikované složky: 0
Infikované soubory: 25

Infikované procesy v paměti:
c:\WINDOWS\update.tray-7-0\svchost.exe (Trojan.Dropper) -> 1776 -> Unloaded process successfully.
c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> 3820 -> Unloaded process successfully.
c:\WINDOWS\sysdriver32.exe (Trojan.Delf) -> 3612 -> Unloaded process successfully.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 2324 -> Unloaded process successfully.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 3144 -> Unloaded process successfully.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 424 -> Unloaded process successfully.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 3548 -> Unloaded process successfully.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BA4271E-5C1E-48E2-B432-D8BF420DD31D}

(Rogue.DeusCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Delf) -> Quarantined and deleted

successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> Quarantined and deleted

successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Quarantined and

deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\TDSS (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and

deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) ->

Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) ->

Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> Quarantined

and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TDSSserv.sys (Rootkit.TDSS) -> Quarantined and deleted

successfully.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value:

tray_ico0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Delf) -> Value:

sysdriver32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Delf) -> Value:

sysdriver32_.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath

-> Quarantined and deleted successfully.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter)

-> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) ->

Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) ->

Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\WINDOWS\update.tray-7-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Já\dokumenty\downloads\flash-player (1).exe (Trojan.Dropper) -> Quarantined and

deleted successfully.
c:\documents and settings\Já\dokumenty\downloads\flash-player.exe (Trojan.Dropper) -> Quarantined and

deleted successfully.
c:\documents and settings\Já\dokumenty\stažené soubory\flash-player.exe (Trojan.Dropper) -> Quarantined and

deleted successfully.
c:\documents and settings\Já\local settings\temporary internet

files\Content.IE5\O3J3AK9X\flash-player[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\systemup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\update.tray-7-0-lnk\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\1283628.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\3405559.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\3624445.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\417200.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\4934425.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\5076125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\6681299.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\7984308.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\7995811.exe (Trojan.Agent) -> Quarantined and deleted successfully.
e:\I\winrar 3.80 beta 2 cz\wrar.3.80 beta.2\keygenpatch.exe (Malware.Packer.Gen) -> Quarantined and deleted

successfully.
c:\WINDOWS\system32\shell31.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\sysdriver32.exe (Trojan.Delf) -> Quarantined and deleted successfully.
c:\WINDOWS\sysdriver32_.exe (Trojan.Delf) -> Quarantined and deleted successfully.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\TDSSfxwp.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

kuca88 · #6 Příspěvek od **kuca88** » 26 črc 2011 14:59

Chystal jsem se po pečlivém nastudování pustit CombiFix, ale po jeho spuštění mi vyskočila hláška, že je v provozu Avast Antvirus. Přitom na liště není, mám tam jen hodiny a ovládání hlasitosti. Spustit přes ikonu na ploše taky nejde, píše mi že soubor nenalezen. A i přes ovládací panely přibrat nebo odebrat programy jsem Avast nenašel. V čem může být problém. Mám i přes varování Combifixu pokračovat? Děkuji

kuca88 · #7 Příspěvek od **kuca88** » 26 črc 2011 14:59

Chystal jsem se po pečlivém nastudování pustit CombiFix, ale po jeho spuštění mi vyskočila hláška, že je v provozu Avast Antvirus. Přitom na liště není, mám tam jen hodiny a ovládání hlasitosti. Spustit přes ikonu na ploše taky nejde, píše mi že soubor nenalezen. A i přes ovládací panely přibrat nebo odebrat programy jsem Avast nenašel. V čem může být problém. Mám i přes varování Combifixu pokračovat? Děkuji

#8 Příspěvek od **cernohous13** » 26 črc 2011 15:01

Ano spusť ComboFix - Avast je stejně virem odstaven

kuca88 · #9 Příspěvek od **kuca88** » 26 črc 2011 15:25

ComboFix 11-07-26.02 - Já 26.07.2011 16:12:33.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.652 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jß\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\J1EA4~1\LOCALS~1\Temp\8801939.exe
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\IsUn0405.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\regobj.dll
c:\windows\TEMP\1994827.exe
c:\windows\TEMP\2189469.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\wiaserviv.log
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_SRVIECHECK
-------\Legacy_TDSSSERV.SYS
-------\Legacy_WXPDRIVERS
-------\Service_Boonty Games
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 09:04 . 2011-07-26 09:04 -------- d-----w- c:\documents and settings\Já\Data aplikací\Malwarebytes
2011-07-26 09:03 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-26 09:03 . 2011-07-26 09:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-26 09:03 . 2011-07-26 09:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-26 09:03 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-25 22:44 . 2011-07-25 23:43 -------- d-----w- c:\program files\trend micro
2011-07-25 22:44 . 2011-07-25 23:43 -------- d-----w- C:\rsit
2011-07-25 14:33 . 2011-07-25 14:33 -------- d-----w- c:\program files\AMD APP
2011-07-25 14:33 . 2011-07-25 14:33 -------- d-----w- c:\program files\ATI
2011-07-25 14:32 . 2011-07-25 14:32 -------- d-----w- c:\program files\ATI Technologies
2011-07-25 14:21 . 2011-07-25 14:21 -------- d-----w- C:\ATI
2011-07-25 14:16 . 2011-07-25 14:16 -------- d-----w- c:\windows\ufa
2011-07-25 14:16 . 2011-07-25 14:16 -------- d-----w- c:\windows\rpcminer
2011-07-25 14:16 . 2011-07-25 14:16 -------- d-----w- c:\windows\phoenix
2011-07-25 14:00 . 2011-07-25 14:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-07-25 13:49 . 2011-07-25 13:49 -------- d-----w- c:\program files\Common Files\Java
2011-07-25 13:45 . 2011-07-25 14:16 246272 ----a-w- c:\windows\unrar.exe
2011-07-25 13:35 . 2011-07-25 13:35 -------- d-----w- c:\windows\av_ico
2011-07-25 13:33 . 2011-07-26 12:59 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-25 13:33 . 2011-07-26 12:59 -------- d--h--w- c:\windows\update.tray-7-0-lnk
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-25 17:06 . 2009-05-28 17:50 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-07-25 17:06 . 2009-05-28 17:50 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-06 11:35 . 2002-09-20 15:41 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-04 02:52 . 2010-06-06 13:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2009-02-24 17:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:32 . 2008-07-16 10:29 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2002-09-20 16:04 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2002-08-28 23:59 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
1999-04-07 01:39 . 1999-04-07 01:39 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-08 11:53 . 1998-12-08 11:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-08 11:53 . 1998-12-08 11:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-08 11:53 . 1998-12-08 11:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-08 11:53 . 1998-12-08 11:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-08 11:53 . 1998-12-08 11:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
2011-05-30 08:23 . 2011-05-30 08:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-28 17:00 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-01-28 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-06-18 1122816]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-17 68856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\J \Nabˇdka Start\Programy\Po spuçtŘnˇ\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-1-4 368640]
.
c:\documents and settings\J \Nabˇdka Start\Programy\Po spuçtŘnˇ\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-1-4 368640]
.
c:\documents and settings\J \Nabˇdka Start\Programy\Po spuçtŘnˇ\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-1-4 368640]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-20 65588]
Port pro program Symantec Fax Starter Edition.lnk - c:\program files\Microsoft Office\Office\1029\OLFSNT40.EXE [1999-4-7 46080]
.
c:\documents and settings\J \Nabˇdka Start\Programy\Po spuçtŘnˇ\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-1-4 368640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Dokumenty\\TEREZA\\miranda\\miranda32.exe"=
"c:\\Program Files\\Nortel Networks\\Extranet.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Hry\\Anno 1701\\Anno1701.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"e:\\Hry\\Stronghold - Crusader\\Stronghold Crusader.exe"=
.
R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [5.10.2003 10:41 123520]
R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [28.9.2003 10:57 5504]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.12.2008 19:40 717296]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [18.7.2008 7:43 11113]
S2 ArcGIS License Manager;ArcGIS License Manager;c:\program files\ESRI\License\arcgis9x\lmgrd.exe [18.3.2011 20:08 1431440]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [18.7.2008 7:43 216459]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [26.7.2011 11:03 41272]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [3.8.2010 15:31 17408]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-26 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-07-15 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.idnes.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Já\Data aplikací\Mozilla\Firefox\Profiles\etpmokqv.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
HKLM-Run-NWEReboot - (no file)
HKLM-Run-wxpdrv - c:\windows\services32.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-avast5 - c:\program files\Alwil Software\Avast5\aswRunDll.exe
AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-GeoBáze Prohlížeč Professional - c:\windows\ISUN0405.EXE
AddRemove-Jízdní řády - ProgramTT - c:\windows\IsUn0405.exe
AddRemove-{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4} - c:\program files\EA Games\Battlefield Heroes\uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 16:20
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1224)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2080)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\windows\System32\snmp.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\dwwin.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2011-07-26 16:24:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-26 14:23
.
Před spuštěním: 9 824 768 000
Po spuštění: Volných bajtů: 18 926 886 912
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=AlwaysOff
.
- - End Of File - - D349273A135427B7E29C60D1ECD70823

#10 Příspěvek od **cernohous13** » 26 črc 2011 15:42

Pokud nemáš ComboFix na ploše, přesuň jej tam.
Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

ComboFix se spustí - počkej na log a vlož ho sem.

CFscript

Kód: Vybrat vše

KillAll::

File::
c:\windows\unrar.exe

Folder::
c:\windows\ufa
c:\windows\rpcminer
c:\windows\phoenix
c:\windows\av_ico
c:\windows\update.tray-7-0
c:\windows\update.tray-7-0-lnk

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000

kuca88 · #11 Příspěvek od **kuca88** » 26 črc 2011 16:02

ComboFix 11-07-26.02 - Já 26.07.2011 16:51:16.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.648 [GMT 2:00]
Spuštěný z: c:\documents and settings\Já\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Já\Plocha\CFscript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\rpcminer
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-7-0
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 09:04 . 2011-07-26 09:04 -------- d-----w- c:\documents and settings\Já\Data aplikací\Malwarebytes
2011-07-26 09:03 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-26 09:03 . 2011-07-26 09:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-26 09:03 . 2011-07-26 09:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-26 09:03 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-25 22:44 . 2011-07-25 23:43 -------- d-----w- c:\program files\trend micro
2011-07-25 22:44 . 2011-07-25 23:43 -------- d-----w- C:\rsit
2011-07-25 14:33 . 2011-07-25 14:33 -------- d-----w- c:\program files\AMD APP
2011-07-25 14:33 . 2011-07-25 14:33 -------- d-----w- c:\program files\ATI
2011-07-25 14:32 . 2011-07-25 14:32 -------- d-----w- c:\program files\ATI Technologies
2011-07-25 14:21 . 2011-07-25 14:21 -------- d-----w- C:\ATI
2011-07-25 14:00 . 2011-07-25 14:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-07-25 13:49 . 2011-07-25 13:49 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-25 17:06 . 2009-05-28 17:50 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-07-25 17:06 . 2009-05-28 17:50 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-06 11:35 . 2002-09-20 15:41 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-04 02:52 . 2010-06-06 13:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25 . 2009-02-24 17:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:32 . 2008-07-16 10:29 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2002-09-20 16:04 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2002-08-28 23:59 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
1999-04-07 01:39 . 1999-04-07 01:39 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-08 11:53 . 1998-12-08 11:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-08 11:53 . 1998-12-08 11:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-08 11:53 . 1998-12-08 11:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-08 11:53 . 1998-12-08 11:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-08 11:53 . 1998-12-08 11:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
2011-05-30 08:23 . 2011-05-30 08:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-26_14.19.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-26 14:57 . 2011-07-26 14:57 16384 c:\windows\temp\Perflib_Perfdata_454.dat
+ 2011-07-26 14:57 . 2011-07-26 14:57 16384 c:\windows\temp\Perflib_Perfdata_1bc.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-28 17:00 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2011-01-28 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-06-18 1122816]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-17 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-20 65588]
Port pro program Symantec Fax Starter Edition.lnk - c:\program files\Microsoft Office\Office\1029\OLFSNT40.EXE [1999-4-7 46080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Dokumenty\\TEREZA\\miranda\\miranda32.exe"=
"c:\\Program Files\\Nortel Networks\\Extranet.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Hry\\Anno 1701\\Anno1701.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"e:\\Hry\\Stronghold - Crusader\\Stronghold Crusader.exe"=
.
R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [5.10.2003 10:41 123520]
R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [28.9.2003 10:57 5504]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.12.2008 19:40 717296]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [18.7.2008 7:43 11113]
S2 ArcGIS License Manager;ArcGIS License Manager;c:\program files\ESRI\License\arcgis9x\lmgrd.exe [18.3.2011 20:08 1431440]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [18.7.2008 7:43 216459]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [26.7.2011 11:03 41272]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [3.8.2010 15:31 17408]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-26 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-07-15 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.idnes.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Já\Data aplikací\Mozilla\Firefox\Profiles\etpmokqv.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 16:57
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1224)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1432)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\windows\System32\snmp.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\dwwin.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-07-26 17:00:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-26 15:00
ComboFix2.txt 2011-07-26 14:24
.
Před spuštěním: Volných bajtů: 18 930 946 048
Po spuštění: Volných bajtů: 18 906 853 376
.
- - End Of File - - A6B920702B455F12BB76C2E041A80273

#12 Příspěvek od **cernohous13** » 26 črc 2011 16:21

Zdá se mi to čisté - máš ještě nějaký problém nebo budeme uklízet?

kuca88 · #13 Příspěvek od **kuca88** » 26 črc 2011 16:28

Díky moc za ochotu. Můžeme se pustit do uklízení.

#14 Příspěvek od **cernohous13** » 26 črc 2011 16:34

ComboFix odinstalujeme
jdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK

Stáhni a spusť T-cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe - uklidí po použitých čističích.
Po spuštění ignoruj případné varování antiviru - je to v pořádku
Po provedení akce T-cleaner smažeš

Stáhni TempFolderCleaner http://oldtimer.geekstogo.com/TFC.exe
Zavři všechny programy a spusť. Po ukončení akce bude PC restartován.
Pokud ne, restartuj sám.
(čistí Temp složky , nečistí URL, historii, prefetch ani cookies)

stáhni program OTC tady: http://oldtimer.geekstogo.com/OTC.exe - spusť ho -> "CleanUp" (smaže dříve použité čističe)

Mohu doporučit kontrolu a vyčištění Ccleanerem

Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.

Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Ten si můžeš nechat i na budoucí občasné čištění.

Po vyčištění by se hodila defragmentace
doporučuji http://www.slunecnice.cz/sw/defraggler/ + čeština

Přeinstaluj Avast (nejprve http://www.avast.com/cze/avast-uninstall-utility.html)

kuca88 · #15 Příspěvek od **kuca88** » 26 črc 2011 17:22

Díky moc za celou pomoc. ComboFix jsem odinstaloval. Použil jsem T-cleaner, TempFolderCleaner, OTC i CCleaner. Defragmentaci taky použiju a antivirák obnovím.
Ještě jednou vřelé díky.
Myslíš, že teď už je vir pryč a vše v pořádku? Jako prevence pro příští případy mi to posloužilo bohatě.
Doporučil by si mi spíše Avast nebo NOD?

VIRY.CZ

Facebook vir.

Facebook vir.

Re: Facebook vir.

Re: Facebook vir.

Re: Facebook vir.

Re: Facebook vir.

Re: Facebook vir.

Re: Facebook vir.

Re: Facebook vir.

Re: Facebook vir.

Re: Facebook vir.

Re: Facebook vir.

Re: Facebook vir.

Re: Facebook vir.

Re: Facebook vir.

Re: Facebook vir.