Virus rozesilany pres Skype

[heximp]

Dobry den. Prosim o pomoc s odstranenim viru. Ve Skypu jsem otevrel neznamy odkaz, ktery nasledne rozesila Skypem odkazy dale. Pri full scanu antivirem AVIRA se po urcite dobe scan prerusi, objevi se modra obrazovka a scan se tim padem nedokonci. Virus zustava v pameti a rozesila Skypem znovu odkazy.

Dekuji za pomoc



Logfile of random's system information tool 1.09 (written by random/random)
Run by jarda at 2012-10-12 12:51:28
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (30%) free of 35 GB
Total RAM: 2047 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:51:38, on 12.10.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\landi 11\Landi11.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\jarda\Data aplikací\E.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\jarda\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\jarda.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Landi 11.lnk = C:\Program Files\landi 11\Landi11.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... ctivex.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

--
End of file - 9913 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\WGASetup.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\jarda\Data aplikací\Mozilla\Firefox\Profiles\92qfc6qz.default

prefs.js - "extensions.enabledItems" - "pdfforge@mybrowserbar.com:4.3, wtxpcom@mybrowserbar.com:4.3, {ea614400-e918-4741-9a97-7a972ff7c30b}:2.5.4, jqs@sun.com:1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
firmycz.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
mapycz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
zbocz.xml

C:\Documents and Settings\jarda\Data aplikací\Mozilla\Firefox\Profiles\92qfc6qz.default\extensions\
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30 75232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-10-01 192144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll [2012-08-17 1002992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-08-08 1527496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-29 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Lištička - C:\Program Files\Seznam.cz\listicka.dll [2010-03-09 1147544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-08-08 1527496]
{B922D405-6D13-4A2B-AE89-08A030DA4402} -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-10-01 192144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-11-05 144384]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-01-29 149280]
"SetDefPrt"=C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe [2004-11-11 49152]
"ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2005-01-07 864256]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-03-04 281768]
"TaskTray"= []
"KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2011-11-29 3508624]
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2012-08-08 1644744]
""= []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-07-31 38872]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-11 919008]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"VoipBuster"=C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe [2012-09-13 23069600]
"FreeCall"=C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe [2012-09-13 23248288]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-07-20 39408]
"KiesHelper"=C:\Program Files\Samsung\Kies\KiesHelper.exe [2011-11-29 935312]
"KiesPDLR"=C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2011-11-29 21392]

C:\Documents and Settings\jarda\Nabídka Start\Programy\Po spuštění
Landi 11.lnk - C:\Program Files\landi 11\Landi11.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:*:Enabled:VoipBuster"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.tscc"=tsccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-10-12 12:51:29 ----D---- C:\Program Files\trend micro
2012-10-12 12:51:28 ----D---- C:\rsit
2012-10-12 12:46:05 ----A---- C:\Documents and Settings\jarda\Data aplikací\F.exe
2012-10-12 12:39:13 ----A---- C:\Documents and Settings\jarda\Data aplikací\E.exe
2012-10-12 12:23:05 ----A---- C:\Documents and Settings\jarda\Data aplikací\D.exe
2012-10-12 12:06:02 ----A---- C:\Documents and Settings\jarda\Data aplikací\4.exe
2012-10-12 12:00:05 ----A---- C:\Documents and Settings\jarda\Data aplikací\40BC.exe
2012-10-12 11:37:04 ----A---- C:\Documents and Settings\jarda\Data aplikací\408C.exe
2012-10-12 11:14:05 ----A---- C:\Documents and Settings\jarda\Data aplikací\408A.exe
2012-10-12 10:51:00 ----A---- C:\Documents and Settings\jarda\Data aplikací\407F.exe
2012-10-12 10:28:03 ----A---- C:\Documents and Settings\jarda\Data aplikací\407B.exe
2012-10-12 10:04:59 ----A---- C:\Documents and Settings\jarda\Data aplikací\407A.exe
2012-10-12 09:42:04 ----A---- C:\Documents and Settings\jarda\Data aplikací\4078.exe
2012-10-12 09:00:15 ----A---- C:\Documents and Settings\jarda\Data aplikací\4060.exe
2012-10-12 02:15:52 ----A---- C:\Documents and Settings\jarda\Data aplikací\3EA9.exe
2012-10-11 22:25:16 ----A---- C:\Documents and Settings\jarda\Data aplikací\3DE0.exe
2012-10-11 22:18:20 ----A---- C:\Documents and Settings\jarda\Data aplikací\3DBA.exe
2012-10-11 21:55:15 ----A---- C:\Documents and Settings\jarda\Data aplikací\3DAC.exe
2012-10-11 07:26:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2724197$
2012-10-11 07:24:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2756822$
2012-10-11 07:24:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2749655$
2012-10-11 07:24:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2661254-v2$
2012-10-10 21:04:51 ----A---- C:\Documents and Settings\jarda\Data aplikací\6.exe
2012-10-10 20:17:35 ----A---- C:\Documents and Settings\jarda\Data aplikací\29E.exe
2012-10-10 19:52:15 ----A---- C:\Documents and Settings\jarda\Data aplikací\29B.exe
2012-10-10 19:42:57 ----A---- C:\Documents and Settings\jarda\Data aplikací\298.exe
2012-10-10 17:54:39 ----A---- C:\Documents and Settings\jarda\Data aplikací\294.exe
2012-10-10 17:54:24 ----A---- C:\Documents and Settings\jarda\Data aplikací\291.exe
2012-10-10 09:05:52 ----A---- C:\Documents and Settings\jarda\Data aplikací\Log.dat
2012-10-10 08:03:50 ----A---- C:\Documents and Settings\jarda\Data aplikací\22.exe
2012-10-10 02:28:39 ----A---- C:\Documents and Settings\jarda\Data aplikací\56.exe
2012-10-09 16:28:21 ----A---- C:\Documents and Settings\jarda\Data aplikací\24.exe
2012-10-09 12:23:41 ----A---- C:\Documents and Settings\jarda\Data aplikací\12A.exe

======List of files/folders modified in the last 1 month======

2012-10-12 12:51:38 ----D---- C:\WINDOWS\Prefetch
2012-10-12 12:51:29 ----RD---- C:\Program Files
2012-10-12 12:38:27 ----D---- C:\WINDOWS\Temp
2012-10-12 12:38:22 ----D---- C:\WINDOWS\system32\CatRoot2
2012-10-12 12:37:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Landi11-original
2012-10-12 12:37:15 ----D---- C:\WINDOWS\Minidump
2012-10-12 12:37:11 ----D---- C:\WINDOWS
2012-10-12 12:27:02 ----D---- C:\WINDOWS\system32\NtmsData
2012-10-12 12:11:35 ----D---- C:\WINDOWS\Registration
2012-10-12 12:00:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-10-12 11:58:25 ----SHD---- C:\WINDOWS\Installer
2012-10-12 11:58:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2012-10-12 11:58:24 ----D---- C:\Config.Msi
2012-10-12 11:58:22 ----D---- C:\Program Files\Common Files
2012-10-12 11:58:17 ----D---- C:\Documents and Settings\jarda\Data aplikací\Skype
2012-10-12 08:11:21 ----D---- C:\WINDOWS\system32
2012-10-11 07:26:52 ----HD---- C:\WINDOWS\inf
2012-10-11 07:26:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-10-11 07:24:39 ----A---- C:\WINDOWS\system32\MRT.exe
2012-10-11 07:24:31 ----A---- C:\WINDOWS\imsins.BAK
2012-10-11 06:42:10 ----HD---- C:\WINDOWS\$hf_mig$
2012-10-10 10:44:30 ----D---- C:\POMPO
2012-10-07 14:17:45 ----D---- C:\Documents and Settings\jarda\Data aplikací\vlc
2012-10-07 14:16:23 ----D---- C:\Documents and Settings\jarda\Data aplikací\dvdcss
2012-09-30 13:38:34 ----D---- C:\Program Files\Mozilla Firefox
2012-09-22 03:01:22 ----D---- C:\Program Files\Internet Explorer
2012-09-22 03:01:10 ----D---- C:\WINDOWS\ie8updates
2012-09-18 08:03:44 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-09-14 09:51:22 ----A---- C:\WINDOWS\BRWMARK.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-06-28 138192]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2010-02-02 39296]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-06-28 66616]
R2 BrPar;BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [2000-07-24 19537]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-01-09 601100]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-04-14 701440]
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
R3 FETNDIS;VIA Rhine Family Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2002-09-11 40448]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\WINDOWS\System32\Drivers\ssadadb.sys [2011-10-27 30312]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\ssadbus.sys [2011-10-27 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys [2011-10-27 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\WINDOWS\system32\DRIVERS\ssadmdm.sys [2011-10-27 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\ssadserd.sys [2011-10-27 114280]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2011-06-28 340136]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-06-28 269480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-06-28 428200]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-29 153376]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-20 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-20 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-17 194032]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-13 114144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

[vyosek]

Zdravim a pekny den preji

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Search
• Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

[heximp]

Vystup z Erkill :

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/12/2012 05:03:14 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\SOUNDMAN.EXE (PID: 1808) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 10/12/2012 05:03:57 PM
Execution time: 0 hours(s), 0 minute(s), and 43 seconds(s)

[heximp]

vystup z adw :

# AdwCleaner v2.004 - Logfile created 10/12/2012 at 17:07:39
# Updated 06/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : jarda - JH-3CF878AD3014
# Boot Mode : Normal
# Running from : C:\Documents and Settings\jarda\Plocha\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\extensions\pdfforge@mybrowserbar.com
File Found : C:\Program Files\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
File Found : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Found : C:\Documents and Settings\jarda\Data aplikací\pdfforge
Folder Found : C:\Documents and Settings\jarda\Data aplikací\Search Settings
Folder Found : C:\Program Files\Application Updater
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\Common Files\spigot
Folder Found : C:\Program Files\pdfforge Toolbar
Folder Found : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\AskBarDis
Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
Key Found : HKCU\Software\AppDataLow\Software\pdfforge
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\7A931B0A5D8E8E947AFB2124E1562280
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0B139A7-E8D5-49E8-A7BF-12421E652208}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0B139A7-E8D5-49E8-A7BF-12421E652208}
Key Found : HKLM\Software\pdfforge
Key Found : HKLM\Software\Search Settings
Key Found : HKU\S-1-5-21-1085031214-1409082233-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-1085031214-1409082233-1417001333-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [6556 octets] - [12/10/2012 17:07:39]

########## EOF - C:\AdwCleaner[R1].txt - [6616 octets] ##########

[vyosek]

Spustte znovu AdwCleaner

• Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Delete
• PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

[heximp]

posilam AdwCleaner

# AdwCleaner v2.004 - Logfile created 10/12/2012 at 18:02:07
# Updated 06/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : jarda - JH-3CF878AD3014
# Boot Mode : Normal
# Running from : C:\Documents and Settings\jarda\Plocha\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\extensions\pdfforge@mybrowserbar.com
File Deleted : C:\Program Files\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Deleted : C:\Documents and Settings\jarda\Data aplikací\pdfforge
Folder Deleted : C:\Documents and Settings\jarda\Data aplikací\Search Settings
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Program Files\pdfforge Toolbar
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\7A931B0A5D8E8E947AFB2124E1562280
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0B139A7-E8D5-49E8-A7BF-12421E652208}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0B139A7-E8D5-49E8-A7BF-12421E652208}
Key Deleted : HKLM\Software\pdfforge
Key Deleted : HKLM\Software\Search Settings
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [6386 octets] - [12/10/2012 18:02:07]

########## EOF - C:\AdwCleaner[S1].txt - [6446 octets] ##########

[heximp]

Zdravim, tak jestli je to vyresene, tak moc dekuji a preji at se Vam dari.

[vyosek]

A mohu vedet jak? kroky co jsem zadal urcite nesmazaly puvodce a pricinu rozesilani

[heximp]

Aha. Sorry. Co mam prosim udelat nyni?

[vyosek]

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[heximp]

Posilam Rkill

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/14/2012 04:18:48 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\SOUNDMAN.EXE (PID: 1888) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 10/14/2012 04:19:31 PM
Execution time: 0 hours(s), 0 minute(s), and 43 seconds(s)

[vyosek]

Fajn a poprosim o ComboFix

[heximp]

Uz to posilam. Ono to totiz jelo 10 hodin od vcerejska.

ComboFix 12-10-14.03 - jarda 14.10.2012 16:41:38.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1559 [GMT 2:00]
Spuštěný z: c:\documents and settings\jarda\Plocha\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\jarda\LOCALS~1\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll
c:\documents and settings\jarda\Data aplikací\12A.exe
c:\documents and settings\jarda\Data aplikací\22.exe
c:\documents and settings\jarda\Data aplikací\24.exe
c:\documents and settings\jarda\Data aplikací\291.exe
c:\documents and settings\jarda\Data aplikací\294.exe
c:\documents and settings\jarda\Data aplikací\298.exe
c:\documents and settings\jarda\Data aplikací\29B.exe
c:\documents and settings\jarda\Data aplikací\29E.exe
c:\documents and settings\jarda\Data aplikací\3A.exe
c:\documents and settings\jarda\Data aplikací\3DAC.exe
c:\documents and settings\jarda\Data aplikací\3DBA.exe
c:\documents and settings\jarda\Data aplikací\3DE0.exe
c:\documents and settings\jarda\Data aplikací\3EA9.exe
c:\documents and settings\jarda\Data aplikací\56.exe
c:\documents and settings\jarda\Data aplikací\6.exe
c:\documents and settings\jarda\Local Settings\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll
c:\documents and settings\jarda\Plocha\Setup.exe
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\ST6UNST.000
c:\windows\system32\muzapp.exe
c:\windows\system32\roboot.exe
c:\windows\system32\SET2977.tmp
c:\windows\system32\SET297B.tmp
c:\windows\system32\SET2983.tmp
c:\windows\system32\TZLog.log
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-14 do 2012-10-14 )))))))))))))))))))))))))))))))
.
.
2012-10-13 01:08 . 2012-10-13 01:08 47104 ----a-w- c:\documents and settings\jarda\Data aplikací\37.exe
2012-10-12 23:53 . 2012-10-12 23:53 47104 ----a-w- c:\documents and settings\jarda\Data aplikací\36.exe
2012-10-12 23:30 . 2012-10-12 23:30 47104 ----a-w- c:\documents and settings\jarda\Data aplikací\35.exe
2012-10-12 23:07 . 2012-10-12 23:07 47104 ----a-w- c:\documents and settings\jarda\Data aplikací\34.exe
2012-10-12 22:45 . 2012-10-12 22:45 47104 ----a-w- c:\documents and settings\jarda\Data aplikací\33.exe
2012-10-12 21:42 . 2012-10-12 21:42 44032 ----a-w- c:\documents and settings\jarda\Data aplikací\31.exe
2012-10-12 18:53 . 2012-10-12 18:53 47104 ----a-w- c:\documents and settings\jarda\Data aplikací\30.exe
2012-10-12 18:29 . 2012-10-12 18:29 47104 ----a-w- c:\documents and settings\jarda\Data aplikací\2F.exe
2012-10-12 18:05 . 2012-10-12 18:05 47104 ----a-w- c:\documents and settings\jarda\Data aplikací\2E.exe
2012-10-12 17:43 . 2012-10-12 17:43 47104 ----a-w- c:\documents and settings\jarda\Data aplikací\2D.exe
2012-10-12 15:03 . 2012-10-12 22:05 44032 ----a-w- c:\documents and settings\jarda\Data aplikací\32.exe
2012-10-12 13:17 . 2012-10-12 13:17 47104 ----a-w- c:\documents and settings\jarda\Data aplikací\15.exe
2012-10-12 12:18 . 2012-10-12 12:18 47104 ----a-w- c:\documents and settings\jarda\Data aplikací\13.exe
2012-10-12 11:55 . 2012-10-12 11:55 47104 ----a-w- c:\documents and settings\jarda\Data aplikací\12.exe
2012-10-12 11:32 . 2012-10-12 11:32 47104 ----a-w- c:\documents and settings\jarda\Data aplikací\20.exe
2012-10-12 11:09 . 2012-10-12 11:09 47104 ----a-w- c:\documents and settings\jarda\Data aplikací\1E.exe
2012-10-12 10:51 . 2012-10-12 10:51 -------- d-----w- c:\program files\trend micro
2012-10-12 10:51 . 2012-10-12 10:51 -------- d-----w- C:\rsit
2012-10-12 10:46 . 2012-10-12 16:05 47104 ----a-w- c:\documents and settings\jarda\Data aplikací\F.exe
2012-10-12 10:39 . 2012-10-12 10:39 47104 ----a-w- c:\documents and settings\jarda\Data aplikací\E.exe
2012-10-12 10:23 . 2012-10-12 10:23 47104 ----a-w- c:\documents and settings\jarda\Data aplikací\D.exe
2012-10-12 10:06 . 2012-10-12 14:11 47104 ----a-w- c:\documents and settings\jarda\Data aplikací\4.exe
2012-10-12 10:00 . 2012-10-12 10:00 47104 ----a-w- c:\documents and settings\jarda\Data aplikací\40BC.exe
2012-10-12 09:37 . 2012-10-12 09:37 47104 ----a-w- c:\documents and settings\jarda\Data aplikací\408C.exe
2012-10-12 09:14 . 2012-10-12 09:14 47104 ----a-w- c:\documents and settings\jarda\Data aplikací\408A.exe
2012-10-12 08:51 . 2012-10-12 08:51 47104 ----a-w- c:\documents and settings\jarda\Data aplikací\407F.exe
2012-10-12 08:28 . 2012-10-12 08:28 47104 ----a-w- c:\documents and settings\jarda\Data aplikací\407B.exe
2012-10-12 08:04 . 2012-10-12 08:04 47104 ----a-w- c:\documents and settings\jarda\Data aplikací\407A.exe
2012-10-12 07:42 . 2012-10-12 07:42 47104 ----a-w- c:\documents and settings\jarda\Data aplikací\4078.exe
2012-10-12 07:00 . 2012-10-12 07:00 47104 ----a-w- c:\documents and settings\jarda\Data aplikací\4060.exe
2012-10-12 04:46 . 2012-10-12 04:46 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 15:18 . 2008-04-14 03:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2008-04-14 03:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2008-04-14 03:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 03:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-14 03:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2008-04-14 08:06 2071808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-23 06:27 . 2008-04-14 03:00 2195072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-13 05:25 . 2012-08-28 05:51 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2012-09-13 23069600]
"FreeCall"="c:\program files\FreeCall.com\FreeCall\FreeCall.exe" [2012-09-13 23248288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-20 39408]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-11-29 935312]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-11-29 21392]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-11-05 144384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-29 149280]
"SetDefPrt"="c:\program files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-11-29 3508624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\jarda\Nabídka Start\Programy\Po spuštění\
Landi 11.lnk - c:\program files\landi 11\Landi11.exe [2012-1-8 2764632]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [2.2.2010 18:49 39296]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [27.3.2011 12:26 340136]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27.3.2011 12:26 136360]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [27.3.2011 12:26 428200]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20.7.2011 19:47 136176]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [26.12.2011 10:05 30312]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20.7.2011 19:47 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [28.8.2012 7:51 114144]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [26.12.2011 10:05 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [26.12.2011 10:05 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [26.12.2011 10:05 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [26.12.2011 10:05 114280]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-20 17:47]
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-20 17:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 10.0.0.1 80.251.240.33
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... ctivex.cab
FF - ProfilePath - c:\documents and settings\jarda\Data aplikací\Mozilla\Firefox\Profiles\92qfc6qz.default\
FF - ExtSQL: 2012-08-22 08:23; {ea614400-e918-4741-9a97-7a972ff7c30b}; c:\documents and settings\jarda\Data aplikací\Mozilla\Firefox\Profiles\92qfc6qz.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - ExtSQL: !HIDDEN! 2012-08-04 12:08; {ea614400-e918-4741-9a97-7a972ff7c30b}; c:\program files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-TaskTray - (no file)
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-14 21:49
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(704)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(3484)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SOUNDMAN.EXE
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2012-10-14 21:55:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-14 19:55
.
Před spuštěním: Volných bajtů: 11 252 584 448
Po spuštění: Volných bajtů: 12 227 477 504
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - BB20E056FBDEF920FFC4FF4E349ECC28

[vyosek]

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :files
  c:\documents and settings\jarda\Data aplikací\*.exe
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [EMPTYJAVA]

• Kliknete na cervene tlacitko MoveIt!
• Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

[heximp]

posilam OTM log

All processes killed
========== FILES ==========
c:\documents and settings\jarda\Data aplikací\12.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\13.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\15.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\1E.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\20.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\2D.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\2E.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\2F.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\30.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\31.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\32.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\33.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\34.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\35.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\36.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\37.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\4.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\4060.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\4078.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\407A.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\407B.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\407F.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\408A.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\408C.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\40BC.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\D.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\E.exe moved successfully.
c:\documents and settings\jarda\Data aplikací\F.exe moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\msdownld.tmp folder moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: jarda
->Temp folder emptied: 683199 bytes
->Temporary Internet Files folder emptied: 35015112 bytes
->Java cache emptied: 35163193 bytes
->FireFox cache emptied: 564593201 bytes
->Flash cache emptied: 61219 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 90 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 606,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: jarda
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: jarda
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 10152012_111733

Files moved on Reboot...

Registry entries deleted on Reboot...