Prosim o kontrolu logu

Zpráva

kosta.m · #1 Příspěvek od **kosta.m** » 01 úno 2012 01:57

Logfile of random's system information tool 1.09 (written by random/random)
Run by denosek at 2012-02-01 01:54:33
Microsoft Windows 7 Home Premium
System drive C: has 575 GB (62%) free of 932 GB
Total RAM: 3327 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:55:16, on 1.2.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\YouCam\YouCamTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\ProgramData\GameXN\GameXNGO.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\denosek\Downloads\RSIT.exe
C:\Program Files\trend micro\denosek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Program Files\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Program Files\Internet Explorer\qipsearchbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Vizuální záložky - {C93F72A2-2162-4BBA-A07A-F13663C297A6} - C:\Program Files\Yandex\YandexBarIE\fastdial.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O3 - Toolbar: Yandex.Bar - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [GameXN (update)] "C:\ProgramData\GameXN\GameXNGO.exe" /u
O4 - HKCU\..\Run: [GameXN (news)] "C:\ProgramData\GameXN\GameXNGO.exe" /n
O4 - HKCU\..\Run: [GameXN] "C:\ProgramData\GameXN\GameXNGO.exe" /silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Users\denosek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [MSIDLL] rundll32.exe msinsw32.dll,aZZufvNkYTNC
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Aquarium Desktop 2007.lnk = C:\Program Files\Stardock\DesktopGadgets\AquariumDesktop2007\Aquarium Desktop 2007.exe
O4 - Startup: JDownloader.lnk = C:\Program Files\JDownloader\JDownloader.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/5221-29898-17534-1/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/5221-29898-17534-1/4 (file missing)
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/5221-29898-17534-1/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/5221-29898-17534-1/4 (file missing) (HKCU)
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Windows\system32\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: WMI_Hook_Service - MICRO-STAR INT'L,.LTD. - C:\Program Files\msi\OSD hot keys\WMI_Hook_Service.exe

--
End of file - 13979 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1176429872-680437442-246994520-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1176429872-680437442-246994520-1000UA.job
C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

=========Mozilla firefox=========

ProfilePath - C:\Users\denosek\AppData\Roaming\Mozilla\Firefox\Profiles\4brtbfr2.default

prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{ea614400-e918-4741-9a97-7a972ff7c30b}:2.0.10, noia2_option@kk.noia:3.76, foxmarks@kei.com:3.9.5, {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.2.5.2, {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1, {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0, {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906, engine@conduit.com:3.2.5.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17, {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... 2475029&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5]
"Description"=Office Live Update v1.5
"Path"=C:\Program Files\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.11.1864]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1924]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.857]
"Description"=6.0.12.857
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
GoogleDesktopMozilla.dll
GoogleDesktopMozillaStub.js
GoogleDesktopMozillaStub.xpt
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpjplug.dll
npwachk.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
firmycz.xml
google.xml
googledesktop.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
mapycz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
zbocz.xml

C:\Users\denosek\AppData\Roaming\Mozilla\Firefox\Profiles\4brtbfr2.default\extensions\
engine@conduit.com
foxmarks@kei.com
noia2_option@kk.noia
yasearch@yandex.ru
{32a1fd71-835e-4b11-8e54-886fda0b4c89}
{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}

C:\Users\denosek\AppData\Roaming\Mozilla\Firefox\Profiles\4brtbfr2.default\searchplugins\
conduit.xml
icqplugin.xml
qip-search.xml
winamp-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2010-07-28 1267024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
TorrentMan Toolbar - C:\Program Files\TorrentMan\tbTorr.dll [2008-05-21 1526296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2011-05-13 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
MyAshampoo Toolbar - C:\Program Files\MyAshampoo\tbMyAs.dll [2009-12-31 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Program Files\Internet Explorer\qipsearchbar.dll [2009-07-09 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C93F72A2-2162-4BBA-A07A-F13663C297A6}]
Vizuální záložky - C:\Program Files\Yandex\YandexBarIE\fastdial.dll [2011-10-13 2697528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-18 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
kikin Plugin - C:\Program Files\kikin\ie_kikin.dll [2010-11-23 919408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2010-07-28 1267024]
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - MyAshampoo Toolbar - C:\Program Files\MyAshampoo\tbMyAs.dll [2009-12-31 2349080]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-08-16 962808]
{7c5c0f58-e061-457d-9033-77307f5ed00c} - TorrentMan Toolbar - C:\Program Files\TorrentMan\tbTorr.dll [2008-05-21 1526296]
{91397D20-1446-11D4-8AF4-0040CA1127B6} - Yandex.Bar - C:\Program Files\Yandex\YandexBarIE\yndbar.dll [2011-10-20 12336440]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-07-10 7612960]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-07-18 13797920]
"CLMLServer"=C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [2009-06-03 103720]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"YouCam Mirror Tray icon"=C:\Program Files\CyberLink\YouCam\YouCamTray.exe [2009-07-23 162912]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-07-12 74752]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-11-01 180269]
"RemoteControl9"=C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-02-16 87336]
"PDVD9LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [2008-10-13 50472]
"BDRegion"=C:\Program Files\Cyberlink\Shared files\brs.exe [2010-11-17 75048]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-11-02 30192]
"RemoteControl10"=C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [2010-02-03 87336]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2011-08-05 159456]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2011-05-13 4283256]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2011-02-12 396152]
"GameXN (update)"=C:\ProgramData\GameXN\GameXNGO.exe [2011-08-31 347008]
"GameXN (news)"=C:\ProgramData\GameXN\GameXNGO.exe [2011-08-31 347008]
"GameXN"=C:\ProgramData\GameXN\GameXNGO.exe [2011-08-31 347008]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-10-13 17351304]
"Google Update"=C:\Users\denosek\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-16 136176]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-11-10 3514176]
"MSIDLL"=msinsw32.dll,aZZufvNkYTNC []

C:\Users\denosek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Aquarium Desktop 2007.lnk - C:\Program Files\Stardock\DesktopGadgets\AquariumDesktop2007\Aquarium Desktop 2007.exe
JDownloader.lnk - C:\Program Files\JDownloader\JDownloader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BsScanner]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"wave2"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"msacm.voxacm160"=vct3216.acm
"msacm.scg726"=scg726.acm
"msacm.alf2cd"=alf2cd.acm
"msacm.ac3acm"=AC3ACM.acm
"vidc.dvsd"=mcdvd_32.dll
"vidc.xvid"=xvidvfw.dll
"vidc.DIVX"=DivX.dll
"vidc.mpg4"=mpg4c32.dll
"vidc.mp42"=mpg4c32.dll
"vidc.mp43"=mpg4c32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-02-01 01:54:33 ----D---- C:\rsit
2012-02-01 01:54:33 ----D---- C:\Program Files\trend micro
2012-01-13 01:48:15 ----A---- C:\Windows\system32\jscript.dll
2012-01-13 01:48:14 ----A---- C:\Windows\system32\ntdll.dll
2012-01-13 01:48:13 ----A---- C:\Windows\system32\packager.dll
2012-01-13 01:48:12 ----A---- C:\Windows\system32\quartz.dll
2012-01-13 01:48:11 ----A---- C:\Windows\system32\qdvd.dll
2012-01-05 19:41:38 ----D---- C:\Program Files\Intelore

======List of files/folders modified in the last 1 month======

2012-02-01 01:55:06 ----D---- C:\Users\denosek\AppData\Roaming\uTorrent
2012-02-01 01:54:33 ----RD---- C:\Program Files
2012-02-01 01:54:33 ----D---- C:\Windows\Temp
2012-02-01 01:48:11 ----D---- C:\Users\denosek\AppData\Roaming\Skype
2012-02-01 01:48:01 ----D---- C:\ProgramData\GameXN
2012-02-01 01:32:00 ----D---- C:\Users\denosek\AppData\Roaming\vlc
2012-02-01 01:05:55 ----D---- C:\Windows\system32\config
2012-02-01 00:56:01 ----D---- C:\Windows\Prefetch
2012-02-01 00:54:27 ----SHD---- C:\System Volume Information
2012-02-01 00:52:08 ----D---- C:\Windows\system32\catroot
2012-02-01 00:52:06 ----D---- C:\Windows\system32\catroot2
2012-02-01 00:52:01 ----D---- C:\Windows\winsxs
2012-02-01 00:48:00 ----D---- C:\Users\denosek\AppData\Roaming\go
2012-01-31 13:44:05 ----N---- C:\Windows\system32\MpSigStub.exe
2012-01-30 07:16:44 ----D---- C:\Windows\Tasks
2012-01-28 16:49:55 ----D---- C:\Windows\system32\Tasks
2012-01-15 23:31:02 ----D---- C:\Users\denosek\AppData\Roaming\dvdcss
2012-01-15 21:21:30 ----D---- C:\Stahovani
2012-01-15 17:06:09 ----D---- C:\Milena
2012-01-15 13:52:00 ----D---- C:\Windows\System32
2012-01-15 13:52:00 ----D---- C:\Windows\inf
2012-01-15 13:52:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-01-13 02:02:48 ----A---- C:\Windows\system32\MRT.exe
2012-01-13 02:02:29 ----D---- C:\Windows\ehome
2012-01-13 02:02:24 ----SHD---- C:\Windows\Installer
2012-01-13 02:02:23 ----D---- C:\ProgramData\Microsoft Help
2012-01-09 13:48:48 ----D---- C:\Program Files\Mozilla Firefox
2012-01-09 12:08:47 ----RSD---- C:\Windows\assembly
2012-01-09 12:08:47 ----D---- C:\Windows\Microsoft.NET
2012-01-05 23:11:23 ----D---- C:\Install
2012-01-05 15:23:21 ----D---- C:\Users\denosek\AppData\Roaming\Mozilla
2012-01-04 11:45:50 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hotcore3;hc3ServiceName; C:\Windows\system32\DRIVERS\hotcore3.sys [2010-10-12 56208]
R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2010-10-30 64288]
R0 nvamacpi;NVIDIA Away Mode System; C:\Windows\system32\DRIVERS\NVAMACPI.sys [2009-06-05 24608]
R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2009-06-30 212000]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-24 239168]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\Windows\System32\Drivers\Uim_IM.sys [2010-10-12 395464]
R1 UimBus;Universal Image Mounter Controller; C:\Windows\system32\DRIVERS\UimBus.sys [2010-10-12 37080]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2010-09-08 230248]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/31 14:55:42]; \??\C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-17 87536]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/11/01 22:14:55]; \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl [2009-02-28 87536]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-07-10 2660896]
R3 KMWDFILTERx86;HIDServiceDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-06-28 17920]
R3 NxpCap;CTX capture service; C:\Windows\system32\DRIVERS\NxpCap.sys [2009-07-30 1488096]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\Windows\system32\DRIVERS\rtl8192se.sys [2010-04-01 1009184]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP-Bus-Filtertreiber; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]
S3 MSIDriver_IO_2;MSIDriver_IO_2; \??\C:\Program Files\msi\OSD hot keys\MSI_MAINSYS.sys [2009-08-25 26936]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 Profos;Profos; \??\C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys []
S3 sisagp;SIS AGP-Bus-Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP-Bus-Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7-Prozessortreiber; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUSB;Ovladač WinUsb; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R2 NMSAccess;NMSAccess; C:\Windows\system32\NMSAccessU.exe [2009-01-12 71096]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-18 211488]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2009-02-25 247152]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
R2 WMI_Hook_Service;WMI_Hook_Service; C:\Program Files\msi\OSD hot keys\WMI_Hook_Service.exe [2009-09-04 101176]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-30 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2011-06-17 1355968]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2011-05-13 1492840]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-11-02 30192]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-30 135664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-19 1343400]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service; c:\Program Files\Zune\WMZuneComm.exe [2011-08-05 268512]
S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2011-08-05 6363872]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\Program Files\Zune\ZuneWlanCfgSvc.exe [2011-08-05 444640]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------

Děkuji

#2 Příspěvek od **Mc_Murphy** » 01 úno 2012 06:06

Zdravím.

Dej mi minutku, hnedle se na to mrknu.

#3 Příspěvek od **Mc_Murphy** » 01 úno 2012 06:24

Inu, Kosťo, máš to pěkně zapráskané, jen co je pravda.

Jak by řekl kolega, máš tam celou ZOO i s babkou pokladní.

Tak jako první budeme hodně instalovat a odebírat. Nejprve půjdou tedy některé věci do pryč.

Pokud je tam najdeš, tak v nabídce Přidat nebo odebrat programy odinstaluj tyto toolbary: Winamp Toolbar, MyAshampoo Toolbar, ICQToolBar, TorrentMan Toolbar a Yandex.Bar.

Jsou to veliká "zdržovadla" systému a v případě například Ask.com Toolbar, Conduit Engine a dalších se dá hovořit už i o havěti.

Doporučuji odinstalovat Lavasoft - Ad-Aware. Program má svá nejlepší léta již dávno za sebou a není schopen čelit aktuálním hrozbám.

Chtěl jsem jít na Service Pack, ale první to odvirujeme a pak půjdeme na instalaci a updaty.

Stáhni RogueKiller - http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukonči všechny programy!
Pokud používáš Win Vista či Win 7, klikni na RogueKiller pravým myšítkem a dej Run As Administrator či Spustit jako správce.
Zvol možnost 2 a potvrď [Enter].
Utilita provede svou činnost a dá log - ten mi sem vlož.
Nyní znovu stejný postup, ale zvol možnost 3 a poté ještě jednou s možností 4 - logy mi sem opět vlož.

kosta.m · #4 Příspěvek od **kosta.m** » 01 úno 2012 08:35

Ahojky nějak nemůzu najit možnst 2... posilám screen programu:)

kosta.m · #5 Příspěvek od **kosta.m** » 01 úno 2012 08:54

snad sem to ted udelal dobre... log č2

RogueKiller V7.0.2 [01/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: denosek [Admin rights]
Mode: Scan -- Date : 02/01/2012 08:55:52

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : MSIDLL (rundll32.exe msinsw32.dll,aZZufvNkYTNC) -> FOUND
[PREVRUN] HKLM\[...]\Run : NvCplDaemon (RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-1176429872-680437442-246994520-1000[...]\Run : MSIDLL (rundll32.exe msinsw32.dll,aZZufvNkYTNC) -> FOUND
[SUSP PATH] HKCU\[...]\RunOnce : ClearTemp (del C:\Users\denosek\AppData\Local\Temp\yupdate.exe-{2AAABA58-F36B-4D0E-B8C3-59966D781460}) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1176429872-680437442-246994520-1000[...]\RunOnce : ClearTemp (del C:\Users\denosek\AppData\Local\Temp\yupdate.exe-{2AAABA58-F36B-4D0E-B8C3-59966D781460}) -> FOUND
[SUSP PATH] {35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job : C:\Windows\Zkowob.exe -> FOUND
[SUSP PATH] {22116563-108C-42c0-A7CE-60161B75E508}.job : C:\Users\denosek\AppData\Local\Temp\Zrx.exe -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 21fbd41e635222b83511aeeba3a813f6
[BSP] 2442da5d362781b2ea6e82a16d7b14eb : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 932262 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1909479424 | Size: 20480 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1951422464 | Size: 1025 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

log č 3
RogueKiller V7.0.2 [01/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: denosek [Admin rights]
Mode: Scan -- Date : 02/01/2012 08:56:31

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : MSIDLL (rundll32.exe msinsw32.dll,aZZufvNkYTNC) -> FOUND
[PREVRUN] HKLM\[...]\Run : NvCplDaemon (RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-1176429872-680437442-246994520-1000[...]\Run : MSIDLL (rundll32.exe msinsw32.dll,aZZufvNkYTNC) -> FOUND
[SUSP PATH] HKCU\[...]\RunOnce : ClearTemp (del C:\Users\denosek\AppData\Local\Temp\yupdate.exe-{2AAABA58-F36B-4D0E-B8C3-59966D781460}) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1176429872-680437442-246994520-1000[...]\RunOnce : ClearTemp (del C:\Users\denosek\AppData\Local\Temp\yupdate.exe-{2AAABA58-F36B-4D0E-B8C3-59966D781460}) -> FOUND
[SUSP PATH] {35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job : C:\Windows\Zkowob.exe -> FOUND
[SUSP PATH] {22116563-108C-42c0-A7CE-60161B75E508}.job : C:\Users\denosek\AppData\Local\Temp\Zrx.exe -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 21fbd41e635222b83511aeeba3a813f6
[BSP] 2442da5d362781b2ea6e82a16d7b14eb : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 932262 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1909479424 | Size: 20480 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1951422464 | Size: 1025 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

logč 4
RogueKiller V7.0.2 [01/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: denosek [Admin rights]
Mode: Scan -- Date : 02/01/2012 08:57:51

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : MSIDLL (rundll32.exe msinsw32.dll,aZZufvNkYTNC) -> FOUND
[PREVRUN] HKLM\[...]\Run : NvCplDaemon (RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-1176429872-680437442-246994520-1000[...]\Run : MSIDLL (rundll32.exe msinsw32.dll,aZZufvNkYTNC) -> FOUND
[SUSP PATH] HKCU\[...]\RunOnce : ClearTemp (del C:\Users\denosek\AppData\Local\Temp\yupdate.exe-{2AAABA58-F36B-4D0E-B8C3-59966D781460}) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1176429872-680437442-246994520-1000[...]\RunOnce : ClearTemp (del C:\Users\denosek\AppData\Local\Temp\yupdate.exe-{2AAABA58-F36B-4D0E-B8C3-59966D781460}) -> FOUND
[SUSP PATH] {35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job : C:\Windows\Zkowob.exe -> FOUND
[SUSP PATH] {22116563-108C-42c0-A7CE-60161B75E508}.job : C:\Users\denosek\AppData\Local\Temp\Zrx.exe -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 21fbd41e635222b83511aeeba3a813f6
[BSP] 2442da5d362781b2ea6e82a16d7b14eb : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 932262 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1909479424 | Size: 20480 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1951422464 | Size: 1025 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

#6 Příspěvek od **Mc_Murphy** » 01 úno 2012 12:54

Moc se omlouvám, poslal jsem Ti starý návod.

Ale provedl jsi to dobře, šikula.

Takže provedeme opravy.

Ukonči všechny programy!
Pokud používáš Win Vista či Win 7, klikni na RogueKiller pravým myšítkem a dej Run As Administrator či Spustit jako správce.
Počkej, než program dokončí Prescan.
Zvol možnost [Scan] a počkej, až proběhne.
V záložce Registry nech všechny nálezy označeny, odfajfkuj pouze řádek:
[PREVRUN] HKLM\[...]\Run : NvCplDaemon (RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup) -> FOUND
Klikni na [Delete] a potom na [Report] - otevře se log, ten mi sem vlož.

kosta.m · #7 Příspěvek od **kosta.m** » 01 úno 2012 14:42

RogueKiller V7.0.2 [01/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: denosek [Admin rights]
Mode: Remove -- Date : 02/01/2012 14:47:41

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 21fbd41e635222b83511aeeba3a813f6
[BSP] 2442da5d362781b2ea6e82a16d7b14eb : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 932262 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1909479424 | Size: 20480 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1951422464 | Size: 1025 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[7].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt

#8 Příspěvek od **Mc_Murphy** » 01 úno 2012 15:41

OK, to už vypadá lépe.

PROSÍM, ČTI NÁVOD DŮKLADNĚ - TATO UTILITA MÁ VELKOU SCHOPNOST MAZAT A JE NUTNÉ JI APLIKOVAT JEN NA DOPORUČENÍ, JINAK TI MŮŽE JÍT SYSTÉM DO KYTEK

Stáhni a ulož na Plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypni všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary apod.
Vypni všechny běžící aplikace - ICQ, Skype, browsery, prostě všechny programy, ať běží pouze ComboFix.
Pokud máš Win XP, spusť pod účtem Správce/Administrator.
Pokud máš Win Vista či Win 7, klikni na ComboFix pravým myšítkem a dej Run As Administrator či Spustit jako správce.
Ihned po startu se zobrazí stránka s licenčním ujednáním - pokračuj kliknutím na [Ano].
Pokud Ti ComboFix nabídne instalaci Konzoly pro zotavení, tak souhlas.
Dále postupuj dle pokynů. Během scanu nech PC naprosto v klidu - nespouštěj žádné aplikace a neklikej do zobrazujícího se okna!
Scan by měl trvat cca 10 min, ale pokud bude PC hodne zaneseno, může se čas samozřejmě prodloužit.
Po dokončení scanu a případném restartu ComboFix zobrazí log, který případně najdeš v C:\ComboFix.txt. Jeho obsah mi sem vlož.
Detailní postup včetně obrázků najdeš zde: http://www.bleepingcomputer.com/combofi ... t-combofix

kosta.m · #9 Příspěvek od **kosta.m** » 01 úno 2012 18:38

ComboFix 12-02-01.01 - denosek 01.02.2012 18:13:43.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3327.1654 [GMT 1:00]
Spuštěný z: c:\users\denosek\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\denosek\AppData\Roaming\Microsoft\Windows\Recent\MOVIES-XXX-DVD-APPS-MUSIC-TV SHOWS.url
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-01 do 2012-02-01 )))))))))))))))))))))))))))))))
.
.
2012-02-01 00:54 . 2012-02-01 00:55 -------- d-----w- C:\rsit
2012-02-01 00:54 . 2012-02-01 00:55 -------- d-----w- c:\program files\trend micro
2012-01-31 23:54 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{32E9B0F5-0606-474C-9132-667A68659FD3}\mpengine.dll
2012-01-31 23:54 . 2011-11-17 05:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-31 23:54 . 2011-11-17 05:48 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-31 23:54 . 2011-11-17 05:42 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-31 23:54 . 2011-11-17 05:39 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-31 23:53 . 2011-11-17 05:48 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-31 23:53 . 2011-11-17 05:39 314368 ----a-w- c:\windows\system32\webio.dll
2012-01-31 23:53 . 2011-11-17 05:39 99840 ----a-w- c:\windows\system32\sspicli.dll
2012-01-31 23:53 . 2011-11-17 05:36 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-31 23:53 . 2011-11-17 05:39 15360 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-31 23:53 . 2011-11-17 05:39 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-13 00:48 . 2011-11-17 05:41 1288984 ----a-w- c:\windows\system32\ntdll.dll
2012-01-13 00:48 . 2011-11-19 14:06 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-13 00:48 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll
2012-01-13 00:48 . 2011-10-26 04:28 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-09 12:48 . 2012-01-09 12:48 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-09 12:48 . 2012-01-09 12:48 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-09 12:48 . 2012-01-09 12:48 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-09 12:48 . 2012-01-09 12:48 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-05 18:41 . 2012-01-05 18:41 -------- d-----w- c:\program files\Intelore
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2010-10-19 08:12 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-06 04:19 . 2010-10-29 08:53 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-24 22:32 . 2011-12-24 22:32 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-24 04:23 . 2011-12-17 16:59 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-11-17 05:39 . 2012-01-31 23:54 224768 ----a-w- c:\windows\system32\schannel.dll
2011-11-05 04:35 . 2011-12-17 18:04 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:34 . 2011-12-17 18:04 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-05 04:30 . 2011-12-17 16:59 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 03:28 . 2011-12-17 18:04 386048 ----a-w- c:\windows\system32\html.iec
2011-11-05 02:55 . 2011-12-17 18:04 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-01-09 12:48 . 2011-05-12 07:42 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-11-02 08:34 . 2010-11-02 08:34 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-11-23 19:51 919408 ----a-w- c:\program files\kikin\ie_kikin.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-02-12 396152]
"GameXN (update)"="c:\programdata\GameXN\GameXNGO.exe" [2011-08-31 347008]
"GameXN (news)"="c:\programdata\GameXN\GameXNGO.exe" [2011-08-31 347008]
"GameXN"="c:\programdata\GameXN\GameXNGO.exe" [2011-08-31 347008]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-10 7612960]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2009-07-23 162912]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-11-01 180269]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-11-17 75048]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-11-02 30192]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
.
c:\users\denosek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Aquarium Desktop 2007.lnk - c:\program files\Stardock\DesktopGadgets\AquariumDesktop2007\Aquarium Desktop 2007.exe [N/A]
JDownloader.lnk - c:\program files\JDownloader\JDownloader.exe [2010-9-23 214528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-30 135664]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-11-02 30192]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-30 135664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 MSIDriver_IO_2;MSIDriver_IO_2;c:\program files\msi\OSD hot keys\MSI_MAINSYS.sys [2009-08-25 26936]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-19 1343400]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 268512]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-10-12 56208]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-10-30 64288]
S0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [2009-06-04 24608]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-24 239168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/31 14:55];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-17 20:29 87536]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/11/01 22:14];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-02-28 18:40 87536]
S2 WMI_Hook_Service;WMI_Hook_Service;c:\program files\msi\OSD hot keys\WMI_Hook_Service.exe [2009-09-04 101176]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [2009-07-30 1488096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-01 1009184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-30 00:18]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-30 00:18]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1176429872-680437442-246994520-1000Core.job
- c:\users\denosek\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 19:00]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1176429872-680437442-246994520-1000UA.job
- c:\users\denosek\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 19:00]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/5221-29898-17534-1/4
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\denosek\AppData\Roaming\Mozilla\Firefox\Profiles\4brtbfr2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-BsScanner
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-02-01 18:42:28
ComboFix-quarantined-files.txt 2012-02-01 17:42
.
Před spuštěním: Volných bajtů: 606 908 215 296
Po spuštění: Volných bajtů: 606 802 862 080
.
- - End Of File - - 80CE120D8671C3D14AA98F77B5D5DBFC

#10 Příspěvek od **Mc_Murphy** » 01 úno 2012 19:45

Pokud jsi tak ještě neučinil, přesuň ComboFix na Plochu.

Otevři si Poznámkový blok (Start >> Spustit... (nebo Win+R) >> do okénka napiš notepad >> [Enter]).
Zkopíruj do něj tento script:

Kód: Vybrat vše

KillAll::

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=-
"uTorrent"=-
"GameXN (update)"=-
"GameXN (news)"=-
"GameXN"=-
"Skype"=-
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=-
"TkBellExe"=-
"AdobeAAMUpdater-1.0"=-
"SwitchBoard"=-
"AdobeCS5ServiceManager"=-
"QuickTime Task"=-

Folder::
c:\program files\kikin
C:\Program Files\Winamp Toolbar
C:\Program Files\ICQ6Toolbar
C:\Program Files\TorrentMan
C:\Program Files\Yandex\YandexBarIE

File::
c:\users\denosek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloader.lnk
C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1176429872-680437442-246994520-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1176429872-680437442-246994520-1000UA.job
C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\Program Files\MyAshampoo\tbMyAs.dll

Driver::
gupdate
gupdatem
SwitchBoard
ICQ Service
Lavasoft Ad-Aware Service
NMSAccess

DDS::
uStart Page = hxxp://seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/5221-29898-17534-1/4
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll

Firefox::
FF - ProfilePath - c:\users\denosek\AppData\Roaming\Mozilla\Firefox\Profiles\4brtbfr2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2475029&q=

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Ulož vytvořený TXT jako CFScript.txt
Přetáhni vytvořený CFScript.txt nad ComboFix a pusť (viz obrázek).
Po aplikaci scriptu (a případném restartu PC) na Tebe vyskočí log. Jeho obsah mi sem vlož.

Může se stát, že po aplikaci scriptu nenaběhnou Windows. V tom případě restartuj PC, hned při náběhu mačkej klávesu F8 a zvol Poslední známou konfiguraci.

kosta.m · #11 Příspěvek od **kosta.m** » 01 úno 2012 20:06

ComboFix 12-02-01.01 - denosek 01.02.2012 19:57:38.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3327.1668 [GMT 1:00]
Spuštěný z: c:\users\denosek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\denosek\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\MyAshampoo\tbMyAs.dll"
"c:\users\denosek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloader.lnk"
"c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
"c:\windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job"
"c:\windows\tasks\Ad-Aware Update (Weekly).job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1176429872-680437442-246994520-1000Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1176429872-680437442-246994520-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\kikin
c:\program files\kikin\default_settings.xml
c:\program files\kikin\file_list.txt
c:\program files\kikin\ie_kikin.dll
c:\program files\kikin\KikinBroker.exe
c:\program files\kikin\KikinCrashReporter.exe
c:\program files\kikin\uninst.exe
c:\users\denosek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloader.lnk
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1176429872-680437442-246994520-1000Core.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1176429872-680437442-246994520-1000UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_NMSAccess
-------\Service_SwitchBoard
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-01 do 2012-02-01 )))))))))))))))))))))))))))))))
.
.
2012-02-01 19:04 . 2012-02-01 19:06 -------- d-----w- c:\users\denosek\AppData\Local\temp
2012-02-01 19:04 . 2012-02-01 19:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-01 17:43 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{614AF738-5566-46FC-B06F-B5B33E01AEB2}\mpengine.dll
2012-02-01 00:54 . 2012-02-01 00:55 -------- d-----w- C:\rsit
2012-02-01 00:54 . 2012-02-01 00:55 -------- d-----w- c:\program files\trend micro
2012-01-31 23:54 . 2011-11-17 05:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-31 23:54 . 2011-11-17 05:48 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-31 23:54 . 2011-11-17 05:42 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-31 23:54 . 2011-11-17 05:39 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-31 23:53 . 2011-11-17 05:48 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-31 23:53 . 2011-11-17 05:39 314368 ----a-w- c:\windows\system32\webio.dll
2012-01-31 23:53 . 2011-11-17 05:39 99840 ----a-w- c:\windows\system32\sspicli.dll
2012-01-31 23:53 . 2011-11-17 05:36 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-31 23:53 . 2011-11-17 05:39 15360 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-31 23:53 . 2011-11-17 05:39 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-13 00:48 . 2011-11-17 05:41 1288984 ----a-w- c:\windows\system32\ntdll.dll
2012-01-13 00:48 . 2011-11-19 14:06 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-13 00:48 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll
2012-01-13 00:48 . 2011-10-26 04:28 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-09 12:48 . 2012-01-09 12:48 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-09 12:48 . 2012-01-09 12:48 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-09 12:48 . 2012-01-09 12:48 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-09 12:48 . 2012-01-09 12:48 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-05 18:41 . 2012-01-05 18:41 -------- d-----w- c:\program files\Intelore
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2010-10-19 08:12 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-06 04:19 . 2010-10-29 08:53 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-24 22:32 . 2011-12-24 22:32 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-24 04:23 . 2011-12-17 16:59 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-11-17 05:39 . 2012-01-31 23:54 224768 ----a-w- c:\windows\system32\schannel.dll
2011-11-05 04:35 . 2011-12-17 18:04 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:34 . 2011-12-17 18:04 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-05 04:30 . 2011-12-17 16:59 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 03:28 . 2011-12-17 18:04 386048 ----a-w- c:\windows\system32\html.iec
2011-11-05 02:55 . 2011-12-17 18:04 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-01-09 12:48 . 2011-05-12 07:42 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-11-02 08:34 . 2010-11-02 08:34 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-10 7612960]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2009-07-23 162912]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-11-17 75048]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-11-02 30192]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
.
c:\users\denosek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Aquarium Desktop 2007.lnk - c:\program files\Stardock\DesktopGadgets\AquariumDesktop2007\Aquarium Desktop 2007.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-11-02 30192]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 MSIDriver_IO_2;MSIDriver_IO_2;c:\program files\msi\OSD hot keys\MSI_MAINSYS.sys [2009-08-25 26936]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-19 1343400]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 268512]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-10-12 56208]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-10-30 64288]
S0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [2009-06-04 24608]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-24 239168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/31 14:55];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-17 20:29 87536]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/11/01 22:14];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-02-28 18:40 87536]
S2 WMI_Hook_Service;WMI_Hook_Service;c:\program files\msi\OSD hot keys\WMI_Hook_Service.exe [2009-09-04 101176]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [2009-07-30 1488096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-01 1009184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/5221-29898-17534-1/4
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\denosek\AppData\Roaming\Mozilla\Firefox\Profiles\4brtbfr2.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA} - c:\program files\kikin\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\nvvsvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2012-02-01 20:10:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-01 19:10
ComboFix2.txt 2012-02-01 17:42
.
Před spuštěním: Volných bajtů: 606 848 671 744
Po spuštění: Volných bajtů: 606 339 653 632
.
- - End Of File - - 8B879A637114A2AD0DBE291001B149EA

#12 Příspěvek od **Mc_Murphy** » 01 úno 2012 20:19

Jak se chová počítač?

kosta.m · #13 Příspěvek od **kosta.m** » 01 úno 2012 20:23

No driv tam neali spustit miniaplikace... ted bezi,,

jen v outlooku mi skače tato hlaška.... jde s tim neco delat .... viz obrazek

kosta.m · #14 Příspěvek od **kosta.m** » 01 úno 2012 20:23

a poradiš mi nějakou ochranu ... neco jako adaware?... ktere sem odinstaloval

#15 Příspěvek od **Mc_Murphy** » 01 úno 2012 21:26

To jsem rád, že fungují. Nefungovaly, protože jsi to měl zavirované a zaflákané.

Mno ESET jsme odpálili, tak je jasné, že ho Outlook nemůže najít. Zkus přímo v Outlooku někde najít nějaké ty doplňky a tam ten ESET odeber. Já Outlook nepoužívám, takže nevím. Když to nepůjde a hláška bude vyskakovat pořád, pohledáme na netu.

Náhradou za Lavasoft bych Ti doporučil vynikající SUPERAntiSpyware Free Edition. Stáhni, nainstaluj a po spuštění jen v interních nastaveních programu odeber spouštění při startu systému (rezident) a program si ponech na občasné scany. Zatím ho ale neinstaluj (až na konec), ještě trošku pročistíme, můžou tam být nějaké zbytky.

Stáhni OTL z tohoto odkazu a ulož jej na Plochu.

Pokud používáš Win Vista či Win7, klikni na OTL pravým myšítkem a dej Run As Administrator či Spustit jako správce.
Pokud používáš 64bitový OS, zkontroluj, zda-li je zaškrtnutý čtvereček Pro 64 bitové OS. Pokud ne, zaškrtni jej.
Zaškrtni okénko Pro všechny uživatele.
Zaškrtni okénko Kontrola na havěť "LOP".
Zaškrtni okénko Kontrola na havěť "Purity".
Stáři souborů změň z 30 dnů na 7 dnů!!
Do spodního okénka Vlastní skenování/opravy vlož tento script (pouze zelená písmenka v bílém poli!):

Kód: Vybrat vše

CREATERESTOREPOINT
netsvc
drivers32
savembr:0
/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
%userprofile%\Plocha\*.*
%userprofile%\Desktop\*.*
%ALLUSERSPROFILE%\Plocha\*.*
%ALLUSERSPROFILE%\Desktop\*.*
*crack* /s
*keygen* /s
*loader* /s
*RemoveWAT* /s
*minodlogin* /s
*tnod* /s
*TemDono* /s
*AutoKMS* /s
*KMSEmulator* /s
*activator* /s
*serial* /s
*w7lxe* /s
*AutoRearm* /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /s
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

Klikni na tlačítko [Prohledat].
Po dokončení skenu se objeví logy OTL.txt a Extras.txt, oba mi sem vlož.
Logy se nevejdou do jednoho, rozděl je tedy prosím do více příspěvků.

VIRY.CZ

Prosim o kontrolu logu

Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu