Kaspersky hlasi 24 viru. Nerika jake, kde nebo co s nimi.

[zbr]

Kaspersky 2010 ukazuje, v "radarovém okénku" 24 virů. Dál už o nich nikde ani zmínka. Mezi zjištěnými hrozbami je pouze že odstranil Trojan.Win32.Generic.
RSIT Log současného stavu:

Logfile of random's system information tool 1.06 (written by random/random)

Run by Darinka at 2010-03-27 16:17:27

MicrosoftŽ Windows Vista™ Business Service Pack 1

System drive C: has 113 GB (49%) free of 229 GB

Total RAM: 2039 MB (45% free)



Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:17:38, on 27.3.2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal



Running processes:

C:\windows\system32\Dwm.exe

C:\windows\system32\taskeng.exe

C:\windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\PDF Complete\pdfsty.exe

C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\System32\nwtray.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\windows\system32\wuauclt.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\ICQ6.5\ICQ.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Users\Darinka\Desktop\RSIT.exe

C:\Program Files\trend micro\Darinka.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.udark.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.udark.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.udark.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.udark.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.udark.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://fr.udark.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://fr.udark.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.udark.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - - (no file)

R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5104.1546\swg.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"

O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent

O4 - HKCU\..\Run: [Regedit32] C:\windows\system32\regedit.exe

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O8 - Extra context menu item: Hledání panelu &AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\cs-CZ\local\search.html

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: &Kontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O13 - Gopher Prefix:

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{09EDA661-A3D6-44AD-9CD3-6694C598EAA8}: NameServer = 78.156.128.10,81.31.33.18

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

O20 - Winlogon Notify: DeviceNP - C:\windows\SYSTEM32\DeviceNP.dll

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe

O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\windows\system32\rpcnet.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Novell XTier Service Manager (XTSvcMgr) - Novell, Inc. - C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe



--

End of file - 12450 bytes



======Scheduled tasks folder======



C:\windows\tasks\GoogleUpdateTaskMachineCore.job

C:\windows\tasks\GoogleUpdateTaskMachineUA.job

C:\windows\tasks\User_Feed_Synchronization-{9AD31A84-3145-41B5-A024-6B18290C76FE}.job



======Registry dump======



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]

IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll [2009-10-20 68112]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]

AOL Toolbar BHO - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-02-03 1185120]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-05 279664]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5104.1546\swg.dll [2010-03-11 813040]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 35840]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]

FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll [2009-10-20 268816]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{0BF43445-2F28-4351-9252-17FE6E806AA0}

{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-02-03 1185120]

{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-05 279664]



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-05-22 141848]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-05-22 166424]

"Persistence"=C:\Windows\system32\igfxpers.exe [2008-05-22 133656]

"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-02-21 1183744]

"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-18 178712]

"PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2007-05-08 331552]

"PTHOSTTR"=C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2007-01-09 145184]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-27 1045800]

"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]

"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15 70912]

"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-04-21 197904]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]

"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-11-07 177456]

"HP Software Update"=c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

"NWTRAY"=C:\windows\system32\NWTRAY.EXE [2008-09-23 30480]

"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340456]



[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]

"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-03-18 2289664]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-07 39408]

"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336]

"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]

"Regedit32"=C:\windows\system32\regedit.exe []



C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe



C:\Users\Darinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP]

C:\windows\system32\DeviceNP.dll [2007-06-08 49152]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\windows\system32\igfxdev.dll [2008-02-11 204800]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

C:\windows\system32\klogon.dll [2009-10-20 219664]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0
ncv1_0



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0



[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]



[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55d87134-2a77-11de-8759-002186b749bc}]

shell\AutoRun\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe

shell\open\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f72a5ae-42e5-11de-8452-002186b749bc}]

shell\AutoRun\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe

shell\open\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b25d338d-0113-11de-bb14-002186b749bc}]

shell\AutoRun\command - G:\WD_Windows_Tools\Setup.exe



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d07323d9-0fd3-11de-b976-002186b749bc}]

shell\AutoRun\command - G:\TRKA///frka.exe

shell\open\command - G:\TRKA///frka.exe





======File associations======



.js - edit - C:\windows\System32\Notepad.exe %1

.js - open - C:\windows\System32\WScript.exe "%1" %*



======List of files/folders created in the last 1 months======



2010-03-27 07:53:38 ----D---- C:\Program Files\Kaspersky Lab

2010-03-27 07:45:10 ----D---- C:\ProgramData\Kaspersky Lab Setup Files

2010-03-27 06:02:30 ----D---- C:\Program Files\CCleaner

2010-03-27 05:50:31 ----D---- C:\Program Files\trend micro

2010-03-27 05:50:30 ----D---- C:\rsit

2010-03-25 20:17:07 ----A---- C:\windows\system32\mshtmler.dll

2010-03-25 20:17:07 ----A---- C:\windows\system32\mshtmled.dll

2010-03-25 20:17:07 ----A---- C:\windows\system32\jsproxy.dll

2010-03-25 20:17:07 ----A---- C:\windows\system32\ieui.dll

2010-03-25 20:17:07 ----A---- C:\windows\system32\icardie.dll

2010-03-25 20:17:07 ----A---- C:\windows\system32\admparse.dll

2010-03-25 20:17:06 ----A---- C:\windows\system32\msls31.dll

2010-03-25 20:17:04 ----A---- C:\windows\system32\iernonce.dll

2010-03-25 20:17:04 ----A---- C:\windows\system32\corpol.dll

2010-03-25 20:17:03 ----A---- C:\windows\system32\ieakeng.dll

2010-03-25 20:17:01 ----A---- C:\windows\system32\msfeedsbs.dll

2010-03-25 20:17:01 ----A---- C:\windows\system32\licmgr10.dll

2010-03-25 20:17:01 ----A---- C:\windows\system32\inseng.dll

2010-03-25 20:17:01 ----A---- C:\windows\system32\imgutil.dll

2010-03-25 20:17:01 ----A---- C:\windows\system32\iepeers.dll

2010-03-25 20:17:01 ----A---- C:\windows\system32\dxtrans.dll

2010-03-25 20:17:01 ----A---- C:\windows\system32\dxtmsft.dll

2010-03-25 20:17:00 ----A---- C:\windows\system32\WinFXDocObj.exe

2010-03-25 20:17:00 ----A---- C:\windows\system32\wextract.exe

2010-03-25 20:17:00 ----A---- C:\windows\system32\webcheck.dll

2010-03-25 20:17:00 ----A---- C:\windows\system32\occache.dll

2010-03-25 20:17:00 ----A---- C:\windows\system32\msrating.dll

2010-03-25 20:17:00 ----A---- C:\windows\system32\msfeedssync.exe

2010-03-25 20:17:00 ----A---- C:\windows\system32\iesetup.dll

2010-03-25 20:17:00 ----A---- C:\windows\system32\ieakui.dll

2010-03-25 20:17:00 ----A---- C:\windows\system32\ieaksie.dll

2010-03-25 20:16:59 ----A---- C:\windows\system32\pngfilt.dll

2010-03-25 20:16:59 ----A---- C:\windows\system32\mstime.dll

2010-03-25 20:16:59 ----A---- C:\windows\system32\msfeeds.dll

2010-03-25 20:16:59 ----A---- C:\windows\system32\advpack.dll

2010-03-25 20:16:58 ----A---- C:\windows\system32\vbscript.dll

2010-03-25 20:16:58 ----A---- C:\windows\system32\url.dll

2010-03-25 20:16:58 ----A---- C:\windows\system32\jscript.dll

2010-03-25 20:16:58 ----A---- C:\windows\system32\ieapfltr.dll

2010-03-25 20:16:57 ----A---- C:\windows\system32\iedkcs32.dll

2010-03-25 20:16:55 ----A---- C:\windows\system32\SetIEInstalledDate.exe

2010-03-25 20:16:55 ----A---- C:\windows\system32\SetDepNx.exe

2010-03-25 20:16:55 ----A---- C:\windows\system32\RegisterIEPKEYs.exe

2010-03-25 20:16:55 ----A---- C:\windows\system32\PDMSetup.exe

2010-03-25 20:16:55 ----A---- C:\windows\system32\mshta.exe

2010-03-25 20:16:55 ----A---- C:\windows\system32\iexpress.exe

2010-03-25 20:16:55 ----A---- C:\windows\system32\ieUnatt.exe

2010-03-25 20:16:55 ----A---- C:\windows\system32\iesysprep.dll

2010-03-25 20:16:55 ----A---- C:\windows\system32\iertutil.dll

2010-03-25 20:16:55 ----A---- C:\windows\system32\ie4uinit.exe

2010-03-25 20:16:54 ----A---- C:\windows\system32\wininet.dll

2010-03-25 20:16:54 ----A---- C:\windows\system32\urlmon.dll

2010-03-25 20:16:53 ----A---- C:\windows\system32\ieframe.dll

2010-03-25 20:16:52 ----A---- C:\windows\system32\mshtml.dll

2010-03-23 11:53:21 ----D---- C:\ProgramData\Kaspersky Lab

2010-03-11 10:33:19 ----A---- C:\windows\system32\browserchoice.exe

2010-03-11 10:26:51 ----A---- C:\windows\system32\nshhttp.dll

2010-03-11 10:26:42 ----A---- C:\windows\system32\httpapi.dll

2010-02-28 12:29:06 ----RSHD---- C:\RECYCLER



======List of files/folders modified in the last 1 months======



2010-03-27 16:17:38 ----D---- C:\windows\Prefetch

2010-03-27 16:17:31 ----D---- C:\windows\Temp

2010-03-27 11:53:52 ----D---- C:\windows\System32

2010-03-27 11:53:52 ----A---- C:\windows\system32\PerfStringBackup.INI

2010-03-27 11:53:51 ----D---- C:\windows\inf

2010-03-27 11:49:00 ----A---- C:\windows\system32\rpcnetp.exe

2010-03-27 11:48:47 ----A---- C:\windows\system32\rpcnetp.dll

2010-03-27 11:48:47 ----A---- C:\windows\system32\rpcnet.dll

2010-03-27 11:48:28 ----D---- C:\windows\Minidump

2010-03-27 11:48:28 ----D---- C:\Windows

2010-03-27 07:56:57 ----SHD---- C:\windows\Installer

2010-03-27 07:56:32 ----D---- C:\windows\system32\drivers

2010-03-27 07:55:43 ----D---- C:\windows\system32\catroot

2010-03-27 07:55:36 ----D---- C:\windows\system32\catroot2

2010-03-27 07:53:38 ----RD---- C:\Program Files

2010-03-27 07:52:33 ----SHD---- C:\System Volume Information

2010-03-27 07:45:10 ----HD---- C:\ProgramData

2010-03-27 07:25:36 ----D---- C:\windows\Debug

2010-03-27 05:05:42 ----D---- C:\windows\winsxs

2010-03-26 00:18:55 ----D---- C:\Users\Darinka\AppData\Roaming\Skype

2010-03-26 00:05:11 ----D---- C:\Users\Darinka\AppData\Roaming\skypePM

2010-03-25 20:39:26 ----D---- C:\windows\rescache

2010-03-25 20:18:36 ----D---- C:\Program Files\Internet Explorer

2010-03-25 20:18:35 ----D---- C:\windows\system32\migration

2010-03-25 20:18:35 ----D---- C:\windows\PolicyDefinitions

2010-03-25 20:18:34 ----D---- C:\windows\system32\en-US

2010-03-25 16:37:03 ----D---- C:\Users\Darinka\AppData\Roaming\ICQ

2010-03-23 13:15:12 ----D---- C:\windows\system32\WDI

2010-03-15 13:52:00 ----SD---- C:\Users\Darinka\AppData\Roaming\Microsoft

2010-03-11 11:57:50 ----D---- C:\windows\system32\Tasks

2010-03-11 11:30:35 ----D---- C:\Program Files\Windows Mail

2010-03-11 11:30:35 ----D---- C:\Program Files\Movie Maker

2010-03-11 10:35:58 ----D---- C:\ProgramData\Microsoft Help

2010-03-02 06:30:12 ----A---- C:\windows\system32\mrt.exe



======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======



R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\windows\system32\drivers\Aavmker4.sys [2006-09-25 24560]

R1 CSC;Offline Files Driver; C:\windows\system32\drivers\csc.sys [2008-01-21 350720]

R1 kl1;kl1; C:\windows\system32\DRIVERS\kl1.sys [2009-09-01 128016]

R1 KLIF;Kaspersky Lab Driver; C:\windows\system32\DRIVERS\klif.sys [2010-03-27 311312]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\windows\system32\DRIVERS\klim6.sys [2009-11-03 21520]

R1 NICM;Novell XTCOM Driver; \??\C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [2008-09-23 27152]

R2 aswMon2;avast! Standard Shield Support; C:\windows\system32\drivers\aswMon2.sys [2006-09-25 87424]

R2 NCFSD;Novell Client File System Redirector; \??\C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [2008-09-23 81424]

R2 NCIOCTL;Novell Xplat IoCtl Driver; \??\C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [2008-09-23 52752]

R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\ADIHdAud.sys [2008-04-24 309248]

R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]

R3 BCM43XX;Ovladač síového adaptéru Broadcom 802.11; C:\windows\system32\DRIVERS\bcmwl6.sys [2008-03-21 1207288]

R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]

R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\windows\system32\DRIVERS\e1e6032.sys [2007-05-24 223616]

R3 HBtnKey;HBtnKey; C:\windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]

R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]

R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]

R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]

R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2008-03-27 199472]

R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]

R3 WUDFRd;WUDFRd; C:\windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

S3 Axtmvflt;Axesstel USB Filter Service; C:\windows\system32\DRIVERS\Axtmvflt.sys [2007-09-20 3456]

S3 Axtmvmdm;Axesstel USB Modem; C:\windows\system32\DRIVERS\Axtmvmdm.sys [2007-09-20 40064]

S3 Axtmvprt;Axesstel Diagnostic Port; C:\windows\System32\Drivers\Axtmvprt.sys [2007-09-20 38784]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]

S3 BthEnum;Služba Bluetooth Enumerator; C:\windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]

S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]

S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2008-04-29 220160]

S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]

S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2008-04-22 80424]

S3 btwavdt;Bluetooth AVDT; C:\windows\system32\drivers\btwavdt.sys [2008-04-22 80936]

S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2008-04-22 16168]

S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\windows\system32\drivers\drmkaud.sys [2008-01-21 5632]

S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\windows\system32\drivers\MSPQM.sys [2008-01-21 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-01-21 6016]

S3 nciom;nciom; \??\C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [2008-09-23 60432]

S3 ncp;ncp; \??\C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [2008-09-23 63504]

S3 ncpl;ncpl; \??\C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [2008-09-23 40464]

S3 ndm;ndm; \??\C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [2008-09-23 17936]

S3 ndmndap;ndmndap; \??\C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [2008-09-23 65552]

S3 ndslpp;ndslpp; \??\C:\Program Files\Novell\Client\XTier\Drivers\ndslpp.sys [2008-09-23 20496]

S3 niam;niam; \??\C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [2008-09-23 30736]

S3 nipctl;nipctl; \??\C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [2008-09-23 43536]

S3 nscm;nscm; \??\C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [2008-09-23 26640]

S3 nsns;nsns; \??\C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [2008-09-23 21008]

S3 nsvccost;nsvccost; \??\C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [2008-09-23 28688]

S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]

S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2008-01-21 45624]

S3 xtxplat;xtxplat; \??\C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [2008-09-23 43024]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR; C:\windows\system32\drivers\megasr.sys [2008-01-21 386616]



======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======



R2 AEADIFilters;Andrea ADI Filters Service; C:\windows\system32\AEADISRV.EXE [2007-02-06 69632]

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2007-12-11 12800]

R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340456]

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\windows\system32\svchost.exe [2008-01-21 21504]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\windows\System32\svchost.exe [2008-01-21 21504]

R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-04-15 94208]

R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-18 354840]

R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]

R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-18 73728]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2008-01-21 21504]

R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 540448]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2008-01-21 21504]

R2 rpcnet;Remote Procedure Call (RPC) Net; C:\windows\system32\rpcnet.exe [2009-12-21 56680]

R2 XTSvcMgr;Novell XTier Service Manager; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [2008-09-23 16656]

R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2008-04-16 165192]

S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]

S3 AppMgmt;@appmgmts.dll,-3250; C:\windows\system32\svchost.exe [2008-01-21 21504]

S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]

S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]

S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\windows\system32\fxssvc.exe [2008-01-21 523776]

S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; C:\Windows\system32\flcdlock.exe [2007-06-08 172131]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-03 182768]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 RoxMediaDB10;RoxMediaDB10; c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]

S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\windows\System32\svchost.exe [2008-01-21 21504]

S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\windows\system32\wbengine.exe [2008-01-21 917504]



-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[zbr]

Dobrý večer, omlouvám se za pozdní reakci - v obsahu fóra bylo mé téma stále bez reakce....
na logu se už pracuje O:-)

[zbr]

běží to již přes hodinu, bez výsledku...
(a pokud během scanu běží např hodiny v panelu, systém zamrznul tak cca před půl hodinou)

[Rudy]

Stopněte to a spusťte v nouz. režimu.

[zbr]

už mi to v něm běží cca 10 minut.....
před chvílí zmizela plocha a panel...

[zbr]

takže ani třetí pokus s odinstalováním CF a jeho opětovném spuštění v nouzovém režimu k ničemu nevedl....

[Rudy]

Proveďte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[zbr]

tak konečně úspěch, sice opět přes nouzový režim, ale zde je:

Malwarebytes' Anti-Malware 1.44

Verze databáze: 3922

Windows 6.0.6001 Service Pack 1 (Safe Mode)

Internet Explorer 8.0.6001.18702



28.3.2010 0:22:39

mbam-log-2010-03-28 (00-22-24).txt



Typ kontroly: Kompletní kontrola (C:\|D:\|)

Zkontrolované objekty: 392497

Uplynulý čas: 59 minute(s), 4 second(s)



Infikované procesy v paměti: 0

Infikované moduly v paměti: 0

Infikované klíče registru: 0

Infikované hodnoty registru: 3

Infikované datové položky registru: 1

Infikované adresáře: 0

Infikované soubory: 2



Infikované procesy v paměti:

(Nebyly nalezeny žádné škodlivé položky)



Infikované moduly v paměti:

(Nebyly nalezeny žádné škodlivé položky)



Infikované klíče registru:

(Nebyly nalezeny žádné škodlivé položky)



Infikované hodnoty registru:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> No action taken.

HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> No action taken.

HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> No action taken.



Infikované datové položky registru:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Darinka\AppData\Local\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.



Infikované adresáře:

(Nebyly nalezeny žádné škodlivé položky)



Infikované soubory:

C:\Program Files\DriversHQ.DriverDetective.Client.DirectX.dll (Spyware.OnlineGames) -> No action taken.

C:\Users\Darinka\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.

[Rudy]

Vše smažte.

[zbr]

Smazáno.

[zbr]

Nový scan z MBAM hlásí vše v pořádku - pouze mě zaujalo že při stejném počtu objektů trval cca 2x déle.
Zkoušel jsem udělat scan Combofixem ale stále na stroji neběží, podle toho jak se chová na jiném systému skončí hned ze začátku.

[Rudy]

Těžko říci proč. Kaspersky už nic nehlásí?

[zbr]

No, přeinstaloval jsem ho a zatim hlásí čisto.
Zatím to vypadá ok.
Každopádně děkuji za rady.

[Rudy]

Nemáte zač!