facebook vir

Zpráva

dmntfrost · #1 Příspěvek od **dmntfrost** » 02 lis 2011 16:36

Logfile of random's system information tool 1.09 (written by random/random)
Run by havel at 2011-11-02 16:25:52
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 100 GB (65%) free of 153 GB
Total RAM: 2038 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:26:17, on 2.11.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\services32.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\ESRI\License\arcgis9x\ARCGIS.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\havel\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\havel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [wxpdrv] C:\WINDOWS\services32.exe
O4 - HKLM\..\Run: [1832359.exe] "C:\DOCUME~1\havel\LOCALS~1\Temp\1832359.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://citrix.cez.cz/dana-cached/sc/Ju ... Client.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcGIS License Manager - Acresso Software Inc. - C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: Služba F-Secure Network Request Broker (F-Secure Network Request Broker) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O2FLASH - O2Micro International - C:\WINDOWS\system32\DRIVERS\o2flash.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8934 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\havel\Data aplikací\Mozilla\Firefox\Profiles\0r1u11o6.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.com/"
prefs.js - "extensions.enabledItems" - "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6, {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.22, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, vshare@toolbar:1.0.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.19"
prefs.js - "keyword.URL" - "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}"=C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0]
"Description"=BlackBerry Web Software Loading Helper Plug-In for Mozilla browsers
"Path"=C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
aboutCertError.js
aboutPrivateBrowsing.js
aboutRights.js
aboutRobots.js
aboutSessionRestore.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
IICAClient.xpt
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
cgpcfg.dll
CgpCore.dll
confmgr.dll
ctxlogging.dll
ctxmui.dll
ICAClObj.class
icafile.dll
icalogon.dll
Microsoft.VC80.CRT.manifest
msvcm80.dll
msvcp80.dll
msvcr80.dll
np-mswmp.dll
npicaN.dll
npnul32.dll
nppdf32.dll
sslsdk_b.dll
TcpPServ.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

C:\Documents and Settings\havel\Data aplikací\Mozilla\Firefox\Profiles\0r1u11o6.default\extensions\
vshare@toolbar
{20a82645-c095-46ed-80e3-08825760534b}
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

C:\Documents and Settings\havel\Data aplikací\Mozilla\Firefox\Profiles\0r1u11o6.default\searchplugins\
web-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"=C:\Program Files\F-Secure\Common\FSM32.EXE [2008-02-15 182936]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"wxpdrv"=C:\WINDOWS\services32.exe [2011-11-01 1200640]
"1832359.exe"=C:\DOCUME~1\havel\LOCALS~1\Temp\1832359.exe []
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe rezerv []
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe rezerv []
"tray_ico"= []
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2011-05-18 1233856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe [2010-12-24 233936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2008-02-21 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\DellTPad\Apoint.exe [2008-02-21 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe [2008-06-30 2220032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe [2008-02-22 1245184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
C:\Program Files\F-Secure\FSGUI\TNBUtil.exe [2008-02-15 895584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2008-02-22 166424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2008-02-22 141848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2010-02-05 385856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2008-02-22 137752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2008-02-21 16855552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\pdfforge Toolbar\SearchSettings.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-12-03 14944136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe [2007-01-11 2150400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-22 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"="C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Disabled:Sentinel Protection Server"
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe"="C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\havel\Dokumenty\Downloads\Flash-Player.exe"="C:\Documents and Settings\havel\Dokumenty\Downloads\Flash-Player.exe:*:Enabled:C:\Documents and Settings\havel\Dokumenty\Downloads\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\update.tray-2-0\svchost.exe"="C:\WINDOWS\update.tray-2-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-2-0\svchost.exe"
"C:\WINDOWS\update.tray-2-0-lnk\svchost.exe"="C:\WINDOWS\update.tray-2-0-lnk\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-2-0-lnk\svchost.exe"
"C:\WINDOWS\services32.exe"="C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-11-02 16:09:44 ----D---- C:\Documents and Settings\havel\Data aplikací\QuickScan
2011-11-01 14:49:27 ----D---- C:\Program Files\rajce
2011-11-01 10:00:20 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-11-01 09:59:49 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2011-11-01 09:59:49 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2011-11-01 09:59:49 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2011-11-01 09:59:49 ----A---- C:\WINDOWS\system32\unacev2.dll
2011-11-01 09:59:48 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2011-11-01 09:59:45 ----D---- C:\Program Files\Trojan Remover
2011-11-01 09:59:45 ----D---- C:\Documents and Settings\havel\Data aplikací\Simply Super Software
2011-11-01 09:59:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Simply Super Software
2011-11-01 09:22:48 ----ASH---- C:\hiberfil.sys
2011-11-01 09:19:35 ----SHD---- C:\Config.Msi
2011-11-01 08:54:22 ----D---- C:\WINDOWS\av_ico
2011-11-01 08:53:04 ----HD---- C:\WINDOWS\update.tray-2-0-lnk
2011-11-01 08:53:04 ----HD---- C:\WINDOWS\update.tray-2-0
2011-11-01 08:51:14 ----A---- C:\WINDOWS\winlog-ids.txt
2011-11-01 08:51:14 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-11-01 08:15:29 ----A---- C:\WINDOWS\front_ip_list.txt
2011-11-01 08:15:15 ----A---- C:\WINDOWS\services32.exe
2011-11-01 08:15:09 ----HD---- C:\WINDOWS\update.1
2011-10-05 21:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2616676-v2$
2011-10-05 21:17:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$

======List of files/folders modified in the last 1 month======

2011-11-02 16:26:16 ----D---- C:\WINDOWS\Temp
2011-11-02 16:25:58 ----D---- C:\Program Files\trend micro
2011-11-02 16:25:43 ----D---- C:\WINDOWS\Prefetch
2011-11-01 16:04:50 ----D---- C:\Program Files\Mozilla Firefox
2011-11-01 15:44:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-11-01 14:49:27 ----D---- C:\Program Files
2011-11-01 10:50:10 ----AD---- C:\WINDOWS\system32
2011-11-01 10:50:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-11-01 10:46:05 ----AD---- C:\WINDOWS
2011-11-01 10:46:05 ----A---- C:\WINDOWS\ModemLog_Standardní modem.txt
2011-11-01 10:45:56 ----SHD---- C:\WINDOWS\CSC
2011-11-01 10:01:00 ----D---- C:\WINDOWS\system32\drivers
2011-11-01 09:21:57 ----A---- C:\boot.ini
2011-11-01 09:20:34 ----SHD---- C:\WINDOWS\Installer
2011-11-01 09:20:15 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-01 08:51:23 ----D---- C:\Documents and Settings\havel\Data aplikací\Skype
2011-11-01 08:51:13 ----HD---- C:\WINDOWS\inf
2011-10-31 10:09:30 ----D---- C:\Documents and Settings\havel\Data aplikací\skypePM
2011-10-11 22:26:26 ----HD---- C:\WINDOWS\$hf_mig$
2011-10-05 21:18:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-10-05 21:17:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-10-05 21:17:39 ----A---- C:\WINDOWS\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2007-07-23 99808]
R0 FSFW;F-Secure Firewall Driver; C:\WINDOWS\System32\drivers\fsdfw.sys [2008-02-15 60256]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2008-03-17 305176]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-07-26 43872]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-07-23 30064]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2011-08-04 103112]
R1 F-Secure HIPS;F-Secure HIPS; \??\C:\Program Files\F-Secure\HIPS\fshs.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-04-26 64896]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [2007-07-23 37360]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [2007-07-23 32848]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [2007-07-23 9104]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [2007-07-23 108752]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [2007-07-23 27216]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [2007-07-23 16304]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [2007-07-23 98448]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [2007-07-23 93552]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-07-23 52000]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2006-03-14 90176]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2008-02-21 155136]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 BCM43XX;Ovladač bezdrátové karty Dell WLAN; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-06-30 1287552]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-22 5776928]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-21 4625408]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 O2MDRDR;O2MDRDR; C:\WINDOWS\system32\DRIVERS\o2media.sys [2008-08-27 51288]
R3 O2SDRDR;O2SDRDR; C:\WINDOWS\system32\DRIVERS\o2sd.sys [2008-08-27 43608]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-02-22 105856]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2007-04-26 41600]
R3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-26 113920]
R3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2007-04-26 36480]
R3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-04-26 73600]
R3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2007-04-26 18612]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-04-26 41856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S0 DLACDBHM;DLACDBHM; C:\WINDOWS\system32\drivers\DLACDBHM.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-01-21 18048]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-12-30 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RimUsb;zařízení BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 Ser2pl;MAT Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys []
S4 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ArcGIS License Manager;ArcGIS License Manager; C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe [2008-08-02 1431440]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe [2008-02-15 47800]
R2 FSMA;F-Secure Management Agent; C:\Program Files\F-Secure\Common\FSMA32.EXE [2008-02-15 113304]
R2 O2FLASH;O2FLASH; C:\WINDOWS\system32\DRIVERS\o2flash.exe [2008-08-27 71512]
R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2006-03-14 206400]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2008-06-30 24064]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\F-Secure\FSAUA\program\fsaua.exe [2008-02-15 461408]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe [2008-02-15 465504]
R3 F-Secure Network Request Broker;Služba F-Secure Network Request Broker; C:\Program Files\F-Secure\Common\FNRB32.EXE [2008-02-15 162456]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
S2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe srv []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-07-11 69632]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

1danab · #2 Příspěvek od **1danab** » 02 lis 2011 18:01

Zdravím

dle tohoto návodu http://www.viry.cz/forum/viewtopic.php?f=29&t=67229 proveďte sken, prozatím
nic nemažte a po skončení skenování mi sem vložte výsledný log

dmntfrost · #3 Příspěvek od **dmntfrost** » 02 lis 2011 21:43

děkuji moc,

Malwarebytes' Anti-Malware 1.50
http://www.malwarebytes.org

Verze databáze: 8071

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2.11.2011 21:41:54
mbam-log-2011-11-02 (21-41-46).txt

Typ kontroly: Rychlý test
Testované objekty: 203515
Uplynulý čas: 18 minut, 8 sekund

Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče v registru: 6
Infikované hodnoty v registru: 5
Infikované datové položky v registru: 4
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
c:\WINDOWS\services32.exe (Backdoor.Agent) -> 4092 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Backdoor.Agent) -> Value: wxpdrv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1832359.exe (Trojan.Downloader.Gen) -> Value: 1832359.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SAFEBOOT\AlternateShell (Hijack.Altshell) -> Bad: (services32.exe) Good: (cmd.exe) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\documents and settings\havel\data aplikací\qmkin.0xe (Trojan.Agent.Gen) -> No action taken.
c:\WINDOWS\services32.exe (Backdoor.Agent) -> No action taken.

1danab · #4 Příspěvek od **1danab** » 03 lis 2011 06:51

Co našel MBAM smažte

Budeme pokračovat dále:

vyosek píše:Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.

Pokud mate Win XP spustte pod uctem Spravce\Administratora

Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce

Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano

Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste

Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna

Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit

Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte

Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

dmntfrost · #5 Příspěvek od **dmntfrost** » 03 lis 2011 11:10

ComboFix 11-11-03.01 - havel 03.11.2011 10:55:10.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1608 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\havel\Dokumenty\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: F-Secure Client Security 7.11 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Client Security 7.11 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\havel\LOCALS~1\Temp\7577913.exe
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\39397424\X
C:\Install.exe
C:\WINDOWS\
C:\WINDOWS\$NtUninstallKB45794$
C:\WINDOWS\$NtUninstallKB45794$\787869932
C:\WINDOWS\$NtUninstallKB45794$\960066596\@
C:\WINDOWS\$NtUninstallKB45794$\960066596\L\nhuhiaip
C:\WINDOWS\$NtUninstallKB45794$\960066596\loader.tlb
C:\WINDOWS\$NtUninstallKB45794$\960066596\U\@00000001
C:\WINDOWS\$NtUninstallKB45794$\960066596\U\@000000c0
C:\WINDOWS\$NtUninstallKB45794$\960066596\U\@000000cb
C:\WINDOWS\$NtUninstallKB45794$\960066596\U\@000000cf
C:\WINDOWS\$NtUninstallKB45794$\960066596\U\@80000000
C:\WINDOWS\$NtUninstallKB45794$\960066596\U\@800000c0
C:\WINDOWS\$NtUninstallKB45794$\960066596\U\@800000cb
C:\WINDOWS\$NtUninstallKB45794$\960066596\U\@800000cf
C:\WINDOWS\av_ico
C:\WINDOWS\av_ico\ico_NOD_AV_START.ico
C:\WINDOWS\av_ico\ico_NOD_SYSINSP.ico
C:\WINDOWS\av_ico\ico_NOD_SYSRESC.ico
C:\WINDOWS\av_ico\ico_NOD_TXT.ico
C:\WINDOWS\av_ico\ico_NOD_UNINSTALL.ico
C:\WINDOWS\front_ip_list.txt
C:\WINDOWS\geoiplist
C:\WINDOWS\geoiplist.rar
C:\WINDOWS\iecheck_iplist.txt
C:\WINDOWS\info1
C:\WINDOWS\iplist.txt
C:\WINDOWS\iun6002.exe
C:\WINDOWS\loader2.exe_ok
C:\WINDOWS\msmqinst.log
C:\WINDOWS\proc_list1.log
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\sysdriver32_.exe
C:\WINDOWS\system32\c_33050.nls
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\drivers\etc\HSTS~1
C:\WINDOWS\system32\regobj.dll
C:\WINDOWS\TEMP\1580826.exe
C:\WINDOWS\update.1
C:\WINDOWS\update.1\svchost.exe.vir
C:\WINDOWS\update.2
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.5.0
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\winlog-dirs.txt
C:\WINDOWS\winlog-ids.txt
C:\WINDOWS\winsetupapi.log

Nakažená kopie C:\WINDOWS\system32\drivers\netbt.sys byla nalezena a vyléčena.
Obnovena kopie z - The cat found it

Nakažená kopie C:\Program Files\F-Secure\FSAUA\program\fsaua.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{E3A0F64B-C3B6-4905-9238-925FACB1ABCA}\RP1\A0000020.exe

Nakažená kopie C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{E3A0F64B-C3B6-4905-9238-925FACB1ABCA}\RP1\A0000021.exe

Nakažená kopie C:\Program Files\F-Secure\Common\FSMA32.EXE byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{E3A0F64B-C3B6-4905-9238-925FACB1ABCA}\RP1\A0000015.EXE

((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_39397424
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers

((((((((((((((((((((((((( Soubory vytvořené od 2011-10-03 do 2011-11-03 )))))))))))))))))))))))))))))))

2011-11-03 09:45:30 . 2008-04-14 12:00:00 162816 -c--a-w- C:\WINDOWS\system32\dllcache\netbt.sys
2011-11-03 09:45:30 . 2008-04-14 12:00:00 162816 ----a-w- C:\WINDOWS\system32\drivers\netbt.sys
2011-11-03 09:17:54 . 2011-11-03 10:01:42 -------- d-sh--w- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\39397424
2011-11-03 09:17:16 . 2011-11-03 09:17:16 246272 ----a-w- C:\WINDOWS\unrar.exe
2011-11-02 19:00:21 . 2011-11-02 19:00:21 -------- d-----w- C:\Documents and Settings\havel\Data aplikací\Malwarebytes
2011-11-02 19:00:08 . 2010-11-29 16:42:18 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-11-02 19:00:04 . 2011-11-02 19:00:04 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-11-02 18:59:50 . 2010-11-29 16:42:06 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-11-02 18:59:43 . 2011-11-02 19:00:15 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-11-02 15:09:44 . 2011-11-02 15:09:44 -------- d-----w- C:\Documents and Settings\havel\Data aplikací\QuickScan
2011-11-01 13:49:27 . 2011-11-01 13:49:37 -------- d-----w- C:\Program Files\rajce
2011-11-01 09:00:20 . 2011-11-01 10:35:52 -------- d---a-w- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-11-01 08:59:49 . 2006-06-19 12:01:38 69632 ----a-w- C:\WINDOWS\system32\ztvcabinet.dll
2011-11-01 08:59:49 . 2006-05-25 14:52:46 162304 ----a-w- C:\WINDOWS\system32\ztvunrar36.dll
2011-11-01 08:59:49 . 2005-08-26 00:50:00 77312 ----a-w- C:\WINDOWS\system32\ztvunace26.dll
2011-11-01 08:59:49 . 2002-03-06 00:00:00 75264 ----a-w- C:\WINDOWS\system32\unacev2.dll
2011-11-01 08:59:48 . 2003-02-02 19:06:02 153088 ----a-w- C:\WINDOWS\system32\UNRAR3.dll
2011-11-01 08:59:45 . 2011-11-01 08:59:53 -------- d-----w- C:\Program Files\Trojan Remover
2011-11-01 08:59:45 . 2011-11-01 08:59:45 -------- d-----w- C:\Documents and Settings\havel\Data aplikací\Simply Super Software
2011-11-01 08:59:45 . 2011-11-01 08:59:45 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Simply Super Software
2011-11-01 07:53:04 . 2011-11-01 09:00:40 -------- d--h--w- C:\WINDOWS\update.tray-2-0
2011-11-01 07:53:04 . 2011-11-01 07:53:04 -------- d--h--w- C:\WINDOWS\update.tray-2-0-lnk
2011-11-01 07:15:26 . 2011-11-01 07:15:26 -------- d-----w- C:\Documents and Settings\LocalService\Nabídka Start
.

(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-09-09 09:12:04 . 2008-05-07 23:42:02 602112 ----a-w- C:\WINDOWS\system32\crypt32.dll
2011-08-09 13:24:52 . 2011-08-09 13:24:52 154136 ----a-w- C:\WINDOWS\system32\drivers\eamon.sys
2008-08-16 15:42:36 . 2008-08-16 15:42:36 13112 ----a-w- C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 15:42:02 . 2008-08-16 15:42:02 70456 ----a-w- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 15:42:12 . 2008-08-16 15:42:12 91448 ----a-w- C:\Program Files\mozilla firefox\plugins\confmgr.dll
2008-08-16 15:42:08 . 2008-08-16 15:42:08 20800 ----a-w- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 15:43:00 . 2008-08-16 15:43:00 206136 ----a-w- C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 15:42:10 . 2008-08-16 15:42:10 31032 ----a-w- C:\Program Files\mozilla firefox\plugins\icafile.dll
2008-08-16 15:42:32 . 2008-08-16 15:42:32 40248 ----a-w- C:\Program Files\mozilla firefox\plugins\icalogon.dll
2008-05-21 06:41:08 . 2008-05-21 06:41:08 479232 ----a-w- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 06:41:08 . 2008-05-21 06:41:08 548864 ----a-w- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 06:41:08 . 2008-05-21 06:41:08 626688 ----a-w- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 11:58:54 . 2008-06-05 11:58:54 648504 ----a-w- C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 15:42:04 . 2008-08-16 15:42:04 23864 ----a-w- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))

*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 17:03:40 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.EXE" [2008-02-15 15:46:40 182936]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 13:57:24 153136]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2011-05-18 17:32:40 1233856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 12:00:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 03:12:12 257440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16:00 39792 ----a-w- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-02-21 21:21:46 69632 ----a-w- C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-02-21 21:24:56 159744 ----a-w- C:\Program Files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-06-30 02:42:40 2220032 ----a-w- C:\WINDOWS\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00:00 15360 ----a-w- C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2008-02-22 12:43:38 1245184 ----a-w- C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
2008-02-15 15:46:30 895584 ----a-w- C:\Program Files\F-Secure\FSGUI\tnbutil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-22 00:06:20 166424 ----a-w- C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-22 00:06:34 141848 ----a-w- C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 04:40:32 218032 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 20:52:38 1695232 ----a-w- C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 16:53:54 3885408 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-02-05 12:45:16 385856 ----a-w- C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-05-23 14:06:08 128296 ------w- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-22 00:06:24 137752 ----a-w- C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-02-21 21:21:56 16855552 ----a-w- C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-12-03 15:46:34 14944136 ----a-r- C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 04:27:04 144784 ----a-w- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"C:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Documents and Settings\\havel\\Dokumenty\\Downloads\\Flash-Player.exe"=
"C:\\WINDOWS\\update.tray-2-0-lnk\\svchost.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [10.12.2008 12:21:07 60256]
R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [4.8.2011 9:20:36 118104]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [4.8.2011 9:20:38 103112]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure\HIPS\fshs.sys [10.12.2008 12:21:01 70752]
R2 ArcGIS License Manager;ArcGIS License Manager;C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe [29.3.2010 11:31:01 1431440]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [10.12.2008 12:20:51 62048]
R3 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\drivers\o2media.sys [29.11.2008 8:00:50 51288]
R3 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\drivers\o2sd.sys [29.11.2008 8:00:50 43608]
S2 ekrn;ESET Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 gupdate;Služba Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [14.2.2010 20:47:56 135664]
S3 gupdatem;Služba Google Update (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [14.2.2010 20:47:56 135664]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\win2k\fsfilter.sys [10.12.2008 12:20:51 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\win2k\fsrec.sys [10.12.2008 12:20:51 25184]

Obsah adresáře 'Naplánované úlohy'

2011-11-03 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-14 19:47:56 . 2010-02-14 19:47:44]

2011-11-02 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-14 19:47:56 . 2010-02-14 19:47:44]

------- Doplňkový sken -------

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
LSP: C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - C:\Documents and Settings\havel\Data aplikací\Mozilla\Firefox\Profiles\0r1u11o6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-egui - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
MSConfigStartUp-SearchSettings - C:\Program Files\pdfforge Toolbar\SearchSettings.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-Cool's_Codec_pack_4.12 - C:\WINDOWS\iun6002.exe

1danab · #6 Příspěvek od **1danab** » 03 lis 2011 15:38

Log není celý, chybí kousek konce, tak mi ho sem prosím ještě zkopírujte

dmntfrost · #7 Příspěvek od **dmntfrost** » 03 lis 2011 15:45

opravdu se zda ze je to cele

ComboFix 11-11-03.01 - havel 03.11.2011 10:55:10.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1608 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\havel\Dokumenty\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: F-Secure Client Security 7.11 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Client Security 7.11 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\havel\LOCALS~1\Temp\7577913.exe
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\39397424\X
C:\Install.exe
C:\WINDOWS\
C:\WINDOWS\$NtUninstallKB45794$
C:\WINDOWS\$NtUninstallKB45794$\787869932
C:\WINDOWS\$NtUninstallKB45794$\960066596\@
C:\WINDOWS\$NtUninstallKB45794$\960066596\L\nhuhiaip
C:\WINDOWS\$NtUninstallKB45794$\960066596\loader.tlb
C:\WINDOWS\$NtUninstallKB45794$\960066596\U\@00000001
C:\WINDOWS\$NtUninstallKB45794$\960066596\U\@000000c0
C:\WINDOWS\$NtUninstallKB45794$\960066596\U\@000000cb
C:\WINDOWS\$NtUninstallKB45794$\960066596\U\@000000cf
C:\WINDOWS\$NtUninstallKB45794$\960066596\U\@80000000
C:\WINDOWS\$NtUninstallKB45794$\960066596\U\@800000c0
C:\WINDOWS\$NtUninstallKB45794$\960066596\U\@800000cb
C:\WINDOWS\$NtUninstallKB45794$\960066596\U\@800000cf
C:\WINDOWS\av_ico
C:\WINDOWS\av_ico\ico_NOD_AV_START.ico
C:\WINDOWS\av_ico\ico_NOD_SYSINSP.ico
C:\WINDOWS\av_ico\ico_NOD_SYSRESC.ico
C:\WINDOWS\av_ico\ico_NOD_TXT.ico
C:\WINDOWS\av_ico\ico_NOD_UNINSTALL.ico
C:\WINDOWS\front_ip_list.txt
C:\WINDOWS\geoiplist
C:\WINDOWS\geoiplist.rar
C:\WINDOWS\iecheck_iplist.txt
C:\WINDOWS\info1
C:\WINDOWS\iplist.txt
C:\WINDOWS\iun6002.exe
C:\WINDOWS\loader2.exe_ok
C:\WINDOWS\msmqinst.log
C:\WINDOWS\proc_list1.log
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\sysdriver32_.exe
C:\WINDOWS\system32\c_33050.nls
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\drivers\etc\HSTS~1
C:\WINDOWS\system32\regobj.dll
C:\WINDOWS\TEMP\1580826.exe
C:\WINDOWS\update.1
C:\WINDOWS\update.1\svchost.exe.vir
C:\WINDOWS\update.2
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.5.0
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\winlog-dirs.txt
C:\WINDOWS\winlog-ids.txt
C:\WINDOWS\winsetupapi.log

Nakažená kopie C:\WINDOWS\system32\drivers\netbt.sys byla nalezena a vyléčena.
Obnovena kopie z - The cat found it

Nakažená kopie C:\Program Files\F-Secure\FSAUA\program\fsaua.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{E3A0F64B-C3B6-4905-9238-925FACB1ABCA}\RP1\A0000020.exe

Nakažená kopie C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{E3A0F64B-C3B6-4905-9238-925FACB1ABCA}\RP1\A0000021.exe

Nakažená kopie C:\Program Files\F-Secure\Common\FSMA32.EXE byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{E3A0F64B-C3B6-4905-9238-925FACB1ABCA}\RP1\A0000015.EXE

((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_39397424
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers

((((((((((((((((((((((((( Soubory vytvořené od 2011-10-03 do 2011-11-03 )))))))))))))))))))))))))))))))

2011-11-03 09:45:30 . 2008-04-14 12:00:00 162816 -c--a-w- C:\WINDOWS\system32\dllcache\netbt.sys
2011-11-03 09:45:30 . 2008-04-14 12:00:00 162816 ----a-w- C:\WINDOWS\system32\drivers\netbt.sys
2011-11-03 09:17:54 . 2011-11-03 10:01:42 -------- d-sh--w- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\39397424
2011-11-03 09:17:16 . 2011-11-03 09:17:16 246272 ----a-w- C:\WINDOWS\unrar.exe
2011-11-02 19:00:21 . 2011-11-02 19:00:21 -------- d-----w- C:\Documents and Settings\havel\Data aplikací\Malwarebytes
2011-11-02 19:00:08 . 2010-11-29 16:42:18 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-11-02 19:00:04 . 2011-11-02 19:00:04 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-11-02 18:59:50 . 2010-11-29 16:42:06 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-11-02 18:59:43 . 2011-11-02 19:00:15 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-11-02 15:09:44 . 2011-11-02 15:09:44 -------- d-----w- C:\Documents and Settings\havel\Data aplikací\QuickScan
2011-11-01 13:49:27 . 2011-11-01 13:49:37 -------- d-----w- C:\Program Files\rajce
2011-11-01 09:00:20 . 2011-11-01 10:35:52 -------- d---a-w- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-11-01 08:59:49 . 2006-06-19 12:01:38 69632 ----a-w- C:\WINDOWS\system32\ztvcabinet.dll
2011-11-01 08:59:49 . 2006-05-25 14:52:46 162304 ----a-w- C:\WINDOWS\system32\ztvunrar36.dll
2011-11-01 08:59:49 . 2005-08-26 00:50:00 77312 ----a-w- C:\WINDOWS\system32\ztvunace26.dll
2011-11-01 08:59:49 . 2002-03-06 00:00:00 75264 ----a-w- C:\WINDOWS\system32\unacev2.dll
2011-11-01 08:59:48 . 2003-02-02 19:06:02 153088 ----a-w- C:\WINDOWS\system32\UNRAR3.dll
2011-11-01 08:59:45 . 2011-11-01 08:59:53 -------- d-----w- C:\Program Files\Trojan Remover
2011-11-01 08:59:45 . 2011-11-01 08:59:45 -------- d-----w- C:\Documents and Settings\havel\Data aplikací\Simply Super Software
2011-11-01 08:59:45 . 2011-11-01 08:59:45 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Simply Super Software
2011-11-01 07:53:04 . 2011-11-01 09:00:40 -------- d--h--w- C:\WINDOWS\update.tray-2-0
2011-11-01 07:53:04 . 2011-11-01 07:53:04 -------- d--h--w- C:\WINDOWS\update.tray-2-0-lnk
2011-11-01 07:15:26 . 2011-11-01 07:15:26 -------- d-----w- C:\Documents and Settings\LocalService\Nabídka Start
.

(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-09-09 09:12:04 . 2008-05-07 23:42:02 602112 ----a-w- C:\WINDOWS\system32\crypt32.dll
2011-08-09 13:24:52 . 2011-08-09 13:24:52 154136 ----a-w- C:\WINDOWS\system32\drivers\eamon.sys
2008-08-16 15:42:36 . 2008-08-16 15:42:36 13112 ----a-w- C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 15:42:02 . 2008-08-16 15:42:02 70456 ----a-w- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 15:42:12 . 2008-08-16 15:42:12 91448 ----a-w- C:\Program Files\mozilla firefox\plugins\confmgr.dll
2008-08-16 15:42:08 . 2008-08-16 15:42:08 20800 ----a-w- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 15:43:00 . 2008-08-16 15:43:00 206136 ----a-w- C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 15:42:10 . 2008-08-16 15:42:10 31032 ----a-w- C:\Program Files\mozilla firefox\plugins\icafile.dll
2008-08-16 15:42:32 . 2008-08-16 15:42:32 40248 ----a-w- C:\Program Files\mozilla firefox\plugins\icalogon.dll
2008-05-21 06:41:08 . 2008-05-21 06:41:08 479232 ----a-w- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 06:41:08 . 2008-05-21 06:41:08 548864 ----a-w- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 06:41:08 . 2008-05-21 06:41:08 626688 ----a-w- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 11:58:54 . 2008-06-05 11:58:54 648504 ----a-w- C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 15:42:04 . 2008-08-16 15:42:04 23864 ----a-w- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))

*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 17:03:40 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.EXE" [2008-02-15 15:46:40 182936]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 13:57:24 153136]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2011-05-18 17:32:40 1233856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 12:00:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 03:12:12 257440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16:00 39792 ----a-w- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-02-21 21:21:46 69632 ----a-w- C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-02-21 21:24:56 159744 ----a-w- C:\Program Files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-06-30 02:42:40 2220032 ----a-w- C:\WINDOWS\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00:00 15360 ----a-w- C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2008-02-22 12:43:38 1245184 ----a-w- C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
2008-02-15 15:46:30 895584 ----a-w- C:\Program Files\F-Secure\FSGUI\tnbutil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-22 00:06:20 166424 ----a-w- C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-22 00:06:34 141848 ----a-w- C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 04:40:32 218032 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 20:52:38 1695232 ----a-w- C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 16:53:54 3885408 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-02-05 12:45:16 385856 ----a-w- C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-05-23 14:06:08 128296 ------w- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-22 00:06:24 137752 ----a-w- C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-02-21 21:21:56 16855552 ----a-w- C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-12-03 15:46:34 14944136 ----a-r- C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 04:27:04 144784 ----a-w- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"C:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Documents and Settings\\havel\\Dokumenty\\Downloads\\Flash-Player.exe"=
"C:\\WINDOWS\\update.tray-2-0-lnk\\svchost.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [10.12.2008 12:21:07 60256]
R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [4.8.2011 9:20:36 118104]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [4.8.2011 9:20:38 103112]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure\HIPS\fshs.sys [10.12.2008 12:21:01 70752]
R2 ArcGIS License Manager;ArcGIS License Manager;C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe [29.3.2010 11:31:01 1431440]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [10.12.2008 12:20:51 62048]
R3 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\drivers\o2media.sys [29.11.2008 8:00:50 51288]
R3 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\drivers\o2sd.sys [29.11.2008 8:00:50 43608]
S2 ekrn;ESET Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 gupdate;Služba Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [14.2.2010 20:47:56 135664]
S3 gupdatem;Služba Google Update (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [14.2.2010 20:47:56 135664]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\win2k\fsfilter.sys [10.12.2008 12:20:51 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\win2k\fsrec.sys [10.12.2008 12:20:51 25184]

Obsah adresáře 'Naplánované úlohy'

2011-11-03 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-14 19:47:56 . 2010-02-14 19:47:44]

2011-11-02 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-14 19:47:56 . 2010-02-14 19:47:44]

------- Doplňkový sken -------

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
LSP: C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - C:\Documents and Settings\havel\Data aplikací\Mozilla\Firefox\Profiles\0r1u11o6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-egui - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
MSConfigStartUp-SearchSettings - C:\Program Files\pdfforge Toolbar\SearchSettings.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-Cool's_Codec_pack_4.12 - C:\WINDOWS\iun6002.exe

1danab · #8 Příspěvek od **1danab** » 03 lis 2011 15:55

Nu, spokojím se s tím

pokud jste tak ještě neučinil, přesuňte Combofix na plochu

otevřete si Poznámkový blok

do něj zkopírujte skript z následujícího okna:

Kód: Vybrat vše

KillAll::

File::
C:\WINDOWS\unrar.exe

Folder::
C:\WINDOWS\update.tray-2-0
C:\WINDOWS\update.tray-2-0-lnk

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\WINDOWS\update.tray-2-0-lnk\svchost.exe"=-

Reboot::

uložte vámi vytvořený textový soubor jako CFScript.txt na plochu

po uložení uchopte vámi vytvořený skript levým tlačítkem myši a přesuňte jej nad ikonu Combofixu, nad níž skript upusťte:

Obrázek

po aplikaci by se měl zobrazit další log, vložte jej sem

Upozornění: je možné, že po aplikaci skriptu a restartu nenaběhnou Windows, v takovém případě znovu restartujte, po restartu mačkejte F8 a zvolte Poslední známou funkční konfiguraci

dmntfrost · #9 Příspěvek od **dmntfrost** » 04 lis 2011 08:08

ComboFix 11-11-03.01 - havel 04.11.2011 7:55:48.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2038.1423 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\havel\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\havel\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: F-Secure Client Security 7.11 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Client Security 7.11 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}

FILE ::
"C:\WINDOWS\unrar.exe"

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\unrar.exe
C:\WINDOWS\update.tray-2-0-lnk
C:\WINDOWS\update.tray-2-0-lnk\svchost.exe
C:\WINDOWS\update.tray-2-0
C:\WINDOWS\update.tray-2-0\svchost.exe.vir

---- Předchozí spuštění -------

C:\DOCUME~1\havel\LOCALS~1\Temp\7577913.exe
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\39397424\X
C:\Install.exe
C:\WINDOWS\
C:\WINDOWS\$NtUninstallKB45794$\787869932
C:\WINDOWS\$NtUninstallKB45794$\960066596\@
C:\WINDOWS\$NtUninstallKB45794$\960066596\L\nhuhiaip
C:\WINDOWS\$NtUninstallKB45794$\960066596\loader.tlb
C:\WINDOWS\$NtUninstallKB45794$\960066596\U\@00000001
C:\WINDOWS\$NtUninstallKB45794$\960066596\U\@000000c0
C:\WINDOWS\$NtUninstallKB45794$\960066596\U\@000000cb
C:\WINDOWS\$NtUninstallKB45794$\960066596\U\@000000cf
C:\WINDOWS\$NtUninstallKB45794$\960066596\U\@80000000
C:\WINDOWS\$NtUninstallKB45794$\960066596\U\@800000c0
C:\WINDOWS\$NtUninstallKB45794$\960066596\U\@800000cb
C:\WINDOWS\$NtUninstallKB45794$\960066596\U\@800000cf
C:\WINDOWS\av_ico\ico_NOD_AV_START.ico
C:\WINDOWS\av_ico\ico_NOD_SYSINSP.ico
C:\WINDOWS\av_ico\ico_NOD_SYSRESC.ico
C:\WINDOWS\av_ico\ico_NOD_TXT.ico
C:\WINDOWS\av_ico\ico_NOD_UNINSTALL.ico
C:\WINDOWS\front_ip_list.txt
C:\WINDOWS\geoiplist
C:\WINDOWS\geoiplist.rar
C:\WINDOWS\iecheck_iplist.txt
C:\WINDOWS\info1
C:\WINDOWS\iplist.txt
C:\WINDOWS\iun6002.exe
C:\WINDOWS\loader2.exe_ok
C:\WINDOWS\msmqinst.log
C:\WINDOWS\proc_list1.log
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\sysdriver32_.exe
C:\WINDOWS\system32\c_33050.nls
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\drivers\etc\HSTS~1
C:\WINDOWS\system32\regobj.dll
C:\WINDOWS\TEMP\1580826.exe
C:\WINDOWS\update.1\svchost.exe.vir
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\winlog-dirs.txt
C:\WINDOWS\winlog-ids.txt
C:\WINDOWS\winsetupapi.log

-- Předchozí spuštění --

Nakažená kopie C:\WINDOWS\system32\drivers\netbt.sys byla nalezena a vyléčena.
Obnovena kopie z - The cat found it

Nakažená kopie C:\Program Files\F-Secure\FSAUA\program\fsaua.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{E3A0F64B-C3B6-4905-9238-925FACB1ABCA}\RP1\A0000020.exe

Nakažená kopie C:\WINDOWS\system32\drivers\netbt.sys byla nalezena a vyléčena.
Obnovena kopie z - The cat found it

Nakažená kopie C:\Program Files\F-Secure\FSAUA\program\fsaua.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{E3A0F64B-C3B6-4905-9238-925FACB1ABCA}\RP1\A0000020.exe

Nakažená kopie C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{E3A0F64B-C3B6-4905-9238-925FACB1ABCA}\RP1\A0000021.exe

Nakažená kopie C:\WINDOWS\system32\drivers\netbt.sys byla nalezena a vyléčena.
Obnovena kopie z - The cat found it

Nakažená kopie C:\Program Files\F-Secure\FSAUA\program\fsaua.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{E3A0F64B-C3B6-4905-9238-925FACB1ABCA}\RP1\A0000020.exe

Nakažená kopie C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{E3A0F64B-C3B6-4905-9238-925FACB1ABCA}\RP1\A0000021.exe

Nakažená kopie C:\Program Files\F-Secure\Common\FSMA32.EXE byla nalezena a vyléčena.
Obnovena kopie z - C:\System Volume Information\_restore{E3A0F64B-C3B6-4905-9238-925FACB1ABCA}\RP1\A0000015.EXE

--------

((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_39397424
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers

((((((((((((((((((((((((( Soubory vytvořené od 2011-10-04 do 2011-11-04 )))))))))))))))))))))))))))))))

2011-11-03 09:45:30 . 2008-04-14 12:00:00 162816 -c--a-w- C:\WINDOWS\system32\dllcache\netbt.sys
2011-11-03 09:45:30 . 2008-04-14 12:00:00 162816 ----a-w- C:\WINDOWS\system32\drivers\netbt.sys
2011-11-03 09:17:54 . 2011-11-03 10:01:42 -------- d-sh--w- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\39397424
2011-11-02 19:00:21 . 2011-11-02 19:00:21 -------- d-----w- C:\Documents and Settings\havel\Data aplikací\Malwarebytes
2011-11-02 19:00:08 . 2010-11-29 16:42:18 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-11-02 19:00:04 . 2011-11-02 19:00:04 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-11-02 18:59:50 . 2010-11-29 16:42:06 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-11-02 18:59:43 . 2011-11-02 19:00:15 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-11-02 15:09:44 . 2011-11-02 15:09:44 -------- d-----w- C:\Documents and Settings\havel\Data aplikací\QuickScan
2011-11-01 13:49:27 . 2011-11-01 13:49:37 -------- d-----w- C:\Program Files\rajce
2011-11-01 09:00:20 . 2011-11-01 10:35:52 -------- d---a-w- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-11-01 08:59:49 . 2006-06-19 12:01:38 69632 ----a-w- C:\WINDOWS\system32\ztvcabinet.dll
2011-11-01 08:59:49 . 2006-05-25 14:52:46 162304 ----a-w- C:\WINDOWS\system32\ztvunrar36.dll
2011-11-01 08:59:49 . 2005-08-26 00:50:00 77312 ----a-w- C:\WINDOWS\system32\ztvunace26.dll
2011-11-01 08:59:49 . 2002-03-06 00:00:00 75264 ----a-w- C:\WINDOWS\system32\unacev2.dll
2011-11-01 08:59:48 . 2003-02-02 19:06:02 153088 ----a-w- C:\WINDOWS\system32\UNRAR3.dll
2011-11-01 08:59:45 . 2011-11-01 08:59:53 -------- d-----w- C:\Program Files\Trojan Remover
2011-11-01 08:59:45 . 2011-11-01 08:59:45 -------- d-----w- C:\Documents and Settings\havel\Data aplikací\Simply Super Software
2011-11-01 08:59:45 . 2011-11-01 08:59:45 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Simply Super Software
2011-11-01 07:15:26 . 2011-11-01 07:15:26 -------- d-----w- C:\Documents and Settings\LocalService\Nabídka Start
.

(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-09-09 09:12:04 . 2008-05-07 23:42:02 602112 ----a-w- C:\WINDOWS\system32\crypt32.dll
2011-08-09 13:24:52 . 2011-08-09 13:24:52 154136 ----a-w- C:\WINDOWS\system32\drivers\eamon.sys
2008-08-16 15:42:36 . 2008-08-16 15:42:36 13112 ----a-w- C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 15:42:02 . 2008-08-16 15:42:02 70456 ----a-w- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 15:42:12 . 2008-08-16 15:42:12 91448 ----a-w- C:\Program Files\mozilla firefox\plugins\confmgr.dll
2008-08-16 15:42:08 . 2008-08-16 15:42:08 20800 ----a-w- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 15:43:00 . 2008-08-16 15:43:00 206136 ----a-w- C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 15:42:10 . 2008-08-16 15:42:10 31032 ----a-w- C:\Program Files\mozilla firefox\plugins\icafile.dll
2008-08-16 15:42:32 . 2008-08-16 15:42:32 40248 ----a-w- C:\Program Files\mozilla firefox\plugins\icalogon.dll
2008-05-21 06:41:08 . 2008-05-21 06:41:08 479232 ----a-w- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 06:41:08 . 2008-05-21 06:41:08 548864 ----a-w- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 06:41:08 . 2008-05-21 06:41:08 626688 ----a-w- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 11:58:54 . 2008-06-05 11:58:54 648504 ----a-w- C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 15:42:04 . 2008-08-16 15:42:04 23864 ----a-w- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

((((((((((((((((((((((((((((( SnapShot@2011-11-03_10.05.03 )))))))))))))))))))))))))))))))))))))))))

+ 2008-05-07 23:42:13 . 2011-11-03 10:08:45 76342 C:\WINDOWS\system32\perfc009.dat
- 2008-05-07 23:42:13 . 2011-11-03 09:58:23 76342 C:\WINDOWS\system32\perfc009.dat
+ 2008-05-07 23:42:24 . 2011-11-03 10:08:45 88208 C:\WINDOWS\system32\perfc005.dat
- 2008-05-07 23:42:24 . 2011-11-03 09:58:23 88208 C:\WINDOWS\system32\perfc005.dat
+ 2008-05-07 23:42:13 . 2011-11-03 10:08:45 452842 C:\WINDOWS\system32\perfh009.dat
- 2008-05-07 23:42:13 . 2011-11-03 09:58:23 452842 C:\WINDOWS\system32\perfh009.dat
+ 2008-05-07 23:42:24 . 2011-11-03 10:08:45 449782 C:\WINDOWS\system32\perfh005.dat
- 2008-05-07 23:42:24 . 2011-11-03 09:58:23 449782 C:\WINDOWS\system32\perfh005.dat

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))

*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 17:03:40 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.EXE" [2008-02-15 15:46:40 182936]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 13:57:24 153136]
"tray_ico"="" [BU]
"tray_ico1"="" [BU]
"tray_ico2"="" [BU]
"tray_ico3"="" [BU]
"tray_ico4"="" [BU]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [BU]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2011-05-18 17:32:40 1233856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 12:00:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 03:12:12 257440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16:00 39792 ----a-w- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-02-21 21:21:46 69632 ----a-w- C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-02-21 21:24:56 159744 ----a-w- C:\Program Files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-06-30 02:42:40 2220032 ----a-w- C:\WINDOWS\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00:00 15360 ----a-w- C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2008-02-22 12:43:38 1245184 ----a-w- C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
2008-02-15 15:46:30 895584 ----a-w- C:\Program Files\F-Secure\FSGUI\tnbutil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-22 00:06:20 166424 ----a-w- C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-22 00:06:34 141848 ----a-w- C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 04:40:32 218032 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 20:52:38 1695232 ----a-w- C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 16:53:54 3885408 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-02-05 12:45:16 385856 ----a-w- C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-05-23 14:06:08 128296 ------w- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-22 00:06:24 137752 ----a-w- C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-02-21 21:21:56 16855552 ----a-w- C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\pdfforge Toolbar\SearchSettings.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-12-03 15:46:34 14944136 ----a-r- C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 04:27:04 144784 ----a-w- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"C:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Documents and Settings\\havel\\Dokumenty\\Downloads\\Flash-Player.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [10.12.2008 12:21:07 60256]
R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [4.8.2011 9:20:36 118104]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [4.8.2011 9:20:38 103112]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure\HIPS\fshs.sys [10.12.2008 12:21:01 70752]
R2 ArcGIS License Manager;ArcGIS License Manager;C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe [29.3.2010 11:31:01 1431440]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [10.12.2008 12:20:51 62048]
R3 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\drivers\o2media.sys [29.11.2008 8:00:50 51288]
R3 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\drivers\o2sd.sys [29.11.2008 8:00:50 43608]
S2 ekrn;ESET Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 gupdate;Služba Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [14.2.2010 20:47:56 135664]
S3 gupdatem;Služba Google Update (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [14.2.2010 20:47:56 135664]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\win2k\fsfilter.sys [10.12.2008 12:20:51 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\win2k\fsrec.sys [10.12.2008 12:20:51 25184]

Obsah adresáře 'Naplánované úlohy'

2011-11-04 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-14 19:47:56 . 2010-02-14 19:47:44]

2011-11-04 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-14 19:47:56 . 2010-02-14 19:47:44]

------- Doplňkový sken -------

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
LSP: C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - C:\Documents and Settings\havel\Data aplikací\Mozilla\Firefox\Profiles\0r1u11o6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

1danab · #10 Příspěvek od **1danab** » 04 lis 2011 18:08

udělejte ještě toto prosím:

vyosek píše:Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
Ukoncete vsechny programy

Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce

Zvolte moznost 2 a potvrte enterem

Utilita provede svou cinnost a da log - ten sem vlozte

Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte

dmntfrost · #11 Příspěvek od **dmntfrost** » 08 lis 2011 11:32

moznost 2
RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: havel [Admin rights]
Mode: Remove -- Date : 11/08/2011 11:31:46

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()
[] HKLM\[...]\Windows : () -> ACCESS DENIED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[1].txt >>
RKreport[1].txt

dmntfrost · #12 Příspěvek od **dmntfrost** » 08 lis 2011 11:33

moznost 3

RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: havel [Admin rights]
Mode: HOSTSFix -- Date : 11/08/2011 11:33:20

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

dmntfrost · #13 Příspěvek od **dmntfrost** » 08 lis 2011 11:33

moznost 4

RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: havel [Admin rights]
Mode: ProxyFix -- Date : 11/08/2011 11:33:49

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

1danab · #14 Příspěvek od **1danab** » 09 lis 2011 06:31

Omlouvám se, ale dnes budu celý den zaneprázdněna, podívám se vám na to zítra

1danab · #15 Příspěvek od **1danab** » 10 lis 2011 21:35

Poprosím vás o znovu spuštění Combofixu, poté znovu sken RSITu a oba logy mi sem vložte

VIRY.CZ

facebook vir

facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir