Trojský kůň

Zpráva

StandaM. · #1 Příspěvek od **StandaM.** » 15 zář 2013 13:45

Dobrý den, dneska jsem testoval pc a našlo mi to vir "Trojský kůň Generic9_c.AKKA" a Trojský kůň Exploit.Java_c.FCQ". Antivir zahlásí, že soubor vyléčil a přesunul do trezoru, ale v dalším testování ho ukáže znovu.

Logfile of random's system information tool 1.08 (written by random/random)
Run by pc at 2013-09-15 14:32:45
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (25%) free of 50 GB
Total RAM: 3068 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:32:59, on 15.9.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Software602\Print2PDF\Print2PDF.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
D:\tiskárna\Digital Imaging\bin\hpohmr08.exe
D:\tiskárna\Digital Imaging\bin\hpotdd01.exe
D:\tiskárna\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ICQ7.4\ICQ.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Hry\Illustrator\Adobe Illustrator CS\Support Files\Contents\Windows\Illustrator.exe
D:\Programy\Photoshop 2\Photoshop.exe
C:\DOCUME~1\pc~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\pc~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Documents and Settings\pc\Plocha\Programy plocha\RSIT.exe
C:\Program Files\trend micro\pc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OutpostMonitor] "C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Print2PDF Print Monitor] "C:\Program Files\Software602\Print2PDF\Print2PDF.exe" /server
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\pc\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2632178952
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Unknown owner - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10421 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1202660629-682003330-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1202660629-682003330-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2013-09-03 68480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-05-20 98304]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2012-01-26 2077536]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-12-23 18077696]
"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-29 413696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"Print2PDF Print Monitor"=C:\Program Files\Software602\Print2PDF\Print2PDF.exe [2011-10-04 220992]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Google Update"=C:\Documents and Settings\pc\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
hp psc 1000 series.lnk - D:\tiskárna\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - D:\tiskárna\Digital Imaging\bin\hpotdd01.exe

C:\Documents and Settings\pc\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-10-26 188416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2011-09-16 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"LegalNoticeText"=
"LegalNoticeCaption"=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"D:\Hry\Pi\Programs\RM.exe"="D:\Hry\Pi\Programs\RM.exe:*:Enabled:Render Manager"
"D:\Hry\Pi\Programs\Studio.exe"="D:\Hry\Pi\Programs\Studio.exe:*:Enabled:Studio"
"D:\Hry\Pi\Programs\umi.exe"="D:\Hry\Pi\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Common Files\soft602\langserv.exe"="C:\Program Files\Common Files\soft602\langserv.exe:*:Enabled:Software602 Spell Checker"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\Hry\Aliens\Aliens Colonial Marines\Binaries\Win32\ACM.exe"="D:\Hry\Aliens\Aliens Colonial Marines\Binaries\Win32\ACM.exe:*:Disabled:Aliens: Colonial Marines"
"D:\Hry\GTA 4\GTAIV.exe"="D:\Hry\GTA 4\GTAIV.exe:*:Disabled:Grand Theft Auto IV"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

======File associations======

.ini - open - notepad.exe %1
.js - edit -
.js - open -
.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -
.txt - open - notepad.exe %1

======List of files/folders created in the last 1 months======

2013-09-12 16:18:11 ----A---- C:\WINDOWS\system32\gdiplus.dll
2013-09-11 20:39:09 ----RHD---- C:\Documents and Settings\pc\Data aplikací\SecuROM
2013-09-11 20:38:55 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2013-08-25 10:58:39 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 months======

2013-09-15 14:32:54 ----D---- C:\Program Files\trend micro
2013-09-15 14:32:53 ----D---- C:\WINDOWS\Prefetch
2013-09-15 14:14:53 ----D---- C:\WINDOWS\temp
2013-09-15 14:02:26 ----D---- C:\Documents and Settings\pc\Data aplikací\Adobe
2013-09-15 14:02:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2013-09-15 13:58:37 ----D---- C:\WINDOWS\Microsoft.NET
2013-09-15 13:15:44 ----D---- C:\WINDOWS\system32\drivers\Avg
2013-09-15 01:19:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-09-12 20:54:29 ----D---- C:\WINDOWS\system32\CatRoot2
2013-09-12 16:30:46 ----RD---- C:\Program Files
2013-09-12 16:30:20 ----D---- C:\WINDOWS\system32
2013-09-12 16:12:04 ----HD---- C:\Program Files\InstallShield Installation Information
2013-09-11 12:52:26 ----SHD---- C:\WINDOWS\Installer
2013-09-10 22:06:10 ----HD---- C:\WINDOWS\inf
2013-09-08 15:07:22 ----RSD---- C:\WINDOWS\Fonts
2013-09-08 12:32:08 ----D---- C:\WINDOWS
2013-09-07 15:29:05 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2013-09-07 15:28:57 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2013-09-07 15:28:53 ----D---- C:\WINDOWS\system32\DirectX
2013-09-07 15:27:28 ----RSD---- C:\WINDOWS\assembly
2013-09-07 15:26:36 ----D---- C:\WINDOWS\WinSxS
2013-09-04 11:52:29 ----D---- C:\Documents and Settings\pc\Data aplikací\ICQ
2013-08-29 12:28:54 ----D---- C:\Documents and Settings\pc\Data aplikací\vlc
2013-08-26 13:04:49 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-08-25 10:03:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2004-10-19 28207]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2005-09-14 20016]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-03-03 48640]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-02-23 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-04-19 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2010-02-07 82380]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2013-01-16 226016]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2011-09-16 29712]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2011-05-06 243152]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SandBox;SandBox; \??\C:\WINDOWS\system32\drivers\SandBox.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-04-25 281760]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-04-25 25888]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-10-26 7412736]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-11-19 95232]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2004-10-19 20096]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2004-09-21 10804]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\WINDOWS\system32\DRIVERS\e1y5132.sys [2008-11-21 238736]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2008-03-28 40832]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-12-23 4967424]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 tap0901_2gm;VPN Anonymizer Adapter; C:\WINDOWS\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2004-11-05 82148]
S2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 afw;Agnitum firewall driver; C:\WINDOWS\system32\DRIVERS\afw.sys [2011-03-28 32472]
S3 afwcore;afwcore; C:\WINDOWS\system32\drivers\afwcore.sys [2011-05-10 284632]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 arf1lsj4;arf1lsj4; C:\WINDOWS\system32\drivers\arf1lsj4.sys []
S3 ASWFilt;ASWFilt; \??\C:\WINDOWS\system32\Filt\ASWFilt.dll []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-01-17 23000]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\WINDOWS\system32\drivers\BTNetFilter.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-04-07 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-04-07 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-04-07 21456]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-07-09 52096]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-14 163584]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2009-07-22 28592]
S3 taphss;Anchorfree HSS Adapter; C:\WINDOWS\system32\DRIVERS\taphss.sys [2011-05-25 32768]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S3 ZSMC301b;Philips SPC 300NC PC Camera; C:\WINDOWS\System32\Drivers\usbVM31b.sys [2005-01-26 91527]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-10-26 643072]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-18 308136]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-01-27 106496]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2013-09-07 76888]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2013-09-07 189248]
R2 wlidsvc;Windows Live ID Sign-in Assistant; c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-07-12 72704]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe []
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-05-15 593920]
S2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-12-21 74360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe []
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-08-25 117656]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-04-07 65795]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **cernohous13** » 15 zář 2013 14:17

Zdravím,

tak se na to podíváme

Stáhni si zde : ComboFix
a ulož ho na plochu.
návod na použití: http://www.bleepingcomputer.com/combofi ... t-combofix
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Odmítni stažení Konzole...
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud vyskočí hláška "Pokus použít neplatnou operaci na klíč registru, který je označen pro odstranění", tak jen restartuj PC - registr se dá do kupy
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a "Poslední známá funkční konfigurace"

StandaM. · #3 Příspěvek od **StandaM.** » 15 zář 2013 14:43

ComboFix 13-09-14.01 - pc 15.09.2013 15:29:33.7.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3068.2246 [GMT 2:00]
Spuštěný z: c:\documents and settings\pc\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\frapsvid.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-15 do 2013-09-15 )))))))))))))))))))))))))))))))
.
.
2013-09-12 14:18 . 2013-09-12 14:18 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2013-09-12 12:32 . 2013-09-12 12:32 -------- d-----w- c:\documents and settings\pc\Local Settings\Data aplikací\Rockstar Games
2013-09-12 10:49 . 2013-09-12 10:49 -------- d-----w- c:\documents and settings\pc\Local Settings\Data aplikací\GHISLER
2013-09-11 18:39 . 2013-09-11 18:39 -------- d--h--r- c:\documents and settings\pc\Data aplikací\SecuROM
2013-09-11 18:38 . 2013-09-12 14:30 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-07 13:29 . 2013-02-24 17:42 138904 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-09-07 13:29 . 2010-02-03 18:53 138904 ----a-w- c:\documents and settings\pc\Data aplikací\PnkBstrK.sys
2013-09-07 13:29 . 2013-02-24 17:42 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-09-07 13:28 . 2010-02-03 18:52 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-09-07 13:28 . 2013-02-24 17:42 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
c:\program files\Agnitum\Outpost Firewall Pro\op_shell.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-23 18077696]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [BU]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2011-10-04 220992]
.
c:\documents and settings\pc\Nabídka Start\Programy\Po spuštění\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 110592]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 110592]
Akcelerátor spuštění AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-2-25 10872]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2010-1-29 1048576]
hp psc 1000 series.lnk - d:\tiskárna\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - d:\tiskárna\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2011-09-16 09:34 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Hry\\Pi\\Programs\\RM.exe"=
"d:\\Hry\\Pi\\Programs\\Studio.exe"=
"d:\\Hry\\Pi\\Programs\\umi.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.1.2010 21:20 691696]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12.1.2010 21:30 226016]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12.1.2010 21:30 243152]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [23.6.2011 15:44 764880]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [29.1.2012 21:07 85344]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [24.2.2010 12:22 185472]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [18.7.2010 15:57 308136]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [19.12.2009 5:25 238736]
R3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 17:21 30720]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe --> c:\progra~1\Agnitum\OUTPOS~1\acs.exe [?]
S3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [23.6.2011 15:43 32472]
S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [23.6.2011 15:44 284632]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [20.3.2010 14:00 1684736]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [23.6.2011 15:44 78656]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 1.1.1.1 1.1.1.17
FF - ProfilePath - c:\documents and settings\pc\Data aplikací\Mozilla\Firefox\Profiles\yvjhki4y.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - ExtSQL: !HIDDEN! 2010-08-20 11:07; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.txt=UltraEdit.txt
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-15 15:36
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1292428093-1202660629-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1292428093-1202660629-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:46,b1,8f,46,69,6e,1f,02,04,1b,75,e4,bd,95,6a,f7,d9,69,88,03,50,
7d,8b,34,69,88,13,a5,48,c5,21,57,cb,3f,b0,9c,e9,e3,8d,fb,a9,59,6f,cf,58,73,\
"rkeysecu"=hex:72,e9,54,cf,97,44,22,0a,3d,92,b7,0b,37,e8,26,aa
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1060)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2013-09-15 15:40:40
ComboFix-quarantined-files.txt 2013-09-15 13:40
ComboFix2.txt 2012-02-23 17:02
ComboFix3.txt 2011-07-21 18:09
.
Před spuštěním: Volných bajtů: 15 358 578 688
Po spuštění: Volných bajtů: 15 408 304 128
.
- - End Of File - - DA3439A184FB2E4E87A332F059544E9B
413FC2A0C716421B3158746D63736515

#4 Příspěvek od **cernohous13** » 15 zář 2013 15:26

pár otázek

- Outpost Firewall Pro je funkční?
- McAfee Security Scan používáš?
u obou vidím nějaké podivnosti

- AVG ti neukáže kde tu nákazu našel?

StandaM. · #5 Příspěvek od **StandaM.** » 15 zář 2013 16:18

Outpost Firewall Pro je funkční?

- netuším

McAfee Security Scan používáš?

- nepoužívám

AVG ti neukáže kde tu nákazu našel?

- Ukázal, smazal jsem soubory u kterých hlásil chybu, znovu jsem udělal kontrolu AVG a už mi to nic nenašlo. Tak snad už dobrý

#6 Příspěvek od **cernohous13** » 15 zář 2013 16:35

Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFScriptu".
Soubor ulož na plochu jako CFScript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

ComboFix se spustí - počkej na log a vlož ho sem.

CFScript

Kód: Vybrat vše

KillAll::

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OutpostMonitor"=-
"QuickTime Task"=-
"Adobe ARM"=-

Folder::
c:\program files\Agnitum
c:\program files\McAfee Security Scan

Driver::
acssrv
afw
McComponentHostService
afwcore
ASWFilt

RegNull::
[HKEY_USERS\S-1-5-21-1292428093-1202660629-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
[HKEY_USERS\S-1-5-21-1292428093-1202660629-682003330-1003\Software\SecuROM\License information*]

po logu budeme pokračovat - ještě nemáme hotovo

StandaM. · #7 Příspěvek od **StandaM.** » 15 zář 2013 17:09

ComboFix 13-09-14.01 - pc 15.09.2013 17:47:03.8.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3068.2180 [GMT 2:00]
Spuštěný z: c:\documents and settings\pc\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\pc\Plocha\CFScript.txt
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Agnitum\Outpost Firewall Pro\__preset.conf
c:\program files\Agnitum\Outpost Firewall Pro\acs.de
c:\program files\Agnitum\Outpost Firewall Pro\acs.es
c:\program files\Agnitum\Outpost Firewall Pro\acs.fr
c:\program files\Agnitum\Outpost Firewall Pro\acs.ru
c:\program files\Agnitum\Outpost Firewall Pro\ads_link.inet75
c:\program files\Agnitum\Outpost Firewall Pro\amw.inet75
c:\program files\Agnitum\Outpost Firewall Pro\ASWFilt.cat
c:\program files\Agnitum\Outpost Firewall Pro\ASWFilt.inf
c:\program files\Agnitum\Outpost Firewall Pro\clean.exe
c:\program files\Agnitum\Outpost Firewall Pro\compatibility.de
c:\program files\Agnitum\Outpost Firewall Pro\compatibility.en
c:\program files\Agnitum\Outpost Firewall Pro\compatibility.es
c:\program files\Agnitum\Outpost Firewall Pro\compatibility.fr
c:\program files\Agnitum\Outpost Firewall Pro\compatibility.ru
c:\program files\Agnitum\Outpost Firewall Pro\configuration.backup
c:\program files\Agnitum\Outpost Firewall Pro\configuration.conf
c:\program files\Agnitum\Outpost Firewall Pro\crit_localize.de
c:\program files\Agnitum\Outpost Firewall Pro\crit_localize.es
c:\program files\Agnitum\Outpost Firewall Pro\crit_localize.fr
c:\program files\Agnitum\Outpost Firewall Pro\crit_localize.ru
c:\program files\Agnitum\Outpost Firewall Pro\critical_objects.inet75
c:\program files\Agnitum\Outpost Firewall Pro\EULA.txt
c:\program files\Agnitum\Outpost Firewall Pro\EULA_en.txt
c:\program files\Agnitum\Outpost Firewall Pro\feedback.de
c:\program files\Agnitum\Outpost Firewall Pro\feedback.es
c:\program files\Agnitum\Outpost Firewall Pro\feedback.fr
c:\program files\Agnitum\Outpost Firewall Pro\feedback.ru
c:\program files\Agnitum\Outpost Firewall Pro\help\ofp_de.chm
c:\program files\Agnitum\Outpost Firewall Pro\help\ofp_en.chm
c:\program files\Agnitum\Outpost Firewall Pro\help\ofp_es.chm
c:\program files\Agnitum\Outpost Firewall Pro\help\ofp_fr.chm
c:\program files\Agnitum\Outpost Firewall Pro\help\ofp_ru.chm
c:\program files\Agnitum\Outpost Firewall Pro\html_ui.de
c:\program files\Agnitum\Outpost Firewall Pro\html_ui.es
c:\program files\Agnitum\Outpost Firewall Pro\html_ui.fr
c:\program files\Agnitum\Outpost Firewall Pro\html_ui.ru
c:\program files\Agnitum\Outpost Firewall Pro\html_view\advice_no_process.html
c:\program files\Agnitum\Outpost Firewall Pro\html_view\advice_process.html
c:\program files\Agnitum\Outpost Firewall Pro\html_view\alert.html
c:\program files\Agnitum\Outpost Firewall Pro\html_view\firewall_plugin!ids.html
c:\program files\Agnitum\Outpost Firewall Pro\html_view\firewall_plugin!network_activity.html
c:\program files\Agnitum\Outpost Firewall Pro\html_view\firewall_plugin!open_ports.html
c:\program files\Agnitum\Outpost Firewall Pro\html_view\firewall_plugin.html
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\alert_close.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\amw.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\asm.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\block.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\block2.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\blockred.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\border_support.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\button-back-active.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\button-back-hover.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\button-back.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\def_app.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\fw.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\gray_alert_caption_bk.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\gray_alert_icon.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\green_alert_caption_bk.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\green_alert_icon.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\hilight_link.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\hp.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\lamp.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\logs.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\arrow.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\arrow_link.jpg
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\green.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\logo.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\orange.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\red.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\table_green.jpg
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\table_green\bl.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\table_green\blank.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\table_green\bottom.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\table_green\br.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\table_green\tl.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\table_green\top.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\table_green\tr.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\table_orange.jpg
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\table_red.jpg
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\table_red\bl.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\table_red\blank.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\table_red\bottom.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\table_red\br.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\table_red\tl.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\table_red\top.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\table_red\tr.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\table_yellow\bl.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\table_yellow\blank.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\table_yellow\bottom.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\table_yellow\br.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\table_yellow\tl.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\table_yellow\top.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\main2\table_yellow\tr.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\red_alert_caption_bk.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\red_alert_icon.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\table.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\tree_bg.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\tree_hdiv.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\web.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\yellow_alert_caption_bk.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\img\yellow_alert_icon.png
c:\program files\Agnitum\Outpost Firewall Pro\html_view\logs_plugin.html
c:\program files\Agnitum\Outpost Firewall Pro\html_view\logs_plugin_main.html
c:\program files\Agnitum\Outpost Firewall Pro\html_view\malware_plugin!quarantine.html
c:\program files\Agnitum\Outpost Firewall Pro\html_view\malware_plugin.html
c:\program files\Agnitum\Outpost Firewall Pro\html_view\mysecurity_plugin.html
c:\program files\Agnitum\Outpost Firewall Pro\html_view\news.html
c:\program files\Agnitum\Outpost Firewall Pro\html_view\privacy_protection!content.html
c:\program files\Agnitum\Outpost Firewall Pro\html_view\privacy_protection!general.html
c:\program files\Agnitum\Outpost Firewall Pro\html_view\privacy_protection!general_av.html
c:\program files\Agnitum\Outpost Firewall Pro\html_view\sandbox_plugin!file_registry_activity.html
c:\program files\Agnitum\Outpost Firewall Pro\html_view\sandbox_plugin!processes-activity.html
c:\program files\Agnitum\Outpost Firewall Pro\html_view\sandbox_plugin.html
c:\program files\Agnitum\Outpost Firewall Pro\html_view\styles.css
c:\program files\Agnitum\Outpost Firewall Pro\html_view\tree_bottom.html
c:\program files\Agnitum\Outpost Firewall Pro\html_view\tree_view.html
c:\program files\Agnitum\Outpost Firewall Pro\ie_bar.de
c:\program files\Agnitum\Outpost Firewall Pro\ie_bar.es
c:\program files\Agnitum\Outpost Firewall Pro\ie_bar.fr
c:\program files\Agnitum\Outpost Firewall Pro\ie_bar.ru
c:\program files\Agnitum\Outpost Firewall Pro\improve_net_report.xm~
c:\program files\Agnitum\Outpost Firewall Pro\license
c:\program files\Agnitum\Outpost Firewall Pro\log\acs.log
c:\program files\Agnitum\Outpost Firewall Pro\log\amw.log
c:\program files\Agnitum\Outpost Firewall Pro\log\antileak.log
c:\program files\Agnitum\Outpost Firewall Pro\log\antileak_rules.log
c:\program files\Agnitum\Outpost Firewall Pro\log\app_scaner.log
c:\program files\Agnitum\Outpost Firewall Pro\log\comps.log
c:\program files\Agnitum\Outpost Firewall Pro\log\content.log
c:\program files\Agnitum\Outpost Firewall Pro\log\context.log
c:\program files\Agnitum\Outpost Firewall Pro\log\hst_parser.log
c:\program files\Agnitum\Outpost Firewall Pro\log\http_headers.log
c:\program files\Agnitum\Outpost Firewall Pro\log\http_service.log
c:\program files\Agnitum\Outpost Firewall Pro\log\improve_net.log
c:\program files\Agnitum\Outpost Firewall Pro\log\mac.log
c:\program files\Agnitum\Outpost Firewall Pro\log\net.0
c:\program files\Agnitum\Outpost Firewall Pro\log\net.log
c:\program files\Agnitum\Outpost Firewall Pro\log\netstat4.log
c:\program files\Agnitum\Outpost Firewall Pro\log\op_import.log
c:\program files\Agnitum\Outpost Firewall Pro\log\presets_acs.0
c:\program files\Agnitum\Outpost Firewall Pro\log\presets_acs.log
c:\program files\Agnitum\Outpost Firewall Pro\log\profiler.0
c:\program files\Agnitum\Outpost Firewall Pro\log\profiler.log
c:\program files\Agnitum\Outpost Firewall Pro\log\protect.log
c:\program files\Agnitum\Outpost Firewall Pro\log\rdb.log
c:\program files\Agnitum\Outpost Firewall Pro\log\rules.0
c:\program files\Agnitum\Outpost Firewall Pro\log\rules.log
c:\program files\Agnitum\Outpost Firewall Pro\log\sandbox.log
c:\program files\Agnitum\Outpost Firewall Pro\log\spa.log
c:\program files\Agnitum\Outpost Firewall Pro\log\spae.log
c:\program files\Agnitum\Outpost Firewall Pro\log\sysmon_events.log
c:\program files\Agnitum\Outpost Firewall Pro\log\system.0
c:\program files\Agnitum\Outpost Firewall Pro\log\system.log
c:\program files\Agnitum\Outpost Firewall Pro\log\update.log
c:\program files\Agnitum\Outpost Firewall Pro\log\update_syntax_err.log
c:\program files\Agnitum\Outpost Firewall Pro\log\uvp.log
c:\program files\Agnitum\Outpost Firewall Pro\machine.conf
c:\program files\Agnitum\Outpost Firewall Pro\machine.ini
c:\program files\Agnitum\Outpost Firewall Pro\modules.0
c:\program files\Agnitum\Outpost Firewall Pro\modules.conf
c:\program files\Agnitum\Outpost Firewall Pro\modules.ini
c:\program files\Agnitum\Outpost Firewall Pro\news\arrow.jpg
c:\program files\Agnitum\Outpost Firewall Pro\news\directions.jpg
c:\program files\Agnitum\Outpost Firewall Pro\news\index.html
c:\program files\Agnitum\Outpost Firewall Pro\op_cmn.de
c:\program files\Agnitum\Outpost Firewall Pro\op_cmn.es
c:\program files\Agnitum\Outpost Firewall Pro\op_cmn.fr
c:\program files\Agnitum\Outpost Firewall Pro\op_cmn.ru
c:\program files\Agnitum\Outpost Firewall Pro\op_install.de
c:\program files\Agnitum\Outpost Firewall Pro\op_install.es
c:\program files\Agnitum\Outpost Firewall Pro\op_install.fr
c:\program files\Agnitum\Outpost Firewall Pro\op_install.ru
c:\program files\Agnitum\Outpost Firewall Pro\op_links.ini
c:\program files\Agnitum\Outpost Firewall Pro\op_mon.de
c:\program files\Agnitum\Outpost Firewall Pro\op_mon.es
c:\program files\Agnitum\Outpost Firewall Pro\op_mon.fr
c:\program files\Agnitum\Outpost Firewall Pro\op_mon.ru
c:\program files\Agnitum\Outpost Firewall Pro\op_shell.de
c:\program files\Agnitum\Outpost Firewall Pro\op_shell.es
c:\program files\Agnitum\Outpost Firewall Pro\op_shell.fr
c:\program files\Agnitum\Outpost Firewall Pro\op_shell.ru
c:\program files\Agnitum\Outpost Firewall Pro\plugins\antimalware.de
c:\program files\Agnitum\Outpost Firewall Pro\plugins\antimalware.es
c:\program files\Agnitum\Outpost Firewall Pro\plugins\antimalware.fr
c:\program files\Agnitum\Outpost Firewall Pro\plugins\antimalware.ru
c:\program files\Agnitum\Outpost Firewall Pro\plugins\logviewer.de
c:\program files\Agnitum\Outpost Firewall Pro\plugins\logviewer.es
c:\program files\Agnitum\Outpost Firewall Pro\plugins\logviewer.fr
c:\program files\Agnitum\Outpost Firewall Pro\plugins\logviewer.ru
c:\program files\Agnitum\Outpost Firewall Pro\plugins\netstatviewer.de
c:\program files\Agnitum\Outpost Firewall Pro\plugins\netstatviewer.es
c:\program files\Agnitum\Outpost Firewall Pro\plugins\netstatviewer.fr
c:\program files\Agnitum\Outpost Firewall Pro\plugins\netstatviewer.ru
c:\program files\Agnitum\Outpost Firewall Pro\plugins_acs\amw.de
c:\program files\Agnitum\Outpost Firewall Pro\plugins_acs\amw.es
c:\program files\Agnitum\Outpost Firewall Pro\plugins_acs\amw.fr
c:\program files\Agnitum\Outpost Firewall Pro\plugins_acs\amw.ru
c:\program files\Agnitum\Outpost Firewall Pro\plugins_acs\amw\amw_quarantine\quarantine.db
c:\program files\Agnitum\Outpost Firewall Pro\plugins_acs\content.de
c:\program files\Agnitum\Outpost Firewall Pro\plugins_acs\content.es
c:\program files\Agnitum\Outpost Firewall Pro\plugins_acs\content.fr
c:\program files\Agnitum\Outpost Firewall Pro\plugins_acs\content.ru
c:\program files\Agnitum\Outpost Firewall Pro\plugins_acs\downloader.de
c:\program files\Agnitum\Outpost Firewall Pro\plugins_acs\downloader.es
c:\program files\Agnitum\Outpost Firewall Pro\plugins_acs\downloader.fr
c:\program files\Agnitum\Outpost Firewall Pro\plugins_acs\downloader.ru
c:\program files\Agnitum\Outpost Firewall Pro\plugins_acs\firewall.de
c:\program files\Agnitum\Outpost Firewall Pro\plugins_acs\firewall.es
c:\program files\Agnitum\Outpost Firewall Pro\plugins_acs\firewall.fr
c:\program files\Agnitum\Outpost Firewall Pro\plugins_acs\firewall.ru
c:\program files\Agnitum\Outpost Firewall Pro\plugins_acs\hips.de
c:\program files\Agnitum\Outpost Firewall Pro\plugins_acs\hips.es
c:\program files\Agnitum\Outpost Firewall Pro\plugins_acs\hips.fr
c:\program files\Agnitum\Outpost Firewall Pro\plugins_acs\hips.ru
c:\program files\Agnitum\Outpost Firewall Pro\plugins_acs\sand.de
c:\program files\Agnitum\Outpost Firewall Pro\plugins_acs\sand.es
c:\program files\Agnitum\Outpost Firewall Pro\plugins_acs\sand.fr
c:\program files\Agnitum\Outpost Firewall Pro\plugins_acs\sand.ru
c:\program files\Agnitum\Outpost Firewall Pro\preconfig.ini
c:\program files\Agnitum\Outpost Firewall Pro\preset.conf
c:\program files\Agnitum\Outpost Firewall Pro\py_localize.de
c:\program files\Agnitum\Outpost Firewall Pro\py_localize.en
c:\program files\Agnitum\Outpost Firewall Pro\py_localize.en~part
c:\program files\Agnitum\Outpost Firewall Pro\py_localize.en~time
c:\program files\Agnitum\Outpost Firewall Pro\py_localize.es
c:\program files\Agnitum\Outpost Firewall Pro\py_localize.fr
c:\program files\Agnitum\Outpost Firewall Pro\py_localize.ru
c:\program files\Agnitum\Outpost Firewall Pro\rc_macro.lst
c:\program files\Agnitum\Outpost Firewall Pro\SandBox.cat
c:\program files\Agnitum\Outpost Firewall Pro\sandbox.inet75
c:\program files\Agnitum\Outpost Firewall Pro\SandBox.inf
c:\program files\Agnitum\Outpost Firewall Pro\spa.inet75
c:\program files\Agnitum\Outpost Firewall Pro\spae.de
c:\program files\Agnitum\Outpost Firewall Pro\spae.en
c:\program files\Agnitum\Outpost Firewall Pro\spae.es
c:\program files\Agnitum\Outpost Firewall Pro\spae.fr
c:\program files\Agnitum\Outpost Firewall Pro\spae.ru
c:\program files\Agnitum\Outpost Firewall Pro\spy_sitesw.inet75
c:\program files\Agnitum\Outpost Firewall Pro\tempo.py
c:\program files\Agnitum\Outpost Firewall Pro\tempo.pyc
c:\program files\Agnitum\Outpost Firewall Pro\unins000.exe
c:\program files\Agnitum\Outpost Firewall Pro\unins000.msg
c:\program files\Agnitum\Outpost Firewall Pro\update.de
c:\program files\Agnitum\Outpost Firewall Pro\update.es
c:\program files\Agnitum\Outpost Firewall Pro\update.fr
c:\program files\Agnitum\Outpost Firewall Pro\update.ico
c:\program files\Agnitum\Outpost Firewall Pro\update.ru
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\cache\common.py
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\cache\common.py~part
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\cache\common.py~time
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\cache\common.pyc
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\cache\update_bases.py
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\cache\update_bases.py~part
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\cache\update_bases.py~time
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\cache\update_bases.pyc
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\cache\update_news.py
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\cache\update_news.py~time
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\cache\update_news.pyc
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\cache\update_preset.py
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\cache\update_preset.py~part
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\cache\update_preset.py~time
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\cache\update_preset.pyc
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\cache\update_product.py
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\cache\update_product.py~time
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\cache\update_product.pyc
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\ads_link.inet75
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\ads_link.inet75~time
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\amw.inet75
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\amw.inet75~time
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\critical_objects.inet75
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\critical_objects.inet75~time
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\news.zip
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\preset.717.zip
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\preset.717.zip~time
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\presets.cfg
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\presets.cfg~part
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\presets.cfg~time
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\sandbox.inet75
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\sandbox.inet75~time
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\spa.inet75
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\spa.inet75~time
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\spae.en
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\spae.en~part
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\spae.en~time
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\spy.ini
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\spy.ini~part
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\spy.ini~time
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\spy\spy6_inc.sdb
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\spy_sitesw.inet75
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\spy_sitesw.zip
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\spy_sitesw.zip~time
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\spy6_inc.zip
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\spy6_inc.zip~time
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\update_presets.ini
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\update_presets.ini~part
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\update_presets.ini~time
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\vendorsu.inet75
c:\program files\Agnitum\Outpost Firewall Pro\update_oss20\downloaded files\vendorsu.inet75~time
c:\program files\Agnitum\Outpost Firewall Pro\vendorsu.inet75
c:\program files\Agnitum\Outpost Firewall Pro\Warning.wav
c:\program files\Agnitum . . . . nemohl být smazán
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACSSRV
-------\Legacy_AFWCORE
-------\Legacy_MCCOMPONENTHOSTSERVICE
-------\Service_acssrv
-------\Service_afw
-------\Service_afwcore
-------\Service_ASWFilt
-------\Service_McComponentHostService
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-15 do 2013-09-15 )))))))))))))))))))))))))))))))
.
.
2013-09-15 16:04 . 2013-09-15 16:04 8646 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2013-09-15 16:04 . 2013-09-15 16:04 6429 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2013-09-15 16:04 . 2013-09-15 16:04 63115 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2013-09-15 16:04 . 2013-09-15 16:04 4599 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2013-09-15 16:04 . 2013-09-15 16:04 9310 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2013-09-15 16:04 . 2013-09-15 16:04 5927 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2013-09-15 16:04 . 2013-09-15 16:04 8613 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2013-09-12 14:18 . 2013-09-12 14:18 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2013-09-12 12:32 . 2013-09-12 12:32 -------- d-----w- c:\documents and settings\pc\Local Settings\Data aplikací\Rockstar Games
2013-09-12 10:49 . 2013-09-12 10:49 -------- d-----w- c:\documents and settings\pc\Local Settings\Data aplikací\GHISLER
2013-09-11 18:39 . 2013-09-11 18:39 -------- d--h--r- c:\documents and settings\pc\Data aplikací\SecuROM
2013-09-11 18:38 . 2013-09-12 14:30 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-07 13:29 . 2013-02-24 17:42 138904 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-09-07 13:29 . 2010-02-03 18:53 138904 ----a-w- c:\documents and settings\pc\Data aplikací\PnkBstrK.sys
2013-09-07 13:29 . 2013-02-24 17:42 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-09-07 13:28 . 2010-02-03 18:52 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-09-07 13:28 . 2013-02-24 17:42 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
c:\program files\Agnitum\Outpost Firewall Pro\op_shell.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-23 18077696]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [BU]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2011-10-04 220992]
.
c:\documents and settings\pc\Nabídka Start\Programy\Po spuštění\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 110592]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 110592]
Akcelerátor spuštění AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-2-25 10872]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2010-1-29 1048576]
hp psc 1000 series.lnk - d:\tiskárna\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - d:\tiskárna\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2011-09-16 09:34 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Hry\\Pi\\Programs\\RM.exe"=
"d:\\Hry\\Pi\\Programs\\Studio.exe"=
"d:\\Hry\\Pi\\Programs\\umi.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.1.2010 21:20 691696]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12.1.2010 21:30 226016]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12.1.2010 21:30 243152]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [23.6.2011 15:44 764880]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [29.1.2012 21:07 85344]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [24.2.2010 12:22 185472]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [18.7.2010 15:57 308136]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [19.12.2009 5:25 238736]
R3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 17:21 30720]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [20.3.2010 14:00 1684736]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 1.1.1.1 1.1.1.17
FF - ProfilePath - c:\documents and settings\pc\Data aplikací\Mozilla\Firefox\Profiles\yvjhki4y.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - ExtSQL: !HIDDEN! 2010-08-20 11:07; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Agnitum Outpost Firewall Pro_is1 - c:\program files\Agnitum\Outpost Firewall Pro\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-15 18:05
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1292428093-1202660629-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1064)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2188)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
d:\tiskárna\Digital Imaging\bin\hpoevm08.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2013-09-15 18:07:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-09-15 16:07
ComboFix2.txt 2013-09-15 13:40
ComboFix3.txt 2012-02-23 17:02
ComboFix4.txt 2011-07-21 18:09
.
Před spuštěním: Volných bajtů: 15 711 100 928
Po spuštění: Volných bajtů: 15 540 285 440
.
- - End Of File - - BC5E5EC8D6D748E2DF0F7AB5619EB011
413FC2A0C716421B3158746D63736515

#8 Příspěvek od **cernohous13** » 15 zář 2013 17:21

Něco nám zůstalo v registrech

Otevři Poznámkový blok (Notepad) a vlož zelený text ze scriptu.

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OutpostMonitor"=-

Soubor ulož jako -> oprava.reg - Uložit jako typ -> Všechny soubory
Zavři a dvojklikem na ikonu spusť - jen problikne a opraví registry - po akci jej smažeš.

StandaM. · #9 Příspěvek od **StandaM.** » 15 zář 2013 17:25

Provedeno

#10 Příspěvek od **cernohous13** » 15 zář 2013 17:32

Dej nový RSIT a popiš současné problémy - FW dořešíme později

StandaM. · #11 Příspěvek od **StandaM.** » 15 zář 2013 17:45

Žadné problémy už nezaznamenávám

Logfile of random's system information tool 1.08 (written by random/random)
Run by pc at 2013-09-15 18:38:50
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 15 GB (30%) free of 50 GB
Total RAM: 3068 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:39:40, on 15.9.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Software602\Print2PDF\Print2PDF.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
D:\tiskárna\Digital Imaging\bin\hpohmr08.exe
D:\tiskárna\Digital Imaging\bin\hpotdd01.exe
D:\tiskárna\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ICQ7.4\ICQ.exe
C:\Documents and Settings\pc\Plocha\Programy plocha\RSIT.exe
C:\Program Files\trend micro\pc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OutpostMonitor] "C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice
O4 - HKLM\..\Run: [Print2PDF Print Monitor] "C:\Program Files\Software602\Print2PDF\Print2PDF.exe" /server
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2632178952
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9110 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2013-09-03 68480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-05-20 98304]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2012-01-26 2077536]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-12-23 18077696]
"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice []
"Print2PDF Print Monitor"=C:\Program Files\Software602\Print2PDF\Print2PDF.exe [2011-10-04 220992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
hp psc 1000 series.lnk - D:\tiskárna\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - D:\tiskárna\Digital Imaging\bin\hpotdd01.exe

C:\Documents and Settings\pc\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-10-26 188416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2011-09-16 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"LegalNoticeText"=
"LegalNoticeCaption"=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"D:\Hry\Pi\Programs\RM.exe"="D:\Hry\Pi\Programs\RM.exe:*:Enabled:Render Manager"
"D:\Hry\Pi\Programs\Studio.exe"="D:\Hry\Pi\Programs\Studio.exe:*:Enabled:Studio"
"D:\Hry\Pi\Programs\umi.exe"="D:\Hry\Pi\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Common Files\soft602\langserv.exe"="C:\Program Files\Common Files\soft602\langserv.exe:*:Enabled:Software602 Spell Checker"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

======File associations======

.ini - open - notepad.exe %1
.js - edit -
.js - open -
.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -
.txt - open - notepad.exe %1

======List of files/folders created in the last 1 months======

2013-09-15 18:23:57 ----SHD---- C:\RECYCLER
2013-09-15 18:07:20 ----D---- C:\WINDOWS\temp
2013-09-15 18:07:18 ----A---- C:\ComboFix.txt
2013-09-12 16:18:11 ----A---- C:\WINDOWS\system32\gdiplus.dll
2013-09-11 20:39:09 ----RHD---- C:\Documents and Settings\pc\Data aplikací\SecuROM
2013-09-11 20:38:55 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2013-08-25 10:58:39 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 months======

2013-09-15 18:39:06 ----D---- C:\Program Files\trend micro
2013-09-15 18:07:21 ----D---- C:\WINDOWS\system32\drivers
2013-09-15 18:07:21 ----D---- C:\Qoobox
2013-09-15 18:07:20 ----D---- C:\WINDOWS\Prefetch
2013-09-15 18:07:20 ----D---- C:\WINDOWS
2013-09-15 18:04:26 ----A---- C:\WINDOWS\system.ini
2013-09-15 18:03:58 ----D---- C:\WINDOWS\system32\drivers\etc
2013-09-15 18:02:37 ----D---- C:\WINDOWS\system32\CatRoot2
2013-09-15 18:01:50 ----D---- C:\WINDOWS\system32\config
2013-09-15 18:01:43 ----D---- C:\WINDOWS\ERDNT
2013-09-15 17:51:48 ----D---- C:\WINDOWS\system32
2013-09-15 17:51:48 ----D---- C:\WINDOWS\AppPatch
2013-09-15 17:51:43 ----D---- C:\Program Files\Common Files
2013-09-15 17:51:21 ----D---- C:\WINDOWS\Microsoft.NET
2013-09-15 17:46:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-09-15 17:42:35 ----D---- C:\Documents and Settings\pc\Data aplikací\Adobe
2013-09-15 17:42:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2013-09-15 16:19:37 ----RSD---- C:\WINDOWS\Fonts
2013-09-15 15:39:55 ----SD---- C:\WINDOWS\Tasks
2013-09-15 13:15:44 ----D---- C:\WINDOWS\system32\drivers\Avg
2013-09-12 16:30:46 ----RD---- C:\Program Files
2013-09-12 16:12:04 ----HD---- C:\Program Files\InstallShield Installation Information
2013-09-11 12:52:26 ----SHD---- C:\WINDOWS\Installer
2013-09-10 22:06:10 ----HD---- C:\WINDOWS\inf
2013-09-07 15:29:05 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2013-09-07 15:28:57 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2013-09-07 15:28:53 ----D---- C:\WINDOWS\system32\DirectX
2013-09-07 15:27:28 ----RSD---- C:\WINDOWS\assembly
2013-09-07 15:26:36 ----D---- C:\WINDOWS\WinSxS
2013-09-04 11:52:29 ----D---- C:\Documents and Settings\pc\Data aplikací\ICQ
2013-08-29 12:28:54 ----D---- C:\Documents and Settings\pc\Data aplikací\vlc
2013-08-26 13:04:49 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-08-25 10:03:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2004-10-19 28207]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2005-09-14 20016]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-03-03 48640]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-02-23 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-04-19 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2010-02-07 82380]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2013-01-16 226016]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2011-09-16 29712]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2011-05-06 243152]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SandBox;SandBox; \??\C:\WINDOWS\system32\drivers\SandBox.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-04-25 281760]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-04-25 25888]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-10-26 7412736]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-11-19 95232]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2004-10-19 20096]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2004-09-21 10804]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\WINDOWS\system32\DRIVERS\e1y5132.sys [2008-11-21 238736]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2008-03-28 40832]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-12-23 4967424]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 tap0901_2gm;VPN Anonymizer Adapter; C:\WINDOWS\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2004-11-05 82148]
S2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 akt04vd1;akt04vd1; C:\WINDOWS\system32\drivers\akt04vd1.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-01-17 23000]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\WINDOWS\system32\drivers\BTNetFilter.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-04-07 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-04-07 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-04-07 21456]
S3 mbr;mbr; \??\C:\DOCUME~1\pc~1\LOCALS~1\Temp\mbr.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-07-09 52096]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-14 163584]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2009-07-22 28592]
S3 taphss;Anchorfree HSS Adapter; C:\WINDOWS\system32\DRIVERS\taphss.sys [2011-05-25 32768]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S3 ZSMC301b;Philips SPC 300NC PC Camera; C:\WINDOWS\System32\Drivers\usbVM31b.sys [2005-01-26 91527]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-10-26 643072]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-18 308136]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-01-27 106496]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2013-09-07 76888]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2013-09-07 189248]
R2 wlidsvc;Windows Live ID Sign-in Assistant; c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-05-15 593920]
S2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-07-12 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-12-21 74360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-08-25 117656]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-04-07 65795]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#12 Příspěvek od **cernohous13** » 15 zář 2013 18:02

Ten driver v registrech si ze mě dělá pr*el

Stáhni OTM z jednoho odkazu a rozbal nejlépe na plochu.
http://oldtimer.geekstogo.com/OTM.exe
http://www.itxassociates.com/OT-Tools/OTM.exe

Spusť program „OTM.exe“ (pro Vistu a Win7 – pravým a „Run As Administrator“).
Do okna pod žlutou čáru vlož celý text zeleným písmem ze „Scriptu“

Klikni na červené „MoveIt!“

Při nabídce restartu „YES“
a log potom najdeš v C:\_OTM\MovedFiles\ - dej mi ho sem na kontrolu

Script OTM

Kód: Vybrat vše

:Commands
[emptytemp]
[emptyflash]
[emptyjava]
[clearallrestorepoints]

:Files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s


:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"OutpostMonitor"=-

:Services

Zkusíme ještě tento postup a pak už bych mohl zametat po sobě stopy

StandaM. · #13 Příspěvek od **StandaM.** » 15 zář 2013 18:30

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: pc
->Temp folder emptied: 311247 bytes
->Temporary Internet Files folder emptied: 3110135 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 105829559 bytes
->Google Chrome cache emptied: 13150474 bytes
->Flash cache emptied: 69221 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 602112 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 236 bytes

Total Files Cleaned = 117,00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: pc
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: pc
->Java cache emptied: 0 bytes

User: NetworkService

Total Java Files Cleaned = 0,00 mb

Restore point Set: OTM Restore Point
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP445.tmp folder moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\0098abaa114e4ec30d96e3f1f0c81c2b\BIT64.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\01a36296918da203a703c934c1e5ec0e\BIT125.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\0468bf43f43f12b829b2ae8bd4d2c1d8\BITB3.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\08630a0e5836d849898d98e89992b3cd\BIT8A.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\0aa3ef2f0c8b6eedf450a9dff1fe028e\BIT134.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\15a2ffaecd7e8868bf4741384d131144\BIT62.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\1755377ede550476961a7c61cb759a49\BIT12A.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\23d44fb8f0656f7d7b8bd6844f93c0be\BIT11C.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\3cf89eb787e02b4d8e3be8f21f2fca6f\BIT121.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\4d02c1250f51eac26497b1642633258c\BIT130.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\53cc55b1ae9939c47033ae3e58e66a1e\BIT11E.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\66209301148819961e9de594a61fd654\BIT11D.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\6b5aa0ab327e8b264f25cfebb003cb89\BIT75.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\71626ca2fb4a622d5a45713e53a7117c\BITF4.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\78276843e7edf2259ff36edcb75b48c4\BIT61.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\79e985206103a405613ee28c7de333e6\BIT5B.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\8fa4bccd58c81d001e7d7cdb3888745e\BIT11A.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\93883c1850672aae5bd96eb3d566063c\BIT126.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\a17ba760732fcf29071419fd2a359ef2\BIT104.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\a4a16021ebf52d24bb9743ed86a9fabb\BIT123.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\a7fbaae8af387857c53af9f499967e24\BIT60.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\b871b7d20cb11882ef9bcf4b6ac698dc\BIT117.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\ba1bb87cee764bafaf2bb6e3c03acc5f\BIT129.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\babb2ae841b8727d6e2b566ddc4dd4c4\BIT11B.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\c6d7605c025bed77684a63b6b7df7531\BIT14D.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\cc2df7786975928621f289762b9c7087\BIT5E.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\db159293804621265a70fb36a41551b1\BIT124.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\de474b3441ec2f574e1744f75569fe14\BIT120.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\e5aeba5afee013a6ffaee189c1ec01e5\BIT11F.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\e75898dbcfac66385a8b5f550111f877\BIT5D.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\ebb0f4af34f6afd86bb33ad7abd831ec\BIT154.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\f1ed0efb727127f79885eb917dab693b\BIT63.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\f2cf09f8e268bd4d93dceaadb8f44fe5\BIT132.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\fad686174f0f4476bdc69a74799d7770\BIT5F.tmp moved successfully.
========== REGISTRY ==========
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\OutpostMonitor scheduled to be deleted on reboot.
========== SERVICES/DRIVERS ==========

OTM by OldTimer - Version 3.1.21.0 log created on 09152013_192336

Files moved on Reboot...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\OutpostMonitor scheduled to be deleted on reboot.

#14 Příspěvek od **cernohous13** » 15 zář 2013 20:19

a protože mám obavy, aby nám ten zbytečný klíč neblokoval instalaci kvalitního FW
ZoneAlarm - http://www.filehippo.com/download_zonealarm_free/ nebo Comodo - http://www.slunecnice.cz/sw/comodo-firewall-free/
použijeme bazooku

Stahni Avenger zde:
http://swandog46.geekstogo.com/avenger.exe
Spusť a všude souhlas „Yes“
Hlavní okno

dole dej fajfku do obou čtverečků

Do pole „Input script here“ zkopíruj zelený text scriptu -> „Execute“ -> „Yes“
Bude restart a je potřeba vyčkat na otevření Notepadu a jeho obsah sem vložit. (C:\avenger.txt)

Script

Kód: Vybrat vše

Registry values to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | OutpostMonitor

StandaM. · #15 Příspěvek od **StandaM.** » 15 zář 2013 21:41

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Registry value "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|OutpostMonitor" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

VIRY.CZ

Trojský kůň

Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň

Re: Trojský kůň