FB vir, prosim pomoc

[Mr.Deas]

Zdravim,

Prosim o pomoc, nevim zda se jedna o FB vir nebo ne, ale podle vseho ano, zatim posilam LOG:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Misa at 2011-10-29 18:19:40
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 32 GB (39%) free of 82 GB
Total RAM: 1014 MB (29% free)

HijackThis download failed

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Misa\Data aplikací\Mozilla\Firefox\Profiles\y0su5goe.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.1, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.3.3&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
Cetrumcz_igeared.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Misa\Data aplikací\Mozilla\Firefox\Profiles\y0su5goe.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{800b5000-a755-47e1-992b-48a1c1357f07}
{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

C:\Documents and Settings\Misa\Data aplikací\Mozilla\Firefox\Profiles\y0su5goe.default\searchplugins\
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin.gif
icqplugin.src
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-23 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16 3942048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-07-07 1152776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - Astroburn Toolbar - C:\Program Files\Astroburn Toolbar\ABToolbar.dll [2011-01-25 992576]
{D5D47440-0750-463D-BAEF-A47D02414806}
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-11-21 1054520]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-07-07 1152776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-09-28 141336]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-09-28 173592]
"LiveUpdate"=C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [2010-01-29 751592]
"SynAsusAcpi"=C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [2009-11-19 83240]
"EeeSplendidAgent"=C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe []
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-14 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"CapsHook"=C:\Program Files\EeePC\CapsHook\CapsHook.exe [2010-05-28 445344]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-04-27 19523616]
"AsusTray"=C:\Program Files\EeePC\ACPI\AsTray.exe [2009-06-26 118784]
"AsusEPCMonitor"=C:\Program Files\EeePC\ACPI\AsEPCMon.exe [2009-05-08 98304]
"AsusACPIServer"=C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [2010-05-17 1246632]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-11-19 1594664]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"wxpdrv"=C:\WINDOWS\services32.exe [2011-10-27 1198080]
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-2-0\svchost.exe [2011-10-27 1198080]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"8079353.exe"=C:\DOCUME~1\Misa\LOCALS~1\Temp\8079353.exe [2011-10-27 258048]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-10-27 258048]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-10-27 258048]
"6179286.exe"=C:\WINDOWS\TEMP\6179286.exe [2011-10-27 258048]
"systemup"=C:\WINDOWS\systemup.exe [2011-10-27 380416]
"127726.exe"=C:\WINDOWS\TEMP\127726.exe [2011-10-27 258048]
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-10-27 232960]
"8695285.exe"=C:\WINDOWS\TEMP\8695285.exe [2011-10-27 1944576]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []
"TNOD UP"=C:\Program Files\TNod User & Password Finder\TNODUP.exe [2010-04-02 1811968]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"=C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [2010-03-25 402096]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ICQ"=C:\Program Files\ICQ7.5\ICQ.exe [2011-08-01 124480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil10v_Plugin.exe [2011-08-17 243360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-27 3883840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2009-09-28 141336]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-09-24 205312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Misa\Plocha\Misha\Flash-Player.exe"="C:\Documents and Settings\Misa\Plocha\Misha\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Misa\Plocha\Misha\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\update.tray-2-0\svchost.exe"="C:\WINDOWS\update.tray-2-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-2-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"msacm.siren"=sirenacm.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-10-29 18:19:41 ----D---- C:\Program Files\trend micro
2011-10-29 18:19:40 ----D---- C:\rsit
2011-10-27 23:37:36 ----D---- C:\Program Files\TNod User & Password Finder
2011-10-27 14:34:00 ----A---- C:\WINDOWS\l1rezerv.exe
2011-10-27 14:32:39 ----D---- C:\WINDOWS\ufa
2011-10-27 14:32:39 ----D---- C:\WINDOWS\rpcminer
2011-10-27 14:32:39 ----D---- C:\WINDOWS\phoenix
2011-10-27 14:31:20 ----HD---- C:\WINDOWS\update.7.1
2011-10-27 14:30:08 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-10-27 14:29:46 ----HD---- C:\WINDOWS\update.5.0
2011-10-27 14:26:23 ----HD---- C:\WINDOWS\update.8.1
2011-10-27 14:26:05 ----A---- C:\WINDOWS\systemup.exe
2011-10-27 14:25:35 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-10-27 14:24:59 ----A---- C:\WINDOWS\unrar.exe
2011-10-27 14:24:57 ----HD---- C:\WINDOWS\update.2
2011-10-27 14:24:11 ----A---- C:\WINDOWS\iplist.txt
2011-10-27 14:24:08 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-10-27 14:23:54 ----A---- C:\WINDOWS\sysdriver32.exe
2011-10-27 14:23:39 ----A---- C:\WINDOWS\front_ip_list.txt
2011-10-27 14:22:31 ----D---- C:\WINDOWS\av_ico
2011-10-27 14:21:17 ----HD---- C:\WINDOWS\update.1
2011-10-27 14:21:14 ----HD---- C:\WINDOWS\update.tray-2-0-lnk
2011-10-27 14:21:14 ----HD---- C:\WINDOWS\update.tray-2-0
2011-10-27 14:09:38 ----A---- C:\WINDOWS\winlog-ids.txt
2011-10-27 14:09:38 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-10-27 14:09:29 ----A---- C:\WINDOWS\services32.exe
2011-10-22 22:08:23 ----A---- C:\WINDOWS\system32\drivers\bthpan.sys
2011-10-22 22:08:13 ----A---- C:\WINDOWS\system32\drivers\rfcomm.sys
2011-10-22 22:08:12 ----A---- C:\WINDOWS\system32\drivers\BthEnum.sys
2011-10-22 22:08:11 ----A---- C:\WINDOWS\system32\irmon.dll
2011-10-22 22:08:11 ----A---- C:\WINDOWS\system32\irftp.exe
2011-10-22 22:08:10 ----A---- C:\WINDOWS\system32\wshirda.dll
2011-10-22 22:07:58 ----A---- C:\WINDOWS\system32\drivers\BTHUSB.SYS
2011-10-17 11:44:23 ----D---- C:\WINDOWS\Sun
2011-10-13 07:36:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2011-10-13 07:27:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2011-10-13 07:27:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2011-10-09 21:41:30 ----D---- C:\Program Files\FreeMind
2011-10-09 21:40:51 ----D---- C:\Program Files\Common Files\Java
2011-10-09 21:40:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2011-10-09 21:39:16 ----A---- C:\WINDOWS\system32\javaws.exe
2011-10-09 21:39:16 ----A---- C:\WINDOWS\system32\javaw.exe
2011-10-09 21:39:16 ----A---- C:\WINDOWS\system32\java.exe
2011-10-09 21:39:16 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-10-09 21:38:22 ----D---- C:\Program Files\Java
2011-10-09 21:36:02 ----D---- C:\Documents and Settings\Misa\Data aplikací\Sun

======List of files/folders modified in the last 1 month======

2011-10-29 18:19:41 ----RD---- C:\Program Files
2011-10-29 18:19:40 ----D---- C:\WINDOWS\Prefetch
2011-10-29 15:28:06 ----D---- C:\WINDOWS\Temp
2011-10-28 14:28:06 ----D---- C:\WINDOWS\system32\CatRoot2
2011-10-28 07:48:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-10-27 23:27:51 ----D---- C:\WINDOWS
2011-10-27 23:26:36 ----A---- C:\boot.ini
2011-10-27 23:24:44 ----SHD---- C:\WINDOWS\Installer
2011-10-27 23:24:29 ----D---- C:\WINDOWS\system32\drivers
2011-10-27 14:27:11 ----SHD---- C:\System Volume Information
2011-10-27 14:27:11 ----D---- C:\WINDOWS\system32\Restore
2011-10-27 14:25:20 ----D---- C:\WINDOWS\system32\drivers\etc
2011-10-27 14:20:02 ----D---- C:\WINDOWS\security
2011-10-26 00:24:08 ----D---- C:\Documents and Settings\Misa\Data aplikací\ICQ
2011-10-22 22:08:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-10-22 22:08:12 ----D---- C:\WINDOWS\system32
2011-10-22 22:07:53 ----HD---- C:\WINDOWS\inf
2011-10-13 07:54:59 ----D---- C:\Program Files\Microsoft Silverlight
2011-10-13 07:53:51 ----RSD---- C:\WINDOWS\assembly
2011-10-13 07:44:16 ----D---- C:\WINDOWS\Microsoft.NET
2011-10-13 07:36:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-10-13 07:35:42 ----D---- C:\WINDOWS\WinSxS
2011-10-13 07:27:48 ----A---- C:\WINDOWS\system32\MRT.exe
2011-10-13 07:27:43 ----A---- C:\WINDOWS\imsins.BAK
2011-10-13 07:27:24 ----HD---- C:\WINDOWS\$hf_mig$
2011-10-13 07:27:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-10-13 07:25:16 ----D---- C:\Program Files\Internet Explorer
2011-10-13 07:24:47 ----D---- C:\WINDOWS\ie8updates
2011-10-10 10:58:27 ----A---- C:\WINDOWS\win.ini
2011-10-09 21:40:51 ----D---- C:\Program Files\Common Files
2011-10-09 16:10:35 ----D---- C:\Program Files\Mozilla Firefox
2011-10-03 10:31:24 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2009-06-04 330264]
R1 AsUpIO;AsUpIO; C:\WINDOWS\system32\drivers\AsUpIO.sys [2010-03-31 11520]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-02-01 218688]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-08-03 95896]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-06 54752]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2009-08-12 1582624]
R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2008-04-08 10752]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-09-24 6301696]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-04-27 6031904]
R3 kbfiltr;Keyboard Filter; C:\WINDOWS\system32\DRIVERS\kbfiltr.sys [2008-11-03 13880]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2009-07-27 44032]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 rtsuvc;Realtek USB2.0 PC Camera; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [2010-02-04 73088]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-11-19 230448]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 btaudio;Zvukové zařízení Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTDriver;Ovladač virtuálních komunikací Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 BTWDNDIS;Server pro přístup k síti LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ddservice;ddservice; C:\WINDOWS\update.7.1\svchostdriver.exe [2011-10-27 376832]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-09 153376]
R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-10-27 976384]
R2 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe [2011-10-27 1944576]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-10-27 258048]
R2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-10-27 1198080]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 BBSvc;Bing Bar Update Service; C:\Program Files\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe []
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-06 704864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-11 136120]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-06 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[chodnik74]

Dobrý večer
Ano máte FB vir..co uděláme s nelegálním ESET? Změníme po dokončení léčení na nějaký free Antivir? Prototže nelegální věci jsou největším zdrojem problémů a havěti vůbec, když nemluvíme o zákonu...

Používáte legální operační systém?

Stáhneme si program CKScanner

• Spustíme stažený program CKScanner.exe
• Klineme na tlačítko Search for files a počkáme
• Po dokončení se nám ukáže log,klikneme na Save List to File
• Ve stejném umístění jako je program CKScanner.exe najdeme soubor ckfiles.txt
• Otevřeme soubor ckfiles.txt a jeho obsah vložíme sem na forum

Pravidla fora: č.1 a č.2, č.3

[Mr.Deas]

Zdravim,

Bud zakoupim NOD a nebo prejdu na Free jeste uvidim, jinak system mam samozrejme legalni...

Postupoval jsem podle popisu, a prikladam text:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----


Dekuji

[chodnik74]

Dobře...jsme dohodnutí free řešení postačí

Stáhněte program RogueKiller

• Spuste program
• Stiskněte klávesu 2 a enter
• Objeví se vám log a ten sem vložte
• Stějně tak opakujte s volbou 3 a 4 a vložte logy

[Mr.Deas]

RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Misa [Admin rights]
Mode: Remove -- Date : 10/30/2011 19:51:53

Bad processes: 17
[SVCHOST] svchost.exe -- c:\windows\update.tray-2-0\svchost.exe -> KILLED [TermProc]
[SUSP PATH] systemup.exe -- c:\windows\systemup.exe -> KILLED [TermProc]
[SUSP PATH] l1rezerv.exe -- c:\windows\l1rezerv.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED [TermProc]
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- c:\windows\update.1\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SERVICE] srvbtcclient -- C:\WINDOWS\update.5.0\svchost.exe srv -> STOPPED
[SERVICE] srviecheck -- C:\WINDOWS\update.2\svchost.exe srv -> STOPPED
[SERVICE] srvsysdriver32 -- C:\WINDOWS\sysdriver32.exe srv -> STOPPED
[SERVICE] wxpdrivers -- C:\WINDOWS\update.1\svchost.exe srv -> STOPPED

Registry Entries: 31
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\WINDOWS\services32.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : tray_ico0 (C:\WINDOWS\update.tray-2-0\svchost.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 8079353.exe ("C:\DOCUME~1\Misa\LOCALS~1\Temp\8079353.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\WINDOWS\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\WINDOWS\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 6179286.exe ("C:\WINDOWS\TEMP\6179286.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : systemup ("C:\WINDOWS\systemup.exe" stand) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 127726.exe ("C:\WINDOWS\TEMP\127726.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : l1rezerv.exe ("C:\WINDOWS\l1rezerv.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 8695285.exe ("C:\WINDOWS\TEMP\8695285.exe") -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\WINDOWS\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\WINDOWS\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\WINDOWS\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\WINDOWS\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\WINDOWS\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\WINDOWS\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\WINDOWS\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\WINDOWS\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVBTCCLIENT () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVIECHECK () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVSYSDRIVER32 () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_WXPDRIVERS () -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (192.168.1.1:800) -> NOT REMOVED, USE PROXYFIX
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{BA7E0404-3153-43AE-BC35-CC002486C700} : NameServer (10.0.0.138) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{BA7E0404-3153-43AE-BC35-CC002486C700} : NameServer (10.0.0.138) -> NOT REMOVED, USE DNSFIX
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()

Particular Files / Folders:

Driver: [LOADED]

HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt






RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Misa [Admin rights]
Mode: Remove -- Date : 10/30/2011 19:53:49

Bad processes: 0

Registry Entries: 4
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (192.168.1.1:800) -> NOT REMOVED, USE PROXYFIX
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{BA7E0404-3153-43AE-BC35-CC002486C700} : NameServer (10.0.0.138) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{BA7E0404-3153-43AE-BC35-CC002486C700} : NameServer (10.0.0.138) -> NOT REMOVED, USE DNSFIX

Particular Files / Folders:

Driver: [LOADED]

HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]


Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt






RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Misa [Admin rights]
Mode: ProxyFix -- Date : 10/30/2011 19:54:20

Bad processes: 0

Driver: [LOADED]

Registry Entries: 2
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> REPLACED (0)
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (192.168.1.1:800) -> DELETED

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

[chodnik74]

Výborně pokračujeme Combofixem...


Program nepoužívejte bez doporučení Rádce a pozorně se řiďte následujících pokynu,protože program netoleruje chyby a může dojít k úplnému poškození systému!!

• Stáhneme si Combofix
• Program uložíme nejlépe na Plochu
• Vypneme všechny rezidentní štíty.Jak antiviru,tak antispywaru a firewallu
• Vypneme všechny běžící aplikace (ICQ,prohlížeč,programy) a necháme pouze Combofix
• Spustíme Combofix.exe s administrátorským oprávněním
  U Windows XP se přihlásíme pod účtem správce
  Ve Windows 7 a Vista klikněte pravým tlačítkem myši na Combofix.exe a dejte ,,Spustit jako správce,,)
• Hned po startu programu na vás vyskočí licenční podmínky,tak potvrdíme tlačítkemANO
• Pokud vám Combofix nabídne instalaci Konzoly pro zotavení,tak souhlaste a nechte nainstalovat(zde je potřeba aktivní připojení na internet)
• Pokračujte dle pokynů programu a během skenování na nic neklikejte,na pc nepracujte(ICQ,jiné aplikace,internet..).Nechte počítač v klidu.
• Celý sken tvá mezi 5-15 min,ale pokud je v PC hodně havěti,tak se čas může lišit.
• Po skončení skenování(případném restartu počítače) se vám zobrazí log z Combofixu,který mi vložte sem(Kdyby se log nezobrazil,tak jej najdete zde: C:\ComboFix.txt
• (Pokud si nevíte rady s kterýmkoliv z výše uvedených kroků,tak se ptejte nebo mrkněte na detailnější návod včetně obrázků http://www.bleepingcomputer.com/combofi ... t-combofix )

[Mr.Deas]

ComboFix 11-10-30.03 - Misa 30.10.2011 21:04:21.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.645 [GMT 1:00]
Spuštěný z: c:\documents and settings\Misa\Dokumenty\Stažené soubory\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\FullRemove.exe
c:\documents and settings\Misa\WINDOWS
c:\windows\IsUn0405.exe
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\rpcminer
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\sysdriver32_.exe
c:\windows\system32\service
c:\windows\system32\service\01122010_TIS17_PccScan.log
c:\windows\system32\service\03012011_TIS17_SfFniAU.log
c:\windows\system32\service\04122010_TIS17_PccScan.log
c:\windows\system32\service\05012011_TIS17_PccScan.log
c:\windows\system32\service\06012011_TIS17_PccScan.log
c:\windows\system32\service\06122010_TIS17_SfFniAU.log
c:\windows\system32\service\07122010_TIS17_PccScan.log
c:\windows\system32\service\08122010_TIS17_PccScan.log
c:\windows\system32\service\12052010_TIS17_PccScan.log
c:\windows\system32\service\12122010_TIS17_PccScan.log
c:\windows\system32\service\14012011_TIS17_PccScan.log
c:\windows\system32\service\18112010_TIS17_PccScan.log
c:\windows\system32\service\24012011_TIS17_PccScan.log
c:\windows\system32\service\24112010_TIS17_PccScan.log
c:\windows\system32\service\27112010_TIS17_PccScan.log
c:\windows\system32\service\31012011_TIS17_PccScan.log
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.7.1
c:\windows\update.7.1\svchostdriver.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DDSERVICE
-------\Service_ddservice
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-28 do 2011-10-30 )))))))))))))))))))))))))))))))
.
.
2011-10-30 18:51 . 2011-10-30 18:54 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-10-29 16:19 . 2011-10-29 16:19 -------- d-----w- c:\program files\trend micro
2011-10-29 16:19 . 2011-10-29 16:20 -------- d-----w- C:\rsit
2011-10-27 14:25 . 2011-10-27 14:25 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2011-10-27 12:34 . 2011-10-27 12:33 232960 ----a-w- c:\windows\l1rezerv.exe
2011-10-27 12:32 . 2011-10-27 12:32 -------- d-----w- c:\windows\ufa
2011-10-27 12:26 . 2011-10-27 12:26 -------- d--h--w- c:\windows\update.8.1
2011-10-27 12:26 . 2011-10-27 12:25 380416 ----a-w- c:\windows\systemup.exe
2011-10-27 12:24 . 2011-10-27 12:32 246272 ----a-w- c:\windows\unrar.exe
2011-10-27 12:23 . 2011-10-27 12:23 258048 ----a-w- c:\windows\sysdriver32.exe
2011-10-27 12:22 . 2011-10-27 12:22 -------- d-----w- c:\windows\av_ico
2011-10-27 12:21 . 2011-10-27 12:21 -------- d--h--w- c:\windows\update.tray-2-0
2011-10-27 12:21 . 2011-10-27 12:21 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-10-27 12:09 . 2011-10-27 12:09 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-10-27 12:09 . 2011-10-27 12:08 1198080 ----a-w- c:\windows\services32.exe
2011-10-22 20:08 . 2008-04-13 22:21 101120 -c--a-w- c:\windows\system32\dllcache\bthpan.sys
2011-10-22 20:08 . 2008-04-13 22:21 101120 ----a-w- c:\windows\system32\drivers\bthpan.sys
2011-10-22 20:08 . 2008-04-13 22:16 59136 -c--a-w- c:\windows\system32\dllcache\rfcomm.sys
2011-10-22 20:08 . 2008-04-13 22:16 59136 ----a-w- c:\windows\system32\drivers\rfcomm.sys
2011-10-22 20:08 . 2008-04-13 22:16 17024 -c--a-w- c:\windows\system32\dllcache\bthenum.sys
2011-10-22 20:08 . 2008-04-13 22:16 17024 ----a-w- c:\windows\system32\drivers\BthEnum.sys
2011-10-22 20:08 . 2008-04-14 06:52 152064 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2011-10-22 20:08 . 2008-04-14 06:52 152064 ----a-w- c:\windows\system32\irftp.exe
2011-10-22 20:08 . 2008-04-14 06:51 27648 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2011-10-22 20:08 . 2008-04-14 06:51 27648 ----a-w- c:\windows\system32\irmon.dll
2011-10-22 20:08 . 2008-04-14 06:52 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-10-22 20:08 . 2008-04-14 06:52 8192 ----a-w- c:\windows\system32\wshirda.dll
2011-10-22 20:07 . 2008-04-13 22:16 18944 -c--a-w- c:\windows\system32\dllcache\bthusb.sys
2011-10-22 20:07 . 2008-04-13 22:16 18944 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-10-17 09:44 . 2011-10-17 09:44 -------- d-----w- c:\windows\Sun
2011-10-09 19:42 . 2011-10-15 11:43 -------- d-----w- c:\documents and settings\Misa\.freemind
2011-10-09 19:41 . 2011-10-09 19:41 -------- d-----w- c:\program files\FreeMind
2011-10-09 19:40 . 2011-10-09 19:40 -------- d-----w- c:\program files\Common Files\Java
2011-10-09 19:39 . 2011-10-09 19:38 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-09 19:39 . 2011-10-09 19:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-09 19:39 . 2011-10-09 19:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-09 19:38 . 2011-10-09 19:38 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 09:41 . 2009-12-23 18:07 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2009-12-23 18:07 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2009-12-23 18:07 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2009-12-23 18:07 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:41 . 2009-12-23 18:07 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2009-12-23 18:07 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2009-12-23 18:07 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2009-12-23 18:07 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2009-12-23 18:07 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 07:27 . 2011-06-07 07:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-09-14 16:59 . 2011-02-01 23:04 63797 ----a-w- c:\program files\uninst-tnod.exe
2010-09-05 17:12 . 2011-02-01 23:04 1837056 ----a-w- c:\program files\TNODUP.exe
2010-04-01 22:08 . 2011-02-01 23:04 97792 ----a-w- c:\program files\tnodicons.icl
2010-04-01 14:56 . 2011-02-01 23:04 15 ----a-w- c:\program files\Recover data of current License.bat
2010-03-22 12:24 . 2011-02-01 23:04 18 ----a-w- c:\program files\Insert License with the maximum expiration date.bat
2010-02-05 21:27 . 2011-02-01 23:04 15 ----a-w- c:\program files\Licenses Downloader.bat
2009-11-17 06:44 . 2011-02-01 23:04 15 ----a-w- c:\program files\config.bat
2009-10-01 07:50 . 2011-02-01 23:04 29 ----a-w- c:\program files\download licenses.bat
2011-10-09 14:10 . 2011-06-04 09:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"= "c:\program files\Astroburn Toolbar\ABToolbar.dll" [2011-01-25 992576]
.
[HKEY_CLASSES_ROOT\clsid\{efeed92a-a33d-4873-ba8f-32baa631e54d}]
[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{142EECD7-B6CA-4e29-AE5D-A4798EF4FD7F}]
[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"= "c:\program files\Astroburn Toolbar\ABToolbar.dll" [2011-01-25 992576]
.
[HKEY_CLASSES_ROOT\clsid\{efeed92a-a33d-4873-ba8f-32baa631e54d}]
[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{142EECD7-B6CA-4e29-AE5D-A4798EF4FD7F}]
[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2010-03-25 402096]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-08-01 124480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-28 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-28 173592]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2010-01-29 751592]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-11-19 83240]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"CapsHook"="c:\program files\EeePC\CapsHook\CapsHook.exe" [2010-05-28 445344]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-27 19523616]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-06-26 118784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 98304]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2010-05-17 1246632]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 1594664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2010-3-18 385024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 23:45 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-28 13:59 141336 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\update.tray-2-0\\svchost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [18.3.2010 0:51 11520]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1.2.2011 16:54 218688]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 13:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3.8.2010 13:28 95896]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [15.6.2011 16:33 249648]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [18.11.2010 21:41 247608]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3.11.2009 9:34 44032]
R3 rtsuvc;Realtek USB2.0 PC Camera;c:\windows\system32\drivers\rtsuvc.sys [18.11.2010 21:58 73088]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [18.11.2010 21:57 1691480]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7.7.2011 18:31 195336]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [30.10.2011 19:51 111872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [23.12.2009 19:07 14336]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{BA7E0404-3153-43AE-BC35-CC002486C700}: NameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Misa\Data aplikací\Mozilla\Firefox\Profiles\y0su5goe.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: network.proxy.http - 192.168.1.1.
FF - prefs.js: network.proxy.http_port - 800
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-EeeSplendidAgent - c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
AddRemove-TNod - c:\program files\TNod User & Password Finder\uninst-TNod.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-30 21:21
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1176)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxext.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2011-10-30 21:26:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-30 20:26
.
Před spuštěním: Volných bajtů: 33 274 671 104
Po spuštění: Volných bajtů: 33 979 842 560
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=AlwaysOff /fastdetect
.
- - End Of File - - 63581EDFFC295CF8DB871517268C2CC7

[chodnik74]

Pokračovat budeme zítra, počítejte nejdříve kolem 16h

[Mr.Deas]

V pohode jsem do 17:00 v praci, jinak PC uz jede docela normalne, ale stale tu neco je, antivir nejde a jsou tu nejake drobne problemy.... zatim diky

[chodnik74]

Odinstalujte BingBar,ICQ toolbar a další toolbary
Odinstalujte ESET...

Otevřeme si Poznámkový blok

• (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)
• Vložíme do něj následující script:

  Kód: Vybrat vše

  
  KillAll::
  
  Folder::
  c:\program files\TNod User & Password Finder\
  c:\windows\ufa
  c:\windows\update.8.1
  c:\windows\av_ico
  c:\windows\update.tray-2-0
  c:\windows\update.tray-2-0-lnk
  
  Firefox::
  FF - ProfilePath - c:\documents and settings\Misa\Data aplikací\Mozilla\Firefox\Profiles\y0su5goe.default\
  FF - prefs.js: browser.search.selectedEngine - ICQ Search
  FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.3.3&q=
  FF - prefs.js: network.proxy.http - 192.168.1.1.
  FF - prefs.js: network.proxy.http_port - 800
  FF - prefs.js: network.proxy.type - 0
  
  Driver::
  BBSvc
  ICQ Service
  BBUpdate
  
  File::
  c:\program files\Microsoft\BingBar\BBSvc.EXE
  c:\program files\ICQ6Toolbar\ICQ Service.exe
  c:\program files\Microsoft\BingBar\SeaPort.EXE
  c:\program files\uninst-tnod.exe
  c:\program files\TNODUP.exe
  c:\program files\tnodicons.icl
  c:\windows\services32.exe
  c:\windows\l1rezerv.exe
  c:\windows\systemup.exe
  c:\windows\unrar.exe
  c:\windows\sysdriver32.exe
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"=-
  [-HKEY_CLASSES_ROOT\clsid\{efeed92a-a33d-4873-ba8f-32baa631e54d}]
  [-HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj.1]
  [-HKEY_CLASSES_ROOT\TypeLib\{142EECD7-B6CA-4e29-AE5D-A4798EF4FD7F}]
  [-HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj]
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"=-
  [-HKEY_CLASSES_ROOT\clsid\{efeed92a-a33d-4873-ba8f-32baa631e54d}]
  [-HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj.1]
  [-HKEY_CLASSES_ROOT\TypeLib\{142EECD7-B6CA-4e29-AE5D-A4798EF4FD7F}]
  [-HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj]
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "DAEMON Tools Lite"=-
  "ICQ"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "IgfxTray"=-
  "LiveUpdate"=-
  "Adobe Reader Speed Launcher"=-
  "Adobe ARM"=-
  "SunJavaUpdateSched"=-
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "DisableThumbnailCache"=dword:00000000
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "c:\\WINDOWS\\update.tray-2-0\\svchost.exe"=-
  
  Reboot::
  

• Soubor uložíme na Plochu jako CFScript.txt
• Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme
  
  
• Poté Combofix provede všechny operace a udělá nový log,který sem vložte

Může se stát,že po aplikaci scriptu nenaběhne Windows běžným způsobem.V tomto případě restartujte počítač a při startu mačkejte F8 a zvolte možnost Poslední známá funkční konfigurace

[Mr.Deas]

Vse jsem smazal, akorad mam problem stim esetem, nejde pise porad tu tabulku... Tak nevim ted nejak to by asi delat uz nemelo ?

[Mr.Deas]

Zmena, uz jsem to dokazal takze udelam body co mam a hned napisu:-) zatim dekuji

[chodnik74]

Výborně čekám na log z Combofixu

[Mr.Deas]

ComboFix 11-11-04.01 - Misa 04.11.2011 7:04.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.519 [GMT 1:00]
Spuštěný z: c:\documents and settings\Misa\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Misa\Plocha\CFScript.txt
.
FILE ::
"c:\program files\ICQ6Toolbar\ICQ Service.exe"
"c:\program files\Microsoft\BingBar\BBSvc.EXE"
"c:\program files\Microsoft\BingBar\SeaPort.EXE"
"c:\program files\tnodicons.icl"
"c:\program files\TNODUP.exe"
"c:\program files\uninst-tnod.exe"
"c:\windows\l1rezerv.exe"
"c:\windows\services32.exe"
"c:\windows\sysdriver32.exe"
"c:\windows\systemup.exe"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\av_ico
c:\windows\av_ico\ico_NOD_AV_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\update.8.1
c:\windows\update.tray-2-0-lnk
c:\windows\update.tray-2-0-lnk\svchost.exe
c:\windows\update.tray-2-0
c:\windows\update.tray-2-0\svchost.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-04 do 2011-11-04 )))))))))))))))))))))))))))))))
.
.
2011-11-03 23:11 . 2011-11-03 23:11 -------- d-----w- c:\documents and settings\Misa\Data aplikací\gtk-2.0
2011-11-03 23:10 . 2011-11-03 23:10 -------- d-----w- c:\documents and settings\Misa\.thumbnails
2011-11-03 20:07 . 2011-11-03 23:12 -------- d-----w- c:\documents and settings\Misa\.gimp-2.6
2011-11-03 20:07 . 2011-11-03 20:07 -------- d-----w- c:\program files\GIMP-2.0
2011-10-30 18:51 . 2011-10-30 18:54 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-10-29 16:19 . 2011-10-29 16:19 -------- d-----w- c:\program files\trend micro
2011-10-29 16:19 . 2011-10-29 16:20 -------- d-----w- C:\rsit
2011-10-27 14:25 . 2011-10-27 14:25 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2011-10-27 12:34 . 2011-10-27 12:33 232960 ----a-w- c:\windows\l1rezerv.exe
2011-10-27 12:26 . 2011-10-27 12:25 380416 ----a-w- c:\windows\systemup.exe
2011-10-27 12:24 . 2011-10-27 12:32 246272 ----a-w- c:\windows\unrar.exe
2011-10-27 12:23 . 2011-10-27 12:23 258048 ----a-w- c:\windows\sysdriver32.exe
2011-10-27 12:09 . 2011-10-27 12:09 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-10-27 12:09 . 2011-10-27 12:08 1198080 ----a-w- c:\windows\services32.exe
2011-10-22 20:08 . 2008-04-13 22:21 101120 -c--a-w- c:\windows\system32\dllcache\bthpan.sys
2011-10-22 20:08 . 2008-04-13 22:21 101120 ----a-w- c:\windows\system32\drivers\bthpan.sys
2011-10-22 20:08 . 2008-04-13 22:16 59136 -c--a-w- c:\windows\system32\dllcache\rfcomm.sys
2011-10-22 20:08 . 2008-04-13 22:16 59136 ----a-w- c:\windows\system32\drivers\rfcomm.sys
2011-10-22 20:08 . 2008-04-13 22:16 17024 -c--a-w- c:\windows\system32\dllcache\bthenum.sys
2011-10-22 20:08 . 2008-04-13 22:16 17024 ----a-w- c:\windows\system32\drivers\BthEnum.sys
2011-10-22 20:08 . 2008-04-14 06:52 152064 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2011-10-22 20:08 . 2008-04-14 06:52 152064 ----a-w- c:\windows\system32\irftp.exe
2011-10-22 20:08 . 2008-04-14 06:51 27648 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2011-10-22 20:08 . 2008-04-14 06:51 27648 ----a-w- c:\windows\system32\irmon.dll
2011-10-22 20:08 . 2008-04-14 06:52 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-10-22 20:08 . 2008-04-14 06:52 8192 ----a-w- c:\windows\system32\wshirda.dll
2011-10-22 20:07 . 2008-04-13 22:16 18944 -c--a-w- c:\windows\system32\dllcache\bthusb.sys
2011-10-22 20:07 . 2008-04-13 22:16 18944 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-10-17 09:44 . 2011-10-17 09:44 -------- d-----w- c:\windows\Sun
2011-10-09 19:42 . 2011-10-15 11:43 -------- d-----w- c:\documents and settings\Misa\.freemind
2011-10-09 19:41 . 2011-10-09 19:41 -------- d-----w- c:\program files\FreeMind
2011-10-09 19:40 . 2011-10-09 19:40 -------- d-----w- c:\program files\Common Files\Java
2011-10-09 19:39 . 2011-10-09 19:38 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-09 19:39 . 2011-10-09 19:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-09 19:39 . 2011-10-09 19:38 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-09 19:38 . 2011-10-09 19:38 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 09:41 . 2009-12-23 18:07 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2008-07-29 17:59 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2009-12-23 18:07 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2009-12-23 18:07 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2009-12-23 18:07 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:41 . 2009-12-23 18:07 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2009-12-23 18:07 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2009-12-23 18:07 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2009-12-23 18:07 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2009-12-23 18:07 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 07:27 . 2011-06-07 07:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-09-14 16:59 . 2011-02-01 23:04 63797 ----a-w- c:\program files\uninst-tnod.exe
2010-09-05 17:12 . 2011-02-01 23:04 1837056 ----a-w- c:\program files\TNODUP.exe
2010-04-01 22:08 . 2011-02-01 23:04 97792 ----a-w- c:\program files\tnodicons.icl
2010-04-01 14:56 . 2011-02-01 23:04 15 ----a-w- c:\program files\Recover data of current License.bat
2010-03-22 12:24 . 2011-02-01 23:04 18 ----a-w- c:\program files\Insert License with the maximum expiration date.bat
2010-02-05 21:27 . 2011-02-01 23:04 15 ----a-w- c:\program files\Licenses Downloader.bat
2009-11-17 06:44 . 2011-02-01 23:04 15 ----a-w- c:\program files\config.bat
2009-10-01 07:50 . 2011-02-01 23:04 29 ----a-w- c:\program files\download licenses.bat
2011-10-09 14:10 . 2011-06-04 09:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-30_20.21.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-04 06:12 . 2011-11-04 06:12 16384 c:\windows\temp\Perflib_Perfdata_560.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2010-03-25 402096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-28 173592]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-11-19 83240]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"CapsHook"="c:\program files\EeePC\CapsHook\CapsHook.exe" [2010-05-28 445344]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-27 19523616]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-06-26 118784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 98304]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2010-05-17 1246632]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 1594664]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2010-3-18 385024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [18.3.2010 0:51 11520]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1.2.2011 16:54 218688]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 13:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3.8.2010 13:28 95896]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3.11.2009 9:34 44032]
R3 rtsuvc;Realtek USB2.0 PC Camera;c:\windows\system32\drivers\rtsuvc.sys [18.11.2010 21:58 73088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [18.11.2010 21:57 1691480]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [30.10.2011 19:51 111872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [23.12.2009 19:07 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{BA7E0404-3153-43AE-BC35-CC002486C700}: NameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Misa\Data aplikací\Mozilla\Firefox\Profiles\y0su5goe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-04 07:12
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1192)
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxext.exe
.
**************************************************************************
.
Celkový čas: 2011-11-04 07:16:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-04 06:16
ComboFix2.txt 2011-10-30 20:26
.
Před spuštěním: Volných bajtů: 34 441 768 960
Po spuštění: Volných bajtů: 34 479 284 224
.
- - End Of File - - 86C0DD0AA0E255F3E31AEFEBD60A6481

[chodnik74]

Stáhneme si na Plochu program OTM

• Spustíme soubor OTM.exe (pokud máte Windows Vista nebo Windows 7,tak na soubor klikněte pravým tlačítkem myši a dejte ,,Spustit jako správce,,)
• Spustí se nám program OTM a do levého okna ,,Paste Instructions for Items to be Moved,, vložíme následující skript a stiskneme tlačítko MoveIt
  

  Kód: Vybrat vše

  :Files
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  c:\windows\services32.exe
  c:\windows\l1rezerv.exe
  c:\windows\systemup.exe
  c:\windows\unrar.exe
  c:\windows\sysdriver32.exe
  
  :Reg
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "AntiVirusOverride"=dword:00000000
  
  :commands 
  [emptytemp]
  [clearallrestorepoints]
  [resethosts]
  [emptyflash]
  

• Po restartu pc se vám objeví log z OTM,ten mi sem prosím vložte..