fb_vir_kliknul_jsem_na_youtube_odkaz

[vojtar87]

Logfile of random's system information tool 1.09 (written by random/random)
Run by vojta at 2011-07-26 20:35:51
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 1 GB (4%) free of 28 GB
Total RAM: 1789 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:36:02, on 26.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Documents and Settings\All Users\Data aplikací\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\update.tray-1-0\svchost.exe
C:\WINDOWS\update.tray-3-0\svchost.exe
C:\WINDOWS\update.tray-7-0\svchost.exe
C:\WINDOWS\update.tray-12-0\svchost.exe
C:\WINDOWS\l1rezerv.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GameBox\vprot.exe
C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Firebird\bin\fbguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Firebird\bin\fbserver.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vojta\Dokumenty\Downloads\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\vojta.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gbt.toolbarhome.com/?hp=df
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\vojta\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD0.dll
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: GameBox Toolbar - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\vojta\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD0.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD0.dll
O3 - Toolbar: GameBox Toolbar - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [zCpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files\Hewlett-Packard\HP Webcam" UpdateWithCreateOnce "Software\CyberLink\HP Webcam\1.0"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\Documents and Settings\All Users\Data aplikací\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [wxpdrv] C:\WINDOWS\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\WINDOWS\update.tray-1-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\WINDOWS\update.tray-3-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico2] C:\WINDOWS\update.tray-7-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico3] C:\WINDOWS\update.tray-12-0\svchost.exe
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\WINDOWS\l1rezerv.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [vProt] C:\Program Files\GameBox\vprot.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Kooperativa - PDF Server.lnk = C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Přidat do Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: gameboxchrome - {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} - C:\Program Files\GameBox\gamebox_toolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Služba Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\bin\fbserver.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia - D:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: srvbtcclient - Unknown owner - C:\WINDOWS\update.5.0\svchost.exe (file missing)
O23 - Service: srviecheck - Unknown owner - C:\WINDOWS\update.2\svchost.exe (file missing)
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\STacSV.exe

--
End of file - 13609 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\vojta\Data aplikací\Mozilla\Firefox\Profiles\2ka92sa4.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, jqs@sun.com:1.0, {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... 2.0.0.2&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"{cb84136f-9c44-433a-9048-c5cd9df1dc16}"=C:\Program Files\PC Tools Security\BDT\Firefox\
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG10\Firefox4\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448]
"Description"=6.0.12.448
"Path"=c:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=8]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

C:\Program Files\Mozilla Firefox\extensions\
KavAntiBanner@Kaspersky.ru
linkfilter@kaspersky.ru
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprpjplug.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
adaradar.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\vojta\Data aplikací\Mozilla\Firefox\Profiles\2ka92sa4.default\extensions\
gamebox@toolbar
{20a82645-c095-46ed-80e3-08825760534b}
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}

C:\Documents and Settings\vojta\Data aplikací\Mozilla\Firefox\Profiles\2ka92sa4.default\searchplugins\
icqplugin.xml
qipsearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF}]
GameBox Toolbar - C:\Program Files\GameBox\gamebox_toolbar.dll [2011-07-06 790104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll [2011-07-01 1144784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\vojta\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-14 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoft\tbDVD0.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoft\tbDVD0.dll [2010-10-18 3908192]
{0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - GameBox Toolbar - C:\Program Files\GameBox\gamebox_toolbar.dll [2011-07-06 790104]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll [2011-07-01 1144784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-06-17 288312]
"zCpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2008-12-11 81920]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-02-06 1430824]
"AESTFltr"=C:\WINDOWS\system32\AESTFltr.exe [2009-02-18 737280]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-04-02 61440]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"HPCam_Menu"=c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe [2009-02-25 218408]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"QuickTime Task"=D:\Program Files\QuickTime\qttask.exe [2010-09-08 421888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2010-06-07 618496]
"WirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-02-18 506424]
"Anti-phishing Domain Advisor"=C:\Documents and Settings\All Users\Data aplikací\Anti-phishing Domain Advisor\visicom_antiphishing.exe [2011-02-01 232104]
"wxpdrv"=C:\WINDOWS\services32.exe [2011-07-25 1185280]
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-1-0\svchost.exe [2011-07-25 1185280]
"tray_ico1"=C:\WINDOWS\update.tray-3-0\svchost.exe [2011-07-25 1185280]
"tray_ico2"=C:\WINDOWS\update.tray-7-0\svchost.exe [2011-07-25 1185280]
"tray_ico3"=C:\WINDOWS\update.tray-12-0\svchost.exe [2011-07-25 1185280]
"tray_ico4"= []
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-07-25 232960]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe []
"ISTray"=C:\Program Files\PC Tools Security\pctsGui.exe [2011-07-07 1600984]
"PCTools FGuard"=C:\Program Files\PC Tools Security\BDT\FGuard.exe [2011-07-01 247760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"vProt"=C:\Program Files\GameBox\vprot.exe [2011-07-06 123480]

C:\Documents and Settings\vojta\Nabídka Start\Programy\Po spuštění
Kooperativa - PDF Server.lnk - C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-04-01 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2010-10-05 228024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\DC\StrongDC.exe"="D:\DC\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\Program Files\Hamachi\hamachi.exe"="D:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"D:\Games\Worms Armageddon - New Edition\WA.exe"="D:\Games\Worms Armageddon - New Edition\WA.exe:*:Enabled:Worms Armageddon"
"D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe"="D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe:*:Enabled:LogMeIn Hamachi"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Documents and Settings\vojta\Plocha\bulanci.exe"="C:\Documents and Settings\vojta\Plocha\bulanci.exe:*:Enabled:bulanci"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe"="C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe:*:Enabled:Media Player Classic - Home Cinema"
"D:\Program Files\VideoLAN\VLC\vlc.exe"="D:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Documents and Settings\vojta\Plocha\[PC GAME] Worms Armageddon + All weapons unblocked + xp patch\wormsarm\WA.exe"="C:\Documents and Settings\vojta\Plocha\[PC GAME] Worms Armageddon + All weapons unblocked + xp patch\wormsarm\WA.exe:*:Enabled:Worms Armageddon"
"D:\Program Files\Operation Dog Tag\OperationDogTag.exe"="D:\Program Files\Operation Dog Tag\OperationDogTag.exe:*:Enabled:OperationDogTag"
"D:\Games\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe"="D:\Games\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)"
"D:\Program Files\Valve\cstrike.exe"="D:\Program Files\Valve\cstrike.exe:*:Enabled:Counter-Strike Launcher"
"D:\Program Files\Valve\hl.exe"="D:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program Files\Valve\hlds.exe"="D:\Program Files\Valve\hlds.exe:*:Enabled:HLDS Launcher"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"D:\DC\StrongDC++\StrongDC.exe"="D:\DC\StrongDC++\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"D:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe"="D:\Program Files\EA GAMES\Battlefield 2\Bf2_w32ded.exe:*:Disabled:Bf2_w32ded"
"D:\Program Files\Mass Effect 2\Mass Effect 2\Binaries\MassEffect2.exe"="D:\Program Files\Mass Effect 2\Mass Effect 2\Binaries\MassEffect2.exe:*:Disabled:Mass Effect 2"
"C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe"="C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Disabled:Test Drive Unlimited"
"C:\Documents and Settings\vojta\Plocha\winbox.exe"="C:\Documents and Settings\vojta\Plocha\winbox.exe:*:Enabled:winbox"
"D:\Program Files\SecondLife\SLVoice.exe"="D:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice"
"D:\Program Files\SecondLifeViewer2\SLVoice.exe"="D:\Program Files\SecondLifeViewer2\SLVoice.exe:*:Enabled:SLVoice"
"F:\RISE.EXE"="F:\RISE.EXE:*:Enabled:Rise of Nations"
"D:\Games\Ubisoft\Anno1701.exe"="D:\Games\Ubisoft\Anno1701.exe:*:Enabled:Anno 1701"
"C:\Program Files\Kooperativa\KalkZiv\Kalk_ziv.exe"="C:\Program Files\Kooperativa\KalkZiv\Kalk_ziv.exe:*:Enabled:Kalk_ziv"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\services32.exe"="C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\update.tray-3-0\svchost.exe"="C:\WINDOWS\update.tray-3-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-3-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux1"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv

======File associations======

.bat - edit - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

======List of files/folders created in the last 1 month======

2011-07-26 20:35:51 ----D---- C:\Program Files\trend micro
2011-07-26 20:35:50 ----D---- C:\rsit
2011-07-26 20:07:31 ----A---- C:\WINDOWS\system32\msvcr80.dll
2011-07-26 20:07:30 ----A---- C:\WINDOWS\system32\msvcp80.dll
2011-07-26 20:07:28 ----A---- C:\WINDOWS\system32\eEmpty.exe
2011-07-26 20:07:24 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2011-07-26 20:07:24 ----A---- C:\WINDOWS\system32\T.COM
2011-07-26 20:07:24 ----A---- C:\WINDOWS\REGEDIT.COM
2011-07-26 20:07:24 ----A---- C:\WINDOWS\R.COM
2011-07-26 20:07:22 ----D---- C:\Program Files\Common Files\MicroWorld
2011-07-26 20:06:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2011-07-26 19:42:38 ----ASH---- C:\pagefile.sys
2011-07-26 18:32:18 ----D---- C:\WINDOWS\Prefetch
2011-07-26 18:24:08 ----HD---- C:\WINDOWS\update.tray-12-0-lnk
2011-07-26 18:24:08 ----HD---- C:\WINDOWS\update.tray-12-0
2011-07-26 18:01:25 ----D---- C:\WINDOWS\Minidump
2011-07-26 17:45:36 ----ASH---- C:\hiberfil.sys
2011-07-26 16:27:48 ----HD---- C:\Documents and Settings\All Users\Data aplikací\Common Files
2011-07-26 16:22:08 ----D---- C:\WINDOWS\system32\drivers\AVG
2011-07-26 16:13:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2011-07-26 14:34:53 ----A---- C:\WINDOWS\BDTSupport.dll
2011-07-26 14:34:52 ----A---- C:\WINDOWS\SGDetectionTool.dll
2011-07-26 14:34:52 ----A---- C:\WINDOWS\PCTBDRes.dll
2011-07-26 14:34:52 ----A---- C:\WINDOWS\PCTBDCore.dll
2011-07-26 14:33:15 ----A---- C:\WINDOWS\system32\drivers\Cat.DB
2011-07-26 14:33:13 ----A---- C:\WINDOWS\system32\drivers\pctEFA.sys
2011-07-26 14:33:12 ----A---- C:\WINDOWS\system32\drivers\pctDS.sys
2011-07-26 14:33:11 ----A---- C:\WINDOWS\system32\drivers\pctgntdi.sys
2011-07-26 14:33:07 ----A---- C:\WINDOWS\system32\drivers\PCTCore.sys
2011-07-26 14:33:07 ----A---- C:\WINDOWS\system32\drivers\PCTAppEvent.sys
2011-07-26 14:33:05 ----A---- C:\WINDOWS\system32\drivers\PCTSD.sys
2011-07-26 14:33:00 ----A---- C:\WINDOWS\system32\drivers\pctplsg.sys
2011-07-26 14:32:26 ----D---- C:\Program Files\PC Tools Security
2011-07-26 14:32:26 ----D---- C:\Program Files\Common Files\PC Tools
2011-07-26 14:30:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Tools
2011-07-26 11:03:29 ----HD---- C:\WINDOWS\update.tray-1-0-lnk
2011-07-26 11:03:29 ----HD---- C:\WINDOWS\update.tray-1-0
2011-07-26 10:33:53 ----A---- C:\WINDOWS\system32\drivers\klin.dat
2011-07-26 10:33:53 ----A---- C:\WINDOWS\system32\drivers\klick.dat
2011-07-26 10:32:01 ----A---- C:\WINDOWS\system32\drivers\klif.sys
2011-07-26 10:28:13 ----D---- C:\Program Files\AMD APP
2011-07-26 10:28:06 ----D---- C:\Program Files\ATI
2011-07-26 10:17:28 ----D---- C:\ATI
2011-07-25 17:48:43 ----HD---- C:\WINDOWS\update.tray-7-0-lnk
2011-07-25 17:48:43 ----HD---- C:\WINDOWS\update.tray-7-0
2011-07-25 17:21:14 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-07-25 17:21:13 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-07-25 17:21:11 ----A---- C:\WINDOWS\system32\drivers\aswFW.sys
2011-07-25 17:20:50 ----A---- C:\WINDOWS\system32\drivers\aswNdis2.sys
2011-07-25 17:20:49 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-07-25 17:20:48 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-07-25 17:20:48 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-07-25 17:20:47 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-07-25 17:20:47 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-07-25 17:20:47 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-07-25 17:20:32 ----D---- C:\WINDOWS\ufa
2011-07-25 17:20:32 ----D---- C:\WINDOWS\rpcminer
2011-07-25 17:20:32 ----D---- C:\WINDOWS\phoenix
2011-07-25 17:19:58 ----A---- C:\WINDOWS\system32\drivers\aswNdis.sys
2011-07-25 17:19:58 ----A---- C:\WINDOWS\avastSS.scr
2011-07-25 17:19:57 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-07-25 17:18:52 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-25 17:15:12 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-25 17:14:32 ----HD---- C:\WINDOWS\update.5.0
2011-07-25 17:13:01 ----A---- C:\WINDOWS\l1rezerv.exe
2011-07-25 17:10:20 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-25 17:09:52 ----HD---- C:\WINDOWS\update.2
2011-07-25 17:08:01 ----A---- C:\WINDOWS\unrar.exe
2011-07-25 17:06:41 ----A---- C:\WINDOWS\iplist.txt
2011-07-25 17:04:08 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-25 16:56:47 ----D---- C:\WINDOWS\av_ico
2011-07-25 14:40:33 ----HD---- C:\WINDOWS\update.1
2011-07-25 14:40:29 ----HD---- C:\WINDOWS\update.tray-3-0-lnk
2011-07-25 14:40:29 ----HD---- C:\WINDOWS\update.tray-3-0
2011-07-25 14:39:02 ----A---- C:\WINDOWS\ntbtlog.txt
2011-07-25 13:58:39 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-25 13:58:39 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-25 13:58:34 ----A---- C:\WINDOWS\services32.exe
2011-07-15 09:45:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-15 09:43:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-07-06 20:50:29 ----D---- C:\Documents and Settings\vojta\Data aplikací\3v
2011-07-06 20:49:33 ----D---- C:\Documents and Settings\vojta\Data aplikací\GameBox
2011-07-06 20:49:32 ----D---- C:\Program Files\GameBox
2011-07-06 20:49:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Anti-phishing Domain Advisor
2011-07-06 19:41:56 ----A---- C:\Documents and Settings\All Users\Data aplikací\HPWALog.txt
2011-06-29 09:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$

======List of files/folders modified in the last 1 month======

2011-07-26 20:35:51 ----D---- C:\Program Files
2011-07-26 20:28:00 ----A---- C:\WINDOWS\wincmd.ini
2011-07-26 20:25:56 ----D---- C:\WINDOWS\system32
2011-07-26 20:23:17 ----D---- C:\WINDOWS\Temp
2011-07-26 20:22:55 ----AD---- C:\Documents and Settings\All Users\Data aplikací\Temp
2011-07-26 20:12:51 ----D---- C:\WINDOWS
2011-07-26 20:07:22 ----D---- C:\Program Files\Common Files
2011-07-26 19:45:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-26 19:44:37 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-26 19:42:48 ----D---- C:\WINDOWS\system32\drivers
2011-07-26 19:42:46 ----RSD---- C:\WINDOWS\Fonts
2011-07-26 19:42:38 ----D---- C:\WINDOWS\WinSxS
2011-07-26 19:42:36 ----DC---- C:\WINDOWS\$NtServicePackUninstall$
2011-07-26 19:42:33 ----D---- C:\WINDOWS\Driver Cache
2011-07-26 19:42:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-26 19:42:31 ----D---- C:\WINDOWS\system32\oobe
2011-07-26 19:42:31 ----D---- C:\WINDOWS\Help
2011-07-26 19:03:34 ----D---- C:\WINDOWS\system32\CatRoot
2011-07-26 18:34:00 ----SHD---- C:\WINDOWS\Installer
2011-07-26 18:24:30 ----A---- C:\boot.ini
2011-07-26 18:00:20 ----HD---- C:\WINDOWS\inf
2011-07-26 16:49:26 ----A---- C:\WINDOWS\DUMP7658.tmp
2011-07-26 16:28:30 ----D---- C:\Config.Msi
2011-07-26 16:26:37 ----A---- C:\WINDOWS\NeroDigital.ini
2011-07-26 14:45:57 ----D---- C:\WINDOWS\system32\config
2011-07-26 14:37:36 ----D---- C:\Program Files\Google
2011-07-26 14:36:43 ----SD---- C:\WINDOWS\Tasks
2011-07-26 14:33:15 ----SHD---- C:\System Volume Information
2011-07-26 11:09:09 ----D---- C:\WINDOWS\system32\LogFiles
2011-07-26 08:49:51 ----D---- C:\Program Files\ESET
2011-07-26 07:43:48 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-07-26 07:43:23 ----A---- C:\WINDOWS\system32\bcmwlcoi.dll
2011-07-25 20:42:27 ----A---- C:\WINDOWS\system32\imon.dll
2011-07-25 19:35:04 ----D---- C:\Documents and Settings\vojta\Data aplikací\foobar2000
2011-07-25 19:32:18 ----D---- C:\Documents and Settings\vojta\Data aplikací\PriceGong
2011-07-25 17:19:44 ----D---- C:\WINDOWS\system32\Restore
2011-07-25 17:10:29 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-20 22:55:24 ----D---- C:\Documents and Settings\vojta\Data aplikací\Skype
2011-07-20 18:50:38 ----D---- C:\Documents and Settings\vojta\Data aplikací\skypePM
2011-07-19 07:54:36 ----D---- C:\Documents and Settings\vojta\Data aplikací\vlc
2011-07-15 09:43:21 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-15 09:43:15 ----A---- C:\WINDOWS\imsins.BAK
2011-07-13 22:14:25 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-06 20:28:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-07-06 20:26:45 ----D---- C:\SWSetup
2011-07-06 19:29:09 ----D---- C:\Program Files\Hewlett-Packard

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 KL1;kl1; C:\WINDOWS\system32\DRIVERS\kl1.sys [2010-06-09 132184]
R0 sonypvl3;sonypvl3; C:\WINDOWS\system32\drivers\sonypvl3.sys [2004-09-22 18110]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-09-22 436792]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 kl2;kl2; C:\WINDOWS\system32\DRIVERS\kl2.sys [2010-06-09 11352]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2011-07-26 475736]
R1 sonypvf3;sonypvf3; C:\WINDOWS\system32\drivers\sonypvf3.sys [2004-11-15 619390]
R1 sonypvt3;sonypvt3; C:\WINDOWS\system32\drivers\sonypvt3.sys [2004-12-06 423454]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 AESTAud;AE Audio Service; C:\WINDOWS\system32\drivers\AESTAud.sys [2009-02-18 113536]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-10-29 1204128]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2011-07-26 1735040]
R3 btaudio;Zvukové zařízení Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2009-01-14 534568]
R3 BTDriver;Ovladač virtuálních komunikací Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2009-01-14 37160]
R3 BTKRNL;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2009-01-14 991656]
R3 BTWDNDIS;Server pro přístup k síti LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2009-01-14 156816]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2009-01-14 47272]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2010-05-07 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-11-02 19472]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2009-05-27 1765184]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2009-03-30 1550891]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-02-06 205232]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2009-03-27 296960]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 a5dwhkr9;a5dwhkr9; C:\WINDOWS\system32\drivers\a5dwhkr9.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-04-02 3597824]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-01-21 18048]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-12-30 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-12-30 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26 14336]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\bin\fbguard.exe [2007-12-12 65536]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
R2 STacSV;Audio Service; c:\program files\idt\wdm\STacSV.exe [2009-03-30 254042]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\bin\fbserver.exe [2007-12-12 1531989]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-10-23 223232]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-04-01 602112]
S2 AVP;Služba Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -r []
S2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-12-11 346720]
S2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe srv []
S2 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe srv []
S2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe srv []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-05-18 69120]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; D:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[vyosek]

Zdravim a pekny vecer preji

Uvolnete nejake volne misto na disku alespon na 3 giga

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill SCR:
  http://download.bleepingcomputer.com/grinler/rkill.scr
  
  Rkill PIF:
  http://download.bleepingcomputer.com/grinler/rkill.pif

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Ted nerestartujte PC - prisli byste o ucinek RKillu

Aplikujte exeHelper by Raktor

• Linky ke stazeni
  • COM soubor http://vyosek.ic.cz/BE/exeHelper.com
  • SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
• Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt

Aplikujte RogueKiller

pouzijes RogueKiller>.spustis>>stlac 2> [enter] log vloz sem
http://www.viry.cz/forum/viewtopic.php? ... 05#p981205

Jeste znovu RogueKiller ale nyni s moznosti 3 a pote jeste jednou s moznosti 4

RKill, eXeHelper i RogueKiller by mely udelat logy, vlozte mi je sem

[vojtar87]

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 26.07.2011 at 21:10:50.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\Documents and Settings\All Users\Data aplikací\Anti-phishing Domain Advisor\visicom_antiphishing.exe


Rkill completed on 26.07.2011 at 21:11:06.



exeHelper by Raktor
Build 20100414
Run at 21:11:47 on 07/26/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 21:11:47 on 07/26/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 21:12:36 on 07/26/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: vojta [Admin rights]
Mode: Remove -- Date : 07/26/2011 21:17:01

Bad processes: 0

Registry Entries: 8
[SUSP PATH] HKLM\[...]\Run : Anti-phishing Domain Advisor ("C:\Documents and Settings\All Users\Data aplikací\Anti-phishing Domain Advisor\visicom_antiphishing.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\WINDOWS\services32.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : l1rezerv.exe ("C:\WINDOWS\l1rezerv.exe") -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 http://www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 http://www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 http://www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 http://www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]


Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: vojta [Admin rights]
Mode: HOSTSFix -- Date : 07/26/2011 21:17:27

Bad processes: 0

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 http://www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 http://www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 http://www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 http://www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: vojta [Admin rights]
Mode: ProxyFix -- Date : 07/26/2011 21:17:36

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

[vyosek]

Super, jdeme dale

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[vojtar87]

ComboFix 11-07-26.03 - vojta 26.07.2011 21:48:02.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1789.1075 [GMT 2:00]
Spuštěný z: c:\documents and settings\vojta\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\vojta\WINDOWS
c:\windows\hkcrRT.reg
c:\windows\hklmSW.reg
c:\windows\services32.exe
c:\windows\system32\oem14.inf
c:\windows\system32\oem39.inf
c:\windows\system32\oem41.inf
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe.mwt
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe.mwt
c:\windows\update.tray-1-0\svchost.exe
c:\windows\update.tray-12-0\svchost.exe
c:\windows\update.tray-3-0\svchost.exe
c:\windows\update.tray-7-0\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 16:24 . 2011-07-26 19:57 -------- d-----w- c:\windows\update.tray-12-0
2011-07-26 16:24 . 2011-07-26 16:24 -------- d-----w- c:\windows\update.tray-12-0-lnk
2011-07-26 14:27 . 2011-07-26 14:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Common Files
2011-07-26 14:22 . 2011-07-26 14:24 -------- d-----w- c:\windows\system32\drivers\AVG
2011-07-26 14:13 . 2011-07-26 16:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-07-26 12:34 . 2011-07-01 13:36 767952 ----a-w- c:\windows\BDTSupport.dll
2011-07-26 12:34 . 2011-07-01 13:36 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-07-26 12:34 . 2011-07-01 13:36 2029520 ----a-w- c:\windows\PCTBDCore.dll
2011-07-26 12:34 . 2011-07-01 13:36 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-07-26 12:33 . 2010-07-16 12:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-07-26 12:33 . 2010-07-16 12:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-07-26 12:33 . 2011-07-11 07:05 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-07-26 12:33 . 2011-07-11 10:06 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-07-26 12:33 . 2011-07-11 10:02 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-07-26 12:33 . 2011-03-10 07:08 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-07-26 12:33 . 2011-07-11 07:07 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-07-26 12:32 . 2011-07-26 14:28 -------- d-----w- c:\program files\PC Tools Security
2011-07-26 12:32 . 2011-07-26 12:35 -------- d-----w- c:\program files\Common Files\PC Tools
2011-07-26 12:30 . 2011-07-26 12:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Tools
2011-07-26 09:03 . 2011-07-26 19:57 -------- d-----w- c:\windows\update.tray-1-0
2011-07-26 09:03 . 2011-07-26 09:03 -------- d-----w- c:\windows\update.tray-1-0-lnk
2011-07-26 08:34 . 2010-10-05 18:26 109240 ----a-w- c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
2011-07-26 08:34 . 2010-10-05 18:27 150200 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2011-07-26 08:33 . 2011-07-26 08:33 97545 ----a-w- c:\windows\system32\drivers\klick.dat
2011-07-26 08:33 . 2011-07-26 08:33 115465 ----a-w- c:\windows\system32\drivers\klin.dat
2011-07-26 08:28 . 2011-07-26 08:28 -------- d-----w- c:\program files\AMD APP
2011-07-26 08:28 . 2011-07-26 08:28 -------- d-----w- c:\program files\ATI
2011-07-26 08:17 . 2011-07-26 08:17 -------- d-----w- C:\ATI
2011-07-25 15:48 . 2011-07-26 19:57 -------- d-----w- c:\windows\update.tray-7-0
2011-07-25 15:48 . 2011-07-25 15:48 -------- d-----w- c:\windows\update.tray-7-0-lnk
2011-07-25 15:21 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-25 15:21 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-25 15:21 . 2011-07-04 11:37 103384 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-07-25 15:20 . 2011-07-04 11:36 194264 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-07-25 15:20 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-25 15:20 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-25 14:56 . 2011-07-26 09:08 -------- d-----w- c:\windows\av_ico
2011-07-25 12:40 . 2011-07-26 19:57 -------- d-----w- c:\windows\update.tray-3-0
2011-07-25 12:40 . 2011-07-25 12:40 -------- d-----w- c:\windows\update.tray-3-0-lnk
2011-07-25 11:58 . 2011-07-25 11:58 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-06 18:50 . 2011-07-06 18:50 -------- d-----w- c:\documents and settings\vojta\Data aplikací\3v
2011-07-06 18:49 . 2011-07-06 18:49 -------- d-----w- c:\documents and settings\vojta\Data aplikací\GameBox
2011-07-06 18:49 . 2011-07-06 18:49 -------- d-----w- c:\program files\GameBox
2011-07-06 18:49 . 2011-07-06 18:49 -------- d-----w- c:\documents and settings\vojta\Local Settings\Data aplikací\antiphishing-radarsync1_0dn
2011-07-06 18:49 . 2011-07-06 18:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Anti-phishing Domain Advisor
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-26 18:12 . 2011-07-26 18:09 1917232 ----a-w- c:\windows\REGBK00.ZIP
2011-07-26 14:49 . 2010-01-21 15:40 90112 ----a-w- c:\windows\DUMP7658.tmp
2011-07-26 05:43 . 2010-01-21 16:03 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
2011-07-26 05:43 . 2010-01-21 16:03 1735040 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2011-07-25 18:42 . 2010-01-21 15:30 270336 ----a-w- c:\windows\system32\imon.dll
2011-06-06 11:35 . 2004-08-17 13:44 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-02 15:32 . 2010-01-21 15:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-17 13:49 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-03 21:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-24 12:22 . 2011-03-24 22:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVD0.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\DVDVideoSoft\tbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVD0.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVD0.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vProt"="c:\program files\GameBox\vprot.exe" [2011-07-06 123480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-17 288312]
"zCpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-12-11 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-01 61440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPCam_Menu"="c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-07 618496]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-02-18 506424]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-07-07 1600984]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-07-01 247760]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\vojta\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Kooperativa - PDF Server.lnk - c:\program files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe [2011-6-21 2913280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\DC\\StrongDC.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mpc-hc.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Program Files\\Valve\\cstrike.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\DC\\StrongDC++\\StrongDC.exe"=
"c:\\Program Files\\Kooperativa\\KalkZiv\\Kalk_ziv.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [22.9.2010 20:26 18110]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.1.2010 19:44 436792]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [9.6.2010 16:43 11352]
R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [22.9.2010 20:26 619390]
R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [22.9.2010 20:26 423454]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\bin\fbguard.exe -s --> c:\program files\Firebird\bin\fbguard.exe -s [?]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [22.6.2011 20:56 113536]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [21.1.2010 17:46 228408]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\bin\fbserver.exe -s --> c:\program files\Firebird\bin\fbserver.exe -s [?]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [7.5.2010 11:06 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.11.2009 19:27 19472]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [5.5.2011 22:19 16512]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [14.3.2010 13:56 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [14.3.2010 13:56 8320]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-26 12:36]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-26 12:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://gbt.toolbarhome.com/?hp=df
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Přidat do Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
TCP: DhcpNameServer = 81.92.158.230 192.168.0.1
FF - ProfilePath - c:\documents and settings\vojta\Data aplikací\Mozilla\Firefox\Profiles\2ka92sa4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - (no file)
WebBrowser-{0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - c:\windows\update.tray-1-0\svchost.exe
HKLM-Run-tray_ico1 - c:\windows\update.tray-3-0\svchost.exe
HKLM-Run-tray_ico2 - c:\windows\update.tray-7-0\svchost.exe
HKLM-Run-tray_ico3 - c:\windows\update.tray-12-0\svchost.exe
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-AVP - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-AVG - c:\program files\AVG\AVG10\avgmfapx.exe
AddRemove-Hledik - Poradce - MAKFAC,AWD,MBI - d:\ostatni\PORADKO\FORMALITY\GEN\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 22:06
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
zCpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2000478354-1123561945-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1c,3c,77,f9,bd,e9,4d,d4,b9,cb,d3,03,33,a6,de,16,2a,88,e0,8f,32,d0,52,
80,a5,51,4a,b7,54,27,aa,b3,f4,0d,f9,e0,71,47,df,c4,f2,3f,eb,c8,d6,17,44,5e,\
"??"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_USERS\S-1-5-21-2000478354-1123561945-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:0c,34,1e,f7,8c,9d,0d,63,28,e3,ed,45,6d,d5,1c,4e,e2,93,fa,87,29,
86,ef,df,18,3a,6c,f9,0c,06,06,13,77,e2,81,4e,28,f9,91,b4,75,ee,b4,19,43,06,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(960)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2736)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\idt\wdm\STacSV.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Firebird\bin\fbguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Firebird\bin\fbserver.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2011-07-26 22:11:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-26 20:11
.
Před spuštěním: 950 726 656
Po spuštění: Volných bajtů: 13 051 613 184
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect /usepmtimer
.
Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 9C185613AE7A15F3A7A5C904C8071F3D

[vyosek]

Pokud chcete, prejmenujte ComboFix na pitomec.com abyste si uvedomil, ze na blbiny se neklika

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Folder::
  c:\windows\update.tray-12-0
  c:\windows\update.tray-12-0-lnk
  c:\windows\update.tray-1-0
  c:\windows\update.tray-1-0-lnk
  c:\windows\update.tray-7-0
  c:\windows\update.tray-7-0-lnk
  c:\windows\av_ico
  c:\windows\update.tray-3-0
  c:\windows\update.tray-3-0-lnk
  
  File::
  c:\program files\DVDVideoSoft\tbDVD0.dll
  
  Registry::
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"=-
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "NeroFilterCheck"=-
  "QuickTime Task"=-
  "Adobe Reader Speed Launcher"=-
  "Adobe ARM"=-
  "SunJavaUpdateSched"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "FirewallOverride"=dword:00000000
  "DisableThumbnailCache"=dword:00000000
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
  "DisableMonitoring"=dword:00000000
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
  "C:\WINDOWS\services32.exe"=-
  "C:\WINDOWS\update.1\svchost.exe"=-
  "C:\WINDOWS\update.tray-3-0\svchost.exe"=-
  "C:\WINDOWS\update.2\svchost.exe"=-
  
  DDS::
  uStart Page = hxxp://gbt.toolbarhome.com/?hp=df
  uDefault_Search_URL = hxxp://search.qip.ru
  uSearchAssistant = hxxp://search.qip.ru/ie
  uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
  
  Firefox::
  FF - ProfilePath - c:\documents and settings\vojta\Data aplikací\Mozilla\Firefox\Profiles\2ka92sa4.default\
  FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.0.2&q=
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[vojtar87]

pise mi to ze je zapnutej avast a nod 32 a ze je mam bvypnout ale nevim jak. jesi je nevypnu ze se muze neco pokazit

[vyosek]

Jsou ty antiviry mrtve, havet je vyradila, varovani CFka odkliknete

[vojtar87]

ComboFix 11-07-26.03 - vojta 26.07.2011 22:33:46.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1789.1111 [GMT 2:00]
Spuštěný z: c:\documents and settings\vojta\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\vojta\Plocha\CFScript.txt
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Eset NOD32 Antivirus 2.50 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
FILE ::
"c:\program files\DVDVideoSoft\tbDVD0.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\av_ico\ico_KAV_START.ico
c:\windows\av_ico\ico_KAV_TXT.ico
c:\windows\av_ico\ico_KAV_UNINSTALL.ico
c:\windows\av_ico\ico_KAV_URL.ico
c:\windows\av_ico\ico_NOD_SS_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\update.tray-1-0-lnk
c:\windows\update.tray-1-0-lnk\svchost.exe
c:\windows\update.tray-1-0
c:\windows\update.tray-12-0-lnk
c:\windows\update.tray-12-0-lnk\svchost.exe
c:\windows\update.tray-12-0
c:\windows\update.tray-3-0-lnk
c:\windows\update.tray-3-0-lnk\svchost.exe
c:\windows\update.tray-3-0
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-7-0-lnk\svchost.exe
c:\windows\update.tray-7-0
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 18:35 . 2011-07-26 18:36 -------- d-----w- c:\program files\trend micro
2011-07-26 18:35 . 2011-07-26 18:36 -------- d-----w- C:\rsit
2011-07-26 18:07 . 2011-07-26 18:07 632064 ----a-w- c:\windows\system32\msvcr80.dll
2011-07-26 18:07 . 2011-07-26 18:07 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-07-26 18:07 . 2011-07-26 18:07 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-07-26 18:07 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\TASKMGR.COM
2011-07-26 18:07 . 2008-04-14 03:22 137216 ----a-w- c:\windows\system32\T.COM
2011-07-26 18:07 . 2008-04-14 03:22 147968 ----a-w- c:\windows\REGEDIT.COM
2011-07-26 18:07 . 2008-04-14 03:22 147968 ----a-w- c:\windows\R.COM
2011-07-26 18:07 . 2011-07-26 18:07 -------- d-----w- c:\program files\Common Files\MicroWorld
2011-07-26 18:06 . 2011-07-26 18:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2011-07-26 14:27 . 2011-07-26 14:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Common Files
2011-07-26 14:22 . 2011-07-26 14:24 -------- d-----w- c:\windows\system32\drivers\AVG
2011-07-26 14:13 . 2011-07-26 16:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-07-26 12:34 . 2011-07-01 13:36 767952 ----a-w- c:\windows\BDTSupport.dll
2011-07-26 12:34 . 2011-07-01 13:36 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-07-26 12:34 . 2011-07-01 13:36 2029520 ----a-w- c:\windows\PCTBDCore.dll
2011-07-26 12:34 . 2011-07-01 13:36 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-07-26 12:33 . 2010-07-16 12:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-07-26 12:33 . 2010-07-16 12:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-07-26 12:33 . 2011-07-11 07:05 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-07-26 12:33 . 2011-07-11 10:06 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-07-26 12:33 . 2011-07-11 10:02 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-07-26 12:33 . 2011-03-10 07:08 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-07-26 12:33 . 2011-07-11 07:07 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-07-26 12:32 . 2011-07-26 14:28 -------- d-----w- c:\program files\PC Tools Security
2011-07-26 12:32 . 2011-07-26 12:35 -------- d-----w- c:\program files\Common Files\PC Tools
2011-07-26 12:30 . 2011-07-26 12:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Tools
2011-07-26 08:34 . 2010-10-05 18:26 109240 ----a-w- c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
2011-07-26 08:34 . 2010-10-05 18:27 150200 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2011-07-26 08:33 . 2011-07-26 08:33 97545 ----a-w- c:\windows\system32\drivers\klick.dat
2011-07-26 08:33 . 2011-07-26 08:33 115465 ----a-w- c:\windows\system32\drivers\klin.dat
2011-07-26 08:28 . 2011-07-26 08:28 -------- d-----w- c:\program files\AMD APP
2011-07-26 08:28 . 2011-07-26 08:28 -------- d-----w- c:\program files\ATI
2011-07-26 08:17 . 2011-07-26 08:17 -------- d-----w- C:\ATI
2011-07-25 15:21 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-25 15:21 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-25 15:21 . 2011-07-04 11:37 103384 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-07-25 15:20 . 2011-07-04 11:36 194264 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-07-25 15:20 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-25 15:20 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-25 11:58 . 2011-07-25 11:58 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-06 18:50 . 2011-07-06 18:50 -------- d-----w- c:\documents and settings\vojta\Data aplikací\3v
2011-07-06 18:49 . 2011-07-06 18:49 -------- d-----w- c:\documents and settings\vojta\Data aplikací\GameBox
2011-07-06 18:49 . 2011-07-06 18:49 -------- d-----w- c:\program files\GameBox
2011-07-06 18:49 . 2011-07-06 18:49 -------- d-----w- c:\documents and settings\vojta\Local Settings\Data aplikací\antiphishing-radarsync1_0dn
2011-07-06 18:49 . 2011-07-06 18:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Anti-phishing Domain Advisor
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-26 18:12 . 2011-07-26 18:09 1917232 ----a-w- c:\windows\REGBK00.ZIP
2011-07-26 14:49 . 2010-01-21 15:40 90112 ----a-w- c:\windows\DUMP7658.tmp
2011-07-26 05:43 . 2010-01-21 16:03 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
2011-07-26 05:43 . 2010-01-21 16:03 1735040 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2011-07-25 18:42 . 2010-01-21 15:30 270336 ----a-w- c:\windows\system32\imon.dll
2011-06-06 11:35 . 2004-08-17 13:44 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-02 15:32 . 2010-01-21 15:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-17 13:49 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-03 21:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-24 12:22 . 2011-03-24 22:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vProt"="c:\program files\GameBox\vprot.exe" [2011-07-06 123480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-17 288312]
"zCpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-12-11 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-01 61440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HPCam_Menu"="c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-07 618496]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-02-18 506424]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [BU]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-07-07 1600984]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-07-01 247760]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\vojta\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Kooperativa - PDF Server.lnk - c:\program files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe [2011-6-21 2913280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\DC\\StrongDC.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mpc-hc.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Program Files\\Valve\\cstrike.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\DC\\StrongDC++\\StrongDC.exe"=
"c:\\Program Files\\Kooperativa\\KalkZiv\\Kalk_ziv.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sonypvl3;sonypvl3;c:\windows\system32\drivers\sonypvl3.sys [22.9.2010 20:26 18110]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.1.2010 19:44 436792]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [9.6.2010 16:43 11352]
R1 sonypvf3;sonypvf3;c:\windows\system32\drivers\sonypvf3.sys [22.9.2010 20:26 619390]
R1 sonypvt3;sonypvt3;c:\windows\system32\drivers\sonypvt3.sys [22.9.2010 20:26 423454]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\bin\fbguard.exe -s --> c:\program files\Firebird\bin\fbguard.exe -s [?]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [22.6.2011 20:56 113536]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [21.1.2010 17:46 228408]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\bin\fbserver.exe -s --> c:\program files\Firebird\bin\fbserver.exe -s [?]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [7.5.2010 11:06 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.11.2009 19:27 19472]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [5.5.2011 22:19 16512]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [14.3.2010 13:56 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [14.3.2010 13:56 8320]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-26 12:36]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-26 12:36]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Přidat do Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
TCP: DhcpNameServer = 81.92.158.230 192.168.0.1
FF - ProfilePath - c:\documents and settings\vojta\Data aplikací\Mozilla\Firefox\Profiles\2ka92sa4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 22:45
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
zCpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2000478354-1123561945-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1c,3c,77,f9,bd,e9,4d,d4,b9,cb,d3,03,33,a6,de,16,2a,88,e0,8f,32,d0,52,
80,a5,51,4a,b7,54,27,aa,b3,f4,0d,f9,e0,71,47,df,c4,f2,3f,eb,c8,d6,17,44,5e,\
"??"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_USERS\S-1-5-21-2000478354-1123561945-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:0c,34,1e,f7,8c,9d,0d,63,28,e3,ed,45,6d,d5,1c,4e,e2,93,fa,87,29,
86,ef,df,18,3a,6c,f9,0c,06,06,13,77,e2,81,4e,28,f9,91,b4,75,ee,b4,19,43,06,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2556)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\idt\wdm\STacSV.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Firebird\bin\fbguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Firebird\bin\fbserver.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2011-07-26 22:50:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-26 20:50
ComboFix2.txt 2011-07-26 20:11
.
Před spuštěním: Volných bajtů: 13 074 939 904
Po spuštění: Volných bajtů: 13 040 685 056
.
Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 3AAD436BF8381AB4C1EA839E5237DB34

[vyosek]

Jak se chova PC

[vojtar87]

napsalo to ze neni zapnutej firewall. jinak by to melo byt vše?

[vyosek]

Tak jeste uklidime

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Projedte PC postupne temito utilitami at to vycistime od tech zbytku antiviru

• http://files.avast.com/files/eng/aswclear.exe
• http://support.kaspersky.com/downloads/ ... emover.exe
• v nouzovem rezimu tohle http://download.eset.com/special/ESETUninstaller.exe postup http://www.viry.cz/forum/viewtopic.php?p=889437#p889437

Nainstalujte Avast free http://www.avast.com/cs-cz/free-antivirus-download

Napiste co PC

[vojtar87]

nemuzu odinstalovat eset v tom nouzovym rezimu. ntb se nejspis moc zahreje a vypne se po chvili. rucne v tom startu to nejde. pise mi to ze uz je odstranen a hleda to tou baterkou

[vyosek]

Podivejte se, ci nemate ucpane pruduchy vzduchu a ciste vetraky od prachu

[vojtar87]

při odinstalovaní esetu tam bylly na vyber 2 varianty dal jsem pouze ten eset to druhy sem tam nechal