preventivně

Zpráva

koncentrak · #1 Příspěvek od **koncentrak** » 29 bře 2010 18:46

Logfile of random's system information tool 1.06 (written by random/random)
Run by Strongmann at 2010-03-29 19:44:20
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (20%) free of 20 GB
Total RAM: 2046 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:44:28, on 29.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Programy\Defraq\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\Programy\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programy\ActiveSync\wcescomm.exe
D:\Programy\ACTIVE~1\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Programy\ICQ6.5\ICQ.exe
C:\Documents and Settings\Strongmann\Plocha\RSIT.exe
D:\Programy\hijackthis\Strongmann.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.iobit.com/advancedwindowscar ... r=download
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy\Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Programy\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [denicek] "F:\Daniel\Daniel\cviceni\můj deníček.XLS"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Programy\ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Programy\ACTIVE~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Programy\ACTIVE~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Programy\ACTIVE~1\INetRepl.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\FRONTP~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.21.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CB6E056-FAF0-42A7-B7CE-C028C9B680E1}: NameServer = 10.0.0.138
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\Programy\Defraq\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Programy\Spyware Terminator\sp_rsser.exe

--
End of file - 10114 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-790525478-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-790525478-839522115-1003UA.job
C:\WINDOWS\tasks\SmartDefrag.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2009-06-24 491520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-12 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2009-06-24 491520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-08-26 16851456]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-03-19 2046816]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-05-01 86016]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Adobe Reader Speed Launcher"=D:\Programy\Reader\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-11 417792]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SpywareTerminator"=D:\Programy\Spyware Terminator\SpywareTerminatorShield.exe [2010-01-25 2166784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-10 218032]
"denicek"=F:\Daniel\Daniel\cviceni\můj deníček.XLS [2010-02-20 82432]
"Google Update"=C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-12-04 135664]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=D:\Programy\ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-23 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Programy\ICQ6.5\ICQ.exe"="D:\Programy\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Hry\Soldat\Soldat.exe"="D:\Hry\Soldat\Soldat.exe:*:Enabled:http://soldat.pl"
"D:\Hry\TrackMania Nations ESWC\TmNationsESWC.exe"="D:\Hry\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\Hry\TMS2003\Tennis Masters Series 2003.exe"="D:\Hry\TMS2003\Tennis Masters Series 2003.exe:*:Enabled:Tennis Masters Series 2003"
"D:\Hry\Wolfenstein - Enemy Territory\ET.exe"="D:\Hry\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\Programy\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe"="D:\Programy\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe:*:Enabled:MxDownloadServer"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Hry\call of juarez\CoJBiBGame_x86.exe"="D:\Hry\call of juarez\CoJBiBGame_x86.exe:*:Enabled:Call of Juarez: Bound in Blood"
"D:\Hry\Call of Duty 2\CoD2MP_s.exe"="D:\Hry\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\Hry\Activision\Call of Duty 2\CoD2MP_s.exe"="D:\Hry\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\Hry\Race driver grid\Grid\GRID.exe"="D:\Hry\Race driver grid\Grid\GRID.exe:*:Enabled:GRID Executable"
"D:\Hry\Pes 2010\pes2010.exe"="D:\Hry\Pes 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"D:\Hry\Call of Duty Modern Warfare 2\Call of Duty Modern Warfare 2\iw4sp.exe"="D:\Hry\Call of Duty Modern Warfare 2\Call of Duty Modern Warfare 2\iw4sp.exe:*:Enabled:iw4sp"
"D:\Programy\Opera10beta\opera.exe"="D:\Programy\Opera10beta\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Programy\Steam\steamapps\common\peggle nights\PeggleNights.exe"="D:\Programy\Steam\steamapps\common\peggle nights\PeggleNights.exe:*:Enabled:Peggle Nights"
"D:\Programy\Spyware Terminator\SpywareTerminatorUpdate.exe"="D:\Programy\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"D:\Programy\ActiveSync\rapimgr.exe"="D:\Programy\ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\Programy\ActiveSync\wcescomm.exe"="D:\Programy\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\Programy\ActiveSync\WCESMgr.exe"="D:\Programy\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"D:\Hry\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe"="D:\Hry\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II"
"D:\Hry\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe"="D:\Hry\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update"
"D:\Hry\Ubisoft\Assassin's Creed II\UPlayBrowser.exe"="D:\Hry\Ubisoft\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Programy\ActiveSync\rapimgr.exe"="D:\Programy\ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\Programy\ActiveSync\wcescomm.exe"="D:\Programy\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\Programy\ActiveSync\WCESMgr.exe"="D:\Programy\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======File associations======

.js - edit -

======List of files/folders created in the last 1 months======

2010-03-28 14:35:22 ----A---- C:\Documents and Settings\Strongmann\Data aplikací\rundll.exe
2010-03-28 14:35:22 ----A---- C:\Documents and Settings\Strongmann\Data aplikací\nt.dll
2010-03-28 14:35:21 ----A---- C:\Documents and Settings\Strongmann\Data aplikací\dosyaa.exe
2010-03-25 22:49:14 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\Ubisoft
2010-03-25 22:49:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Ubisoft
2010-03-25 22:39:46 ----D---- C:\Program Files\Ubisoft
2010-03-25 11:04:37 ----D---- C:\Program Files\Common Files\Xara
2010-03-16 14:47:30 ----A---- C:\WINDOWS\ezmacros.INI
2010-03-16 14:47:18 ----A---- C:\WINDOWS\unezmac.ini
2010-03-16 14:47:18 ----A---- C:\WINDOWS\amuninst.exe

======List of files/folders modified in the last 1 months======

2010-03-29 19:44:20 ----D---- C:\WINDOWS\Prefetch
2010-03-29 19:43:27 ----D---- C:\WINDOWS
2010-03-29 18:45:37 ----D---- C:\WINDOWS\system32
2010-03-29 18:45:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-29 18:41:45 ----D---- C:\WINDOWS\Temp
2010-03-29 18:41:35 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-03-29 18:40:22 ----A---- C:\WINDOWS\wincmd.ini
2010-03-29 18:34:38 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-03-29 13:12:06 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-03-29 12:01:03 ----A---- C:\WINDOWS\MAILTRAN.INI
2010-03-29 10:55:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-03-29 10:26:32 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-29 09:21:57 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-28 12:05:09 ----D---- C:\$AVG8.VAULT$
2010-03-27 09:11:18 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\ICQ
2010-03-25 22:48:07 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-25 22:47:31 ----SHD---- C:\WINDOWS\Installer
2010-03-25 22:47:31 ----D---- C:\Config.Msi
2010-03-25 22:47:26 ----HD---- C:\WINDOWS\inf
2010-03-25 22:47:06 ----RSD---- C:\WINDOWS\assembly
2010-03-25 22:46:44 ----D---- C:\WINDOWS\system32\DirectX
2010-03-25 22:39:46 ----RD---- C:\Program Files
2010-03-25 18:00:11 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\gtk-2.0
2010-03-25 11:04:50 ----RSD---- C:\WINDOWS\Fonts
2010-03-25 11:04:37 ----D---- C:\Program Files\Common Files
2010-03-21 17:26:37 ----A---- C:\WINDOWS\TRNCOM.INI
2010-03-14 16:31:00 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-23 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-23 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-14 108552]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-27 4754432]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2008-08-07 111360]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 a9a3tjtu;a9a3tjtu; C:\WINDOWS\system32\drivers\a9a3tjtu.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cglptnt;cglptnt; \??\C:\totalcmd\cglptnt.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-10-06 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-10-06 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbser;USB Serial emulation modem driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-23 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-23 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ES lite Service;ES lite Service for program management.; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [2008-12-09 68136]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2009-05-01 168004]
R2 O&O Defrag;O&O Defrag; D:\Programy\Defraq\oodag.exe [2009-09-12 1488128]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-10-02 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-03-29 214520]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; D:\Programy\Spyware Terminator\sp_rsser.exe [2010-01-25 488960]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-06 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Caroprd111** » 29 bře 2010 19:33

Zdravím

Na logu se pracuje, prosím o strpení.

#3 Příspěvek od **Caroprd111** » 29 bře 2010 19:38

Používáte AVG Internet Security nebo AVG Anti-Virus (bez firewallu)

Tohle otestujte na http://www.virustotal.com/cs/
C:\Documents and Settings\Strongmann\Data aplikací\rundll.exe
C:\Documents and Settings\Strongmann\Data aplikací\nt.dll
C:\Documents and Settings\Strongmann\Data aplikací\dosyaa.exe

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

koncentrak · #4 Příspěvek od **koncentrak** » 29 bře 2010 20:02

používám AVG anti-virus free firewall mam vypnuty..
vysledky:
http://www.virustotal.com/cs/analisis/9 ... 1269888814
http://www.virustotal.com/cs/analisis/6 ... 1269889006
http://www.virustotal.com/cs/analisis/f ... 1269889190

#5 Příspěvek od **Caroprd111** » 29 bře 2010 20:13

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
Během skenování může být počítač restartován.

koncentrak · #6 Příspěvek od **koncentrak** » 29 bře 2010 20:45

ComboFix 10-03-28.03 - Administrator 29.03.2010 21:27:09.2.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1759 [GMT 2:00]
Spuštěný z: f:\stahování\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Strongmann\Data aplikací\dosyaa.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\kr_done1
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-28 do 2010-03-29 )))))))))))))))))))))))))))))))
.

2010-03-29 19:23 . 2010-03-29 19:23 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-03-25 20:39 . 2010-03-25 20:48 -------- d-----w- c:\program files\Ubisoft
2010-03-25 09:04 . 2010-03-25 09:04 -------- d-----w- c:\program files\Common Files\Xara
2010-03-16 12:47 . 2008-07-01 12:24 302184 ----a-w- c:\windows\amuninst.exe
2010-03-03 10:09 . 2010-03-03 10:09 -------- d-sh--w- c:\documents and settings\Rudy#77\PrivacIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-29 19:26 . 2001-10-25 12:00 79062 ----a-w- c:\windows\system32\perfc005.dat
2010-03-29 19:26 . 2001-10-25 12:00 432004 ----a-w- c:\windows\system32\perfh005.dat
2010-03-29 16:41 . 2009-06-13 21:22 16608 ----a-w- c:\windows\gdrv.sys
2010-03-29 11:12 . 2009-06-14 10:34 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-29 11:12 . 2009-06-14 10:34 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-25 20:48 . 2009-06-13 21:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-25 13:39 . 2009-06-28 16:05 22 ----a-w- c:\windows\popcinfot.dat
2010-02-27 15:14 . 2010-02-27 15:14 -------- d-----w- c:\program files\Realtek AC97
2010-02-13 16:43 . 2010-02-13 16:43 -------- d-----w- c:\program files\Common Files\Macromedia
2010-02-06 21:11 . 2010-02-06 21:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-02 20:47 . 2010-02-02 20:25 -------- d-----w- c:\program files\Call of Duty 2 for Pocket PC
2010-01-31 20:16 . 2010-01-31 20:16 0 ----a-w- c:\windows\Infob.dat
2010-01-31 20:16 . 2010-01-31 20:16 0 ----a-w- c:\windows\Infoa.dat
2010-01-31 17:41 . 2009-06-23 11:39 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-25 17:13 . 2010-01-25 17:13 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-01-07 15:07 . 2010-01-26 17:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2010-01-26 17:05 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2001-10-25 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"nwiz"="nwiz.exe" [2009-04-30 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="d:\programy\Reader\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SpywareTerminator"="d:\programy\Spyware Terminator\SpywareTerminatorShield.exe" [2010-01-25 2166784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 07:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programy\\ICQ6.5\\ICQ.exe"=
"d:\\Hry\\Soldat\\Soldat.exe"=
"d:\\Hry\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Hry\\TMS2003\\Tennis Masters Series 2003.exe"=
"d:\\Hry\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"d:\\Programy\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Hry\\call of juarez\\CoJBiBGame_x86.exe"=
"d:\\Hry\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Hry\\Race driver grid\\Grid\\GRID.exe"=
"d:\\Hry\\Pes 2010\\pes2010.exe"=
"d:\\Programy\\Opera10beta\\opera.exe"=
"d:\\Programy\\Steam\\steamapps\\common\\peggle nights\\PeggleNights.exe"=
"d:\\Programy\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Documents and Settings\\Strongmann\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"d:\programy\ActiveSync\rapimgr.exe"= d:\programy\ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\programy\ActiveSync\wcescomm.exe"= d:\programy\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\programy\ActiveSync\WCESMgr.exe"= d:\programy\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"d:\\Hry\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"d:\\Hry\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"d:\\Hry\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.2.2010 23:11 691696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13.6.2009 23:46 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13.6.2009 23:46 108552]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [25.1.2010 19:13 142592]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [13.6.2009 23:46 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [13.6.2009 23:46 297752]
S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [13.6.2009 23:22 68136]
S3 cglptnt;cglptnt;c:\totalcmd\CGLPTNT.SYS [13.6.2009 23:48 7888]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [25.12.2009 0:54 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [25.12.2009 0:54 8320]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - PARPORT
.
Obsah adresáře 'Naplánované úlohy'

2010-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-03-14 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-12-02 12:48]
.
.
------- Doplňkový sken -------
.
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: {3CB6E056-FAF0-42A7-B7CE-C028C9B680E1} = 10.0.0.138
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/update ... 0.21.0.cab
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
d:\programy\Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-29 21:35
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:őwjY*]
"DisplayName"="???\16?\11\09"
"DeviceDesc"="???\16?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"g:\\chipset\\7-ser\\xp\\sbdrv\\smbus\\smbusati.inf\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="EAA800C2F80881ADF5AF957F34BDF7114DA3C3EEB59112A58C8684197BC7C722289E9413F02A1C730D19948C3AA7A790142F8476CA91F3663F707FB450DDACD74E8656DE697B193F179A7014AD4067114241835D87D7CC803F7815205E4E6CBD9D3AD22209A69CBEAA12B0191C006A9AE156654F01CB7972AA5FA6D25C15B4EC6D59FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D8EDD5E5BE2F6E667C038D530D6EB3452DD2668A792F166BA2DAC8AFD494A5B00055C2806C8C1D61EE555191AEB0CF87852F40ED1E71257619983FD4203680FE26B7EDD5C87DEA6A3B9E3A7CD16933A51F01833FABFA5011C7BD8DF82F1E818CE92BD8DD33537A963E7CB60D73A41D6B5981961A83005FC456DFBDE527A3D44FB75D22A3025F3029368CF9E4C3698648259E1775E482BF775BCA2FD4A767875E6BD5BFC3A1C63E53460968CC6DCBE8ED278C2A6290538308D6D631405B255A04FCAD822BFD4782184AEA92CE27680140CF1EDF3165CF1FCAF35BC4A236FAF4F38323007117C47900A627852C33DCBC9D0707C3A38B53D44C37E0EA2C863081DEB39ACF182360AA60EC055A78EDFB2958ED6E8A7A6EC280373671C6C9B36843E765DF8F9EC97A06A9E42F528EC01ED73713B92BC7CD2614AAFC38E504905EC75264B28892D2A0A758B9374A58D3957726B653D4FD6AABD3CAA99F04800602F9D116930E1226DEEF6EA14514420926E36B355100A592C3414DBA336A4F34F5B228DCE6816B3D1972F945AEB7DDB0D55F5C4B916E9AA05E19B7ECFB106DD49A686B9C4100FC7BDF1F5A72D8D1E799A537B5B7ABE427552853491C01C64773CE95E744D4787CC0B8FB503895F46B72253A7FAAF5E37672C045258CC900B010822D3629B948EB188A76CCDA0EE6A56FEE3EE69272BC1B49664FD597F10183F8270246B95E009ECF7132CF056AF541D0138D42FE2C1329390D2D3E0167F7EF8F319A03B58F92F7510D09A9843782054E928F79D9821A9BD089F037C05A704799A05AE43B28F0C49798174B5B4823F4B722D07C3B12C1C73E23E5001EFB3C49126C24636A8397FE7D26B057FA8EC76D04366C37AC92BD475F6469484B3352F143C01F50DF16FBCD6ADF930EB57B9DCBCFC97865935C7718B13743CE35E9E06D7F696DE83F88F4D1F11B8EABBA64FE1E833263B3FF814E3007429473BB14B60BA617AB69A5D5C0B4C765AC1ED3478C3B1EA1F60504C80F02251E5C8EFA474A79AFD4BC596F378A6704BB5D0C6CF631879A03008F01FE633C4CFD4E929E1BD1DDB414969FDC36F241EF243CBD1FDA24926432B5CCA1202993D0DC167D0C829D06514D7939E882DD9EFC2A2785BF82D92A03689964D7BF06266999A91976AA02B24D382"
.
Celkový čas: 2010-03-29 21:37:22
ComboFix-quarantined-files.txt 2010-03-29 19:37

Před spuštěním: 4 012 994 560
Po spuštění: 4 321 193 984

- - End Of File - - 9EE907FF99570B15A1046C7B57831930

#7 Příspěvek od **Caroprd111** » 29 bře 2010 20:54

Pokud nemáte, přesuňte Combofix na plochu

Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

File:: 
C:\Documents and Settings\Strongmann\Data aplikací\rundll.exe
C:\Documents and Settings\Strongmann\Data aplikací\nt.dll

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:őwjY*]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

koncentrak · #8 Příspěvek od **koncentrak** » 29 bře 2010 21:08

ComboFix 10-03-28.03 - Strongmann 29.03.2010 22:01:48.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1582 [GMT 2:00]
Spuštěný z: c:\documents and settings\Strongmann\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Strongmann\Plocha\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\Strongmann\Data aplikací\nt.dll"
"c:\documents and settings\Strongmann\Data aplikací\rundll.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Strongmann\Data aplikací\nt.dll
c:\documents and settings\Strongmann\Data aplikací\rundll.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-28 do 2010-03-29 )))))))))))))))))))))))))))))))
.

2010-03-29 19:23 . 2010-03-29 19:23 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-03-25 20:39 . 2010-03-25 20:48 -------- d-----w- c:\program files\Ubisoft
2010-03-25 09:04 . 2010-03-25 09:04 -------- d-----w- c:\program files\Common Files\Xara
2010-03-16 12:47 . 2008-07-01 12:24 302184 ----a-w- c:\windows\amuninst.exe
2010-03-03 10:09 . 2010-03-03 10:09 -------- d-sh--w- c:\documents and settings\Rudy#77\PrivacIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-29 20:04 . 2001-10-25 12:00 79062 ----a-w- c:\windows\system32\perfc005.dat
2010-03-29 20:04 . 2001-10-25 12:00 432004 ----a-w- c:\windows\system32\perfh005.dat
2010-03-29 20:00 . 2009-06-13 21:22 16608 ----a-w- c:\windows\gdrv.sys
2010-03-29 11:12 . 2009-06-14 10:34 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-29 11:12 . 2009-06-14 10:34 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-25 20:48 . 2009-06-13 21:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-25 13:39 . 2009-06-28 16:05 22 ----a-w- c:\windows\popcinfot.dat
2010-02-27 15:14 . 2010-02-27 15:14 -------- d-----w- c:\program files\Realtek AC97
2010-02-13 16:43 . 2010-02-13 16:43 -------- d-----w- c:\program files\Common Files\Macromedia
2010-02-06 21:11 . 2010-02-06 21:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-02 20:47 . 2010-02-02 20:25 -------- d-----w- c:\program files\Call of Duty 2 for Pocket PC
2010-01-31 20:16 . 2010-01-31 20:16 0 ----a-w- c:\windows\Infob.dat
2010-01-31 20:16 . 2010-01-31 20:16 0 ----a-w- c:\windows\Infoa.dat
2010-01-31 17:41 . 2009-06-23 11:39 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-25 17:13 . 2010-01-25 17:13 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-01-07 15:07 . 2010-01-26 17:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2010-01-26 17:05 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2001-10-25 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-03-29_19.35.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-29 20:00 . 2010-03-29 20:00 16384 c:\windows\temp\Perflib_Perfdata_128.dat
+ 2010-03-29 20:00 . 2010-03-29 20:00 16384 c:\windows\temp\Perflib_Perfdata_10c.dat
+ 2001-10-25 12:00 . 2010-03-29 20:04 68156 c:\windows\system32\perfc009.dat
- 2001-10-25 12:00 . 2010-03-29 19:26 68156 c:\windows\system32\perfc009.dat
+ 2001-10-25 12:00 . 2010-03-29 20:04 435260 c:\windows\system32\perfh009.dat
- 2001-10-25 12:00 . 2010-03-29 19:26 435260 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"denicek"="f:\daniel\Daniel\cviceni\můj deníček.XLS" [2010-02-20 82432]
"Google Update"="c:\documents and settings\Strongmann\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-12-04 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"nwiz"="nwiz.exe" [2009-04-30 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="d:\programy\Reader\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SpywareTerminator"="d:\programy\Spyware Terminator\SpywareTerminatorShield.exe" [2010-01-25 2166784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 07:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programy\\ICQ6.5\\ICQ.exe"=
"d:\\Hry\\Soldat\\Soldat.exe"=
"d:\\Hry\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Hry\\TMS2003\\Tennis Masters Series 2003.exe"=
"d:\\Hry\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"d:\\Programy\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Hry\\call of juarez\\CoJBiBGame_x86.exe"=
"d:\\Hry\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Hry\\Race driver grid\\Grid\\GRID.exe"=
"d:\\Hry\\Pes 2010\\pes2010.exe"=
"d:\\Programy\\Opera10beta\\opera.exe"=
"d:\\Programy\\Steam\\steamapps\\common\\peggle nights\\PeggleNights.exe"=
"d:\\Programy\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Documents and Settings\\Strongmann\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"d:\programy\ActiveSync\rapimgr.exe"= d:\programy\ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\programy\ActiveSync\wcescomm.exe"= d:\programy\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\programy\ActiveSync\WCESMgr.exe"= d:\programy\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"d:\\Hry\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"d:\\Hry\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"d:\\Hry\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13.6.2009 23:46 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13.6.2009 23:46 108552]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [25.1.2010 19:13 142592]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [13.6.2009 23:46 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [13.6.2009 23:46 297752]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [13.6.2009 23:22 68136]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.2.2010 23:11 691696]
S3 cglptnt;cglptnt;c:\totalcmd\CGLPTNT.SYS [13.6.2009 23:48 7888]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [25.12.2009 0:54 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [25.12.2009 0:54 8320]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.iobit.com/advancedwindowscareper.html?Str=download
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: {3CB6E056-FAF0-42A7-B7CE-C028C9B680E1} = 10.0.0.138
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/update ... 0.21.0.cab
FF - ProfilePath - c:\documents and settings\Strongmann\Data aplikací\Mozilla\Firefox\Profiles\8c69713x.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage|http://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp? ... searchfor=
FF - prefs.js: network.proxy.type - 2
FF - plugin: d:\programy\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\programy\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: d:\programy\Firefox\plugins\np-mswmp.dll
FF - plugin: d:\programy\Opera10beta\program\plugins\npdsplay.dll
FF - plugin: d:\programy\Opera10beta\program\plugins\npqtplugin.dll
FF - plugin: d:\programy\Opera10beta\program\plugins\npqtplugin2.dll
FF - plugin: d:\programy\Opera10beta\program\plugins\npqtplugin3.dll
FF - plugin: d:\programy\Opera10beta\program\plugins\npqtplugin4.dll
FF - plugin: d:\programy\Opera10beta\program\plugins\npqtplugin5.dll
FF - plugin: d:\programy\Opera10beta\program\plugins\npqtplugin6.dll
FF - plugin: d:\programy\Opera10beta\program\plugins\NPSWF32.dll
FF - plugin: d:\programy\Opera10beta\program\plugins\npwmsdrm.dll
FF - plugin: d:\programy\Reader\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
d:\programy\Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1547161642-790525478-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c7,59,71,98,26,84,a0,d1,83,8f,af,ba,01,fa,b3,c6,8f,bf,1c,ba,51,b2,70,
3a,14,04,4c,96,e9,a7,76,bb,85,f7,18,2f,db,e0,21,ae,13,86,4e,d5,ac,7f,64,78,\
"??"=hex:18,68,64,58,b2,32,7c,ed,9d,b5,62,2e,44,c3,71,96

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:őwjY*]
"DisplayName"="???\16?\11\09"
"DeviceDesc"="???\16?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"g:\\chipset\\7-ser\\xp\\sbdrv\\smbus\\smbusati.inf\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="EAA800C2F80881ADF5AF957F34BDF7114DA3C3EEB59112A58C8684197BC7C722289E9413F02A1C730D19948C3AA7A790142F8476CA91F3663F707FB450DDACD74E8656DE697B193F179A7014AD4067114241835D87D7CC803F7815205E4E6CBD9D3AD22209A69CBEAA12B0191C006A9AE156654F01CB7972AA5FA6D25C15B4EC6D59FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D8EDD5E5BE2F6E667C038D530D6EB3452DD2668A792F166BA2DAC8AFD494A5B00055C2806C8C1D61EE555191AEB0CF87852F40ED1E71257619983FD4203680FE26B7EDD5C87DEA6A3B9E3A7CD16933A51F01833FABFA5011C7BD8DF82F1E818CE92BD8DD33537A963E7CB60D73A41D6B5981961A83005FC456DFBDE527A3D44FB75D22A3025F3029368CF9E4C3698648259E1775E482BF775BCA2FD4A767875E6BD5BFC3A1C63E53460968CC6DCBE8ED278C2A6290538308D6D631405B255A04FCAD822BFD4782184AEA92CE27680140CF1EDF3165CF1FCAF35BC4A236FAF4F38323007117C47900A627852C33DCBC9D0707C3A38B53D44C37E0EA2C863081DEB39ACF182360AA60EC055A78EDFB2958ED6E8A7A6EC280373671C6C9B36843E765DF8F9EC97A06A9E42F528EC01ED73713B92BC7CD2614AAFC38E504905EC75264B28892D2A0A758B9374A58D3957726B653D4FD6AABD3CAA99F04800602F9D116930E1226DEEF6EA14514420926E36B355100A592C3414DBA336A4F34F5B228DCE6816B3D1972F945AEB7DDB0D55F5C4B916E9AA05E19B7ECFB106DD49A686B9C4100FC7BDF1F5A72D8D1E799A537B5B7ABE427552853491C01C64773CE95E744D4787CC0B8FB503895F46B72253A7FAAF5E37672C045258CC900B010822D3629B948EB188A76CCDA0EE6A56FEE3EE69272BC1B49664FD597F10183F8270246B95E009ECF7132CF056AF541D0138D42FE2C1329390D2D3E0167F7EF8F319A03B58F92F7510D09A9843782054E928F79D9821A9BD089F037C05A704799A05AE43B28F0C49798174B5B4823F4B722D07C3B12C1C73E23E5001EFB3C49126C24636A8397FE7D26B057FA8EC76D04366C37AC92BD475F6469484B3352F143C01F50DF16FBCD6ADF930EB57B9DCBCFC97865935C7718B13743CE35E9E06D7F696DE83F88F4D1F11B8EABBA64FE1E833263B3FF814E3007429473BB14B60BA617AB69A5D5C0B4C765AC1ED3478C3B1EA1F60504C80F02251E5C8EFA474A79AFD4BC596F378A6704BB5D0C6CF631879A03008F01FE633C4CFD4E929E1BD1DDB414969FDC36F241EF243CBD1FDA24926432B5CCA1202993D0DC167D0C829D06514D7939E882DD9EFC2A2785BF82D92A03689964D7BF06266999A91976AA02B24D382"
.
Celkový čas: 2010-03-29 22:05:55
ComboFix-quarantined-files.txt 2010-03-29 20:05
ComboFix2.txt 2010-03-29 19:37

Před spuštěním: 4 297 121 792
Po spuštění: 4 258 881 536

- - End Of File - - 863340A75DB4007EA45FB32F7D2A3CF1

#9 Příspěvek od **Caroprd111** » 30 bře 2010 05:03

Jak to vypadá s PC

koncentrak · #10 Příspěvek od **koncentrak** » 30 bře 2010 13:13

vypadá to že je vše v pořádku. Děkuji

#11 Příspěvek od **Caroprd111** » 30 bře 2010 13:15

Poprosím o nový log z RSIT.

koncentrak · #12 Příspěvek od **koncentrak** » 30 bře 2010 14:02

Logfile of random's system information tool 1.06 (written by random/random)
Run by Strongmann at 2010-03-30 15:01:00
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (21%) free of 20 GB
Total RAM: 2046 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:01:07, on 30.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Programy\Defraq\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
D:\Programy\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Programy\ActiveSync\wcescomm.exe
D:\Programy\ACTIVE~1\rapimgr.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Strongmann\Plocha\RSIT.exe
D:\Programy\hijackthis\Strongmann.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.iobit.com/advancedwindowscar ... r=download
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy\Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [denicek] "F:\Daniel\Daniel\cviceni\můj deníček.XLS"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Programy\ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Programy\ACTIVE~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Programy\ACTIVE~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Programy\ACTIVE~1\INetRepl.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\FRONTP~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.21.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CB6E056-FAF0-42A7-B7CE-C028C9B680E1}: NameServer = 10.0.0.138
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\Programy\Defraq\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Programy\Spyware Terminator\sp_rsser.exe

--
End of file - 10500 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2009-06-24 491520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-12 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2009-06-24 491520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-08-26 16851456]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-03-19 2046816]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-05-01 86016]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Adobe Reader Speed Launcher"=D:\Programy\Reader\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-11 417792]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-10 218032]
"denicek"=F:\Daniel\Daniel\cviceni\můj deníček.XLS [2010-02-20 82432]
"Google Update"=C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-12-04 135664]
"H/PC Connection Agent"=D:\Programy\ActiveSync\wcescomm.exe [2006-11-13 1289000]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-23 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Programy\ICQ6.5\ICQ.exe"="D:\Programy\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Hry\Soldat\Soldat.exe"="D:\Hry\Soldat\Soldat.exe:*:Enabled:http://soldat.pl"
"D:\Hry\TrackMania Nations ESWC\TmNationsESWC.exe"="D:\Hry\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\Hry\TMS2003\Tennis Masters Series 2003.exe"="D:\Hry\TMS2003\Tennis Masters Series 2003.exe:*:Enabled:Tennis Masters Series 2003"
"D:\Hry\Wolfenstein - Enemy Territory\ET.exe"="D:\Hry\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\Programy\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe"="D:\Programy\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe:*:Enabled:MxDownloadServer"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Hry\call of juarez\CoJBiBGame_x86.exe"="D:\Hry\call of juarez\CoJBiBGame_x86.exe:*:Enabled:Call of Juarez: Bound in Blood"
"D:\Hry\Activision\Call of Duty 2\CoD2MP_s.exe"="D:\Hry\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\Hry\Race driver grid\Grid\GRID.exe"="D:\Hry\Race driver grid\Grid\GRID.exe:*:Enabled:GRID Executable"
"D:\Hry\Pes 2010\pes2010.exe"="D:\Hry\Pes 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"D:\Programy\Opera10beta\opera.exe"="D:\Programy\Opera10beta\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Programy\Steam\steamapps\common\peggle nights\PeggleNights.exe"="D:\Programy\Steam\steamapps\common\peggle nights\PeggleNights.exe:*:Enabled:Peggle Nights"
"D:\Programy\Spyware Terminator\SpywareTerminatorUpdate.exe"="D:\Programy\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\Strongmann\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"D:\Programy\ActiveSync\rapimgr.exe"="D:\Programy\ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\Programy\ActiveSync\wcescomm.exe"="D:\Programy\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\Programy\ActiveSync\WCESMgr.exe"="D:\Programy\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"D:\Hry\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe"="D:\Hry\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II"
"D:\Hry\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe"="D:\Hry\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update"
"D:\Hry\Ubisoft\Assassin's Creed II\UPlayBrowser.exe"="D:\Hry\Ubisoft\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Programy\ActiveSync\rapimgr.exe"="D:\Programy\ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\Programy\ActiveSync\wcescomm.exe"="D:\Programy\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\Programy\ActiveSync\WCESMgr.exe"="D:\Programy\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======File associations======

.js - edit -

======List of files/folders created in the last 1 months======

2010-03-29 22:05:55 ----A---- C:\ComboFix.txt
2010-03-29 21:59:24 ----D---- C:\ComboFix
2010-03-29 21:37:24 ----D---- C:\WINDOWS\temp
2010-03-29 21:25:31 ----A---- C:\WINDOWS\zip.exe
2010-03-29 21:25:31 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-29 21:25:31 ----A---- C:\WINDOWS\SWSC.exe
2010-03-29 21:25:31 ----A---- C:\WINDOWS\SWREG.exe
2010-03-29 21:25:31 ----A---- C:\WINDOWS\sed.exe
2010-03-29 21:25:31 ----A---- C:\WINDOWS\PEV.exe
2010-03-29 21:25:31 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-29 21:25:31 ----A---- C:\WINDOWS\MBR.exe
2010-03-29 21:25:31 ----A---- C:\WINDOWS\grep.exe
2010-03-29 21:25:25 ----D---- C:\WINDOWS\ERDNT
2010-03-29 21:22:19 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-29 21:19:46 ----D---- C:\Qoobox
2010-03-25 22:49:14 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\Ubisoft
2010-03-25 22:49:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Ubisoft
2010-03-25 22:39:46 ----D---- C:\Program Files\Ubisoft
2010-03-25 11:04:37 ----D---- C:\Program Files\Common Files\Xara
2010-03-16 14:47:30 ----A---- C:\WINDOWS\ezmacros.INI
2010-03-16 14:47:18 ----A---- C:\WINDOWS\unezmac.ini

======List of files/folders modified in the last 1 months======

2010-03-30 11:52:25 ----D---- C:\WINDOWS\system32
2010-03-30 11:52:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-30 09:35:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-30 09:35:51 ----A---- C:\WINDOWS\wincmd.ini
2010-03-30 08:48:50 ----D---- C:\WINDOWS
2010-03-30 08:48:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-03-30 06:55:28 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\Spyware Terminator
2010-03-30 06:55:07 ----D---- C:\WINDOWS\Prefetch
2010-03-29 22:05:06 ----A---- C:\WINDOWS\system.ini
2010-03-29 22:04:03 ----D---- C:\WINDOWS\system32\drivers
2010-03-29 22:04:03 ----D---- C:\WINDOWS\AppPatch
2010-03-29 22:04:00 ----D---- C:\Program Files\Common Files
2010-03-29 22:01:33 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-29 21:36:11 ----SD---- C:\WINDOWS\Tasks
2010-03-29 21:33:37 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-29 21:22:55 ----D---- C:\Documents and Settings
2010-03-29 18:34:38 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-03-29 13:12:06 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-03-29 12:01:03 ----A---- C:\WINDOWS\MAILTRAN.INI
2010-03-29 09:21:57 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-28 12:05:09 ----D---- C:\$AVG8.VAULT$
2010-03-27 09:11:18 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\ICQ
2010-03-25 22:48:07 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-25 22:47:31 ----SHD---- C:\WINDOWS\Installer
2010-03-25 22:47:31 ----D---- C:\Config.Msi
2010-03-25 22:47:26 ----HD---- C:\WINDOWS\inf
2010-03-25 22:47:06 ----RSD---- C:\WINDOWS\assembly
2010-03-25 22:46:44 ----D---- C:\WINDOWS\system32\DirectX
2010-03-25 22:39:46 ----RD---- C:\Program Files
2010-03-25 18:00:11 ----D---- C:\Documents and Settings\Strongmann\Data aplikací\gtk-2.0
2010-03-25 11:04:50 ----RSD---- C:\WINDOWS\Fonts
2010-03-21 17:26:37 ----A---- C:\WINDOWS\TRNCOM.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-23 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-23 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-14 108552]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-27 4754432]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2008-08-07 111360]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 a09y8qrk;a09y8qrk; C:\WINDOWS\system32\drivers\a09y8qrk.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 catchme;catchme; \??\C:\DOCUME~1\STRONG~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cglptnt;cglptnt; \??\C:\totalcmd\cglptnt.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-10-06 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-10-06 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbser;USB Serial emulation modem driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-23 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-23 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ES lite Service;ES lite Service for program management.; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [2008-12-09 68136]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2009-05-01 168004]
R2 O&O Defrag;O&O Defrag; D:\Programy\Defraq\oodag.exe [2009-09-12 1488128]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-10-02 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-03-29 214520]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; D:\Programy\Spyware Terminator\sp_rsser.exe [2010-01-25 488960]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-06 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#13 Příspěvek od **Caroprd111** » 30 bře 2010 14:44

Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter

Obrázek

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

Spusťte.
Klikněte na "CleanUp!". Potvrďte hlášky stiskem "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

Záložka Čistič
Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

Záložka Registry
Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít

V logu nevidím firewall, doinstalujte

Přehled: http://www.viry.cz/forum/viewtopic.php?f=41&t=6523

koncentrak · #14 Příspěvek od **koncentrak** » 30 bře 2010 20:28

vše provedeno

jen mám pocit že mi teď vypadává internet jen nevím jestli není chyba spíš na straně O2

#15 Příspěvek od **Caroprd111** » 30 bře 2010 20:33

Otestujte to a případně se ozvěte.

VIRY.CZ

preventivně

preventivně

Re: preventivně

Re: preventivně

Re: preventivně

Re: preventivně

Re: preventivně

Re: preventivně

Re: preventivně

Re: preventivně

Re: preventivně

Re: preventivně

Re: preventivně

Re: preventivně

Re: preventivně

Re: preventivně