Po startu XP vyskakuje chyba csrcs.exe

[mika666]

co s tím? Díky

RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by pa at 2010-04-06 08:13:58
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 173 GB (72%) free of 238 GB
Total RAM: 1014 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:48, on 6.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRAM FILES\VALID\CHAT\CHAT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LINKMAGIC\LINKMAGIC.EXE
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\pa\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\pa.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://flvdirect.iamwired.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.150.249:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\1610\5853\3105\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: everyflv - {b97e1219-5186-2e19-7f49-4d17009b6108} - C:\WINDOWS\system32\-C0_zlIdAzS_.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Chat] C:\PROGRAM FILES\VALID\CHAT\CHAT.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\RunServices: [csrcs] C:\WINDOWS\system32\csrcs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [XPRTRFVB] C:\WINDOWS\system32\msnmsg.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 123.lnk = C:\Program Files\TightVNC\WinVNC.exe
O4 - Global Startup: LINKMAGIC.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Star Downloaderem - C:\Programy\Star Downloader\sdie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B00E46D-B5BB-4554-A984-E3B69D69EC0C}: NameServer = 192.168.124.254,192.168.123.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B00E46D-B5BB-4554-A984-E3B69D69EC0C}: NameServer = 192.168.124.254,192.168.123.254
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7506 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\1610\5853\3105\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-03-30 1602912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-08-05 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-10 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b97e1219-5186-2e19-7f49-4d17009b6108}]
everyflv - C:\WINDOWS\system32\-C0_zlIdAzS_.dll [2010-03-22 1122304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-08-05 2403392]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-13 16239616]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"Chat"=C:\PROGRAM FILES\VALID\CHAT\CHAT.EXE [2005-09-18 101888]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-03-30 2064224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"csrcs"=C:\WINDOWS\system32\csrcs.exe []
"XPRTRFVB"=C:\WINDOWS\system32\msnmsg.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-03-12 524632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-02-15 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-07-09 2173440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2009-06-12 3055616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-09 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^pa^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-01-15 393216]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
LINKMAGIC.lnk - C:\Program Files\LINKMAGIC\LINKMAGIC.EXE

C:\Documents and Settings\pa\Nabídka Start\Programy\Po spuštění
123.lnk - C:\Program Files\TightVNC\WinVNC.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-03-05 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programy\QIP\qip.exe"="C:\Programy\QIP\qip.exe:*:Disabled:Quiet Internet Pager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\setup\HPPNIPRINT01.EXE"="D:\setup\HPPNIPRINT01.EXE:*:Enabled:hppniprint01.exe"
"D:\setup\HPPNIPRINT64.EXE"="D:\setup\HPPNIPRINT64.EXE:*:Enabled:hppniprint64.exe"
"D:\setup\HPPNICIFS01.EXE"="D:\setup\HPPNICIFS01.EXE:*:Enabled:hppnicifs01.exe"
"D:\setup\HPNTWKEXE.EXE"="D:\setup\HPNTWKEXE.EXE:*:Enabled:hpntwkexe.exe"
"C:\Program Files\VALID\Chat\chat.exe"="C:\Program Files\VALID\Chat\chat.exe:*:Enabled:VALID CHAT pro lokální sítě"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"\\Nb3\GorpokSD\Gorpok\WPOK.EXE"="\\Nb3\GorpokSD\Gorpok\WPOK.EXE:*:Enabled:WPOK.EXE"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\TightVNC\WinVNC.exe"="C:\Program Files\TightVNC\WinVNC.exe:*:Enabled:TightVNC Win32 Server"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{134e36f0-176d-11dd-acac-0015586c6485}]
shell\AutoRun\command - E:\kByBSm.exE
shell\oPEN\command - E:\KBYbSM.eXe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e7eddfa-4c07-11dd-acf4-0015586c6485}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\m.exe /s

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39597b1a-1ba4-11df-80f0-0015586c6485}]
shell\AutoRun\command - E:\kByBSm.exE
shell\oPEN\command - E:\KBYbSM.eXe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47514fee-3581-11df-8109-0015586c6485}]
shell\AutoRun\command - E:\kByBSm.exE
shell\oPEN\command - E:\KBYbSM.eXe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f6e6377-2338-11de-ae07-0015586c6485}]
shell\AutoRun\command - E:\XEyQSa.eXe
shell\OpEN\command - E:\xeYqSa.eXe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5189b00a-8572-11de-8977-0015586c6485}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\m.exe /s

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ffaf8f7-373e-11df-810c-0015586c6485}]
shell\AutoRun\command - E:\OSJudj.EXe
shell\oPen\command - E:\OSJudJ.Exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e4506b2-51d3-11de-8929-0015586c6485}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\m.exe /s

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ee17e65-2596-11de-ae0a-0015586c6485}]
shell\explore\command - Images.exe
shell\open\command - Images.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c60c3b60-f6ca-11dd-adca-0015586c6485}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\m.exe /s

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2ab66db-34fb-11dc-abac-0015586c6485}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(0)\command - Recycled\ctfmon.exe


======List of files/folders created in the last 1 months======

2010-04-06 08:13:59 ----D---- C:\Program Files\trend micro
2010-04-06 08:13:58 ----D---- C:\rsit
2010-03-30 09:44:44 ----D---- C:\Documents and Settings\pa\Data aplikací\Opera
2010-03-30 09:44:24 ----D---- C:\Program Files\Opera
2010-03-29 13:00:42 ----D---- C:\Program Files\Common Files\Apple
2010-03-29 12:59:52 ----D---- C:\Program Files\QuickTime
2010-03-29 12:59:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-03-26 15:37:20 ----A---- C:\WINDOWS\system32\55UtR0E-.exe
2010-03-26 15:37:08 ----D---- C:\Program Files\FLV Direct Player
2010-03-26 15:36:53 ----A---- C:\WINDOWS\system32\FLVDirect.exe
2010-03-22 15:14:18 ----A---- C:\WINDOWS\system32\-C0_zlIdAzS_.dll
2010-03-12 14:52:16 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-03-10 18:13:25 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$

======List of files/folders modified in the last 1 months======

2010-04-06 08:14:03 ----D---- C:\WINDOWS\Temp
2010-04-06 08:14:01 ----D---- C:\WINDOWS\Prefetch
2010-04-06 08:13:59 ----RD---- C:\Program Files
2010-04-02 16:30:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-01 14:58:42 ----D---- C:\WINDOWS
2010-04-01 14:58:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-01 14:25:55 ----D---- C:\WINDOWS\system32\drivers
2010-04-01 13:36:53 ----D---- C:\WINDOWS\system32
2010-04-01 12:15:00 ----SHD---- C:\System Volume Information
2010-04-01 12:14:07 ----HD---- C:\WINDOWS\inf
2010-04-01 12:13:51 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-01 12:05:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-04-01 12:05:46 ----D---- C:\WINDOWS\Debug
2010-04-01 11:57:31 ----D---- C:\WINDOWS\system32\Restore
2010-03-31 17:02:29 ----D---- C:\Program Files\Internet Explorer
2010-03-31 17:01:41 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-30 09:44:41 ----SHD---- C:\WINDOWS\Installer
2010-03-30 09:44:31 ----HD---- C:\Config.Msi
2010-03-29 13:14:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-26 17:57:19 ----D---- C:\Documents and Settings\pa\Data aplikací\ICQ
2010-03-25 13:38:55 ----D---- C:\Documents and Settings\pa\Data aplikací\gtk-2.0
2010-03-24 09:23:00 ----D---- C:\Program Files\Mozilla Firefox
2010-03-23 18:03:59 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-10 18:13:27 ----D---- C:\Program Files\Movie Maker

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-05 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-03-05 29512]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-03-05 242696]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-14 4299264]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-26 81408]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-03-05 916760]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-05 308064]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-06-12 487424]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-05 138168]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-12 1029456]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[cernohous13]

Zdravím,

nejdřív vyčistíme to, co je vidět

Stáhni OTM z odkazu a rozbal nejlépe na plochu.
http://oldtimer.geekstogo.com/OTM.exe

Spusť program „OTM.exe“
Do okna pod žlutou čáru vlož celý text zeleným písmem ze „Scriptu“

Klikni na červené „Moveit!“
Do své odpovědi vlož obsah zeleného okna
Při nabídce restartu „YES“
a log potom najdeš v C:\_OTM\MovedFiles\

Kód: Vybrat vše

:Processes
explorer.exe

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b97e1219-5186-2e19-7f49-4d17009b6108}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"csrcs"=-
"XPRTRFVB"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{134e36f0-176d-11dd-acac-0015586c6485}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e7eddfa-4c07-11dd-acf4-0015586c6485}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39597b1a-1ba4-11df-80f0-0015586c6485}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47514fee-3581-11df-8109-0015586c6485}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f6e6377-2338-11de-ae07-0015586c6485}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5189b00a-8572-11de-8977-0015586c6485}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ffaf8f7-373e-11df-810c-0015586c6485}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e4506b2-51d3-11de-8929-0015586c6485}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ee17e65-2596-11de-ae0a-0015586c6485}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c60c3b60-f6ca-11dd-adca-0015586c6485}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2ab66db-34fb-11dc-abac-0015586c6485}]

:Files
C:\WINDOWS\system32\csrcs.exe
C:\WINDOWS\system32\-C0_zlIdAzS_.dll
C:\WINDOWS\system32\55UtR0E-.exe

:Services
csrcs
everyflv

:Commands
[emptytemp]
[purity]
[start explorer]
[Reboot]

Jednotka E: je USBklíč?

[mika666]

ano E:/ bývá USB klíčenka


log

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"|"explorer.exe" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b97e1219-5186-2e19-7f49-4d17009b6108}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b97e1219-5186-2e19-7f49-4d17009b6108}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\csrcs deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\XPRTRFVB deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{134e36f0-176d-11dd-acac-0015586c6485}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{134e36f0-176d-11dd-acac-0015586c6485}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e7eddfa-4c07-11dd-acf4-0015586c6485}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e7eddfa-4c07-11dd-acf4-0015586c6485}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39597b1a-1ba4-11df-80f0-0015586c6485}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39597b1a-1ba4-11df-80f0-0015586c6485}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47514fee-3581-11df-8109-0015586c6485}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47514fee-3581-11df-8109-0015586c6485}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f6e6377-2338-11de-ae07-0015586c6485}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f6e6377-2338-11de-ae07-0015586c6485}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5189b00a-8572-11de-8977-0015586c6485}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5189b00a-8572-11de-8977-0015586c6485}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ffaf8f7-373e-11df-810c-0015586c6485}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ffaf8f7-373e-11df-810c-0015586c6485}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e4506b2-51d3-11de-8929-0015586c6485}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e4506b2-51d3-11de-8929-0015586c6485}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ee17e65-2596-11de-ae0a-0015586c6485}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ee17e65-2596-11de-ae0a-0015586c6485}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c60c3b60-f6ca-11dd-adca-0015586c6485}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c60c3b60-f6ca-11dd-adca-0015586c6485}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2ab66db-34fb-11dc-abac-0015586c6485}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ab66db-34fb-11dc-abac-0015586c6485}\ not found.
========== FILES ==========
File/Folder C:\WINDOWS\system32\csrcs.exe not found.
C:\WINDOWS\system32\-C0_zlIdAzS_.dll moved successfully.
C:\WINDOWS\system32\55UtR0E-.exe moved successfully.
========== SERVICES/DRIVERS ==========
Error: No service named csrcs was found to stop!
Service\Driver key csrcs not found.
Error: No service named everyflv was found to stop!
Service\Driver key everyflv not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: music

User: NetworkService
->Temp folder emptied: 193334 bytes
->Temporary Internet Files folder emptied: 40363900 bytes

User: pa
->Temp folder emptied: 15937726 bytes
->Temporary Internet Files folder emptied: 434957 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39745309 bytes
->Flash cache emptied: 687 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2148726 bytes
%systemroot%\System32 .tmp files removed: 12028360 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 137797 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23946654 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 72626705 bytes

Total Files Cleaned = 198,00 mb


OTM by OldTimer - Version 3.1.10.1 log created on 04062010_095650

Files moved on Reboot...

Registry entries deleted on Reboot...

[cernohous13]

Zasuň používané USBklíče

Stáhni si ComboFix
a ulož ho na plochu.
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

[mika666]

ComboFix 10-04-06.01 - pa 07.04.2010 11:05:07.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.428 [GMT 2:00]
Spuštěný z: c:\documents and settings\pa\Plocha\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Plocha\FLV Direct Player.lnk
c:\program files\FLV Direct Player
c:\program files\FLV Direct Player\downloading.swf
c:\program files\FLV Direct Player\dskinliteu.dll
c:\program files\FLV Direct Player\FLVPlayer.exe
c:\program files\FLV Direct Player\player.dat
c:\program files\FLV Direct Player\preload.swf
c:\program files\FLV Direct Player\SkinDirectFLV\skin.xml
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Button\button_default.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Button\button_disable.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Button\button_down.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Button\button_hot.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Button\button_normal.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonDown.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonHot.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonNor.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\edit_back.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Menu\menubg.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_arrow.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_check.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuitem_select.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_seperator.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_down.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_hot.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_nor.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_down.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_hot.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_nor.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_down.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_hot.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_nor.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_down.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_hot.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_nor.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\BottomBorder.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\downarrow.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\LeftBorder.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\Logo.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\main.ico
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\RightBorder.bmp
c:\program files\FLV Direct Player\SkinDirectFLV\skin\Window\TitlePattern.bmp
c:\program files\FLV Direct Player\uninstall.exe
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-07 do 2010-04-07 )))))))))))))))))))))))))))))))
.

2010-04-06 07:56 . 2010-04-06 07:56 -------- d-----w- C:\_OTM
2010-04-06 06:13 . 2010-04-06 06:14 -------- d-----w- c:\program files\trend micro
2010-04-06 06:13 . 2010-04-06 06:15 -------- d-----w- C:\rsit
2010-04-01 12:48 . 2001-08-17 18:49 26624 -c--a-w- c:\windows\system32\dllcache\ativxbar.sys
2010-04-01 12:36 . 2001-08-17 20:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2010-03-30 07:44 . 2010-04-06 06:54 -------- d-----w- c:\program files\Opera
2010-03-29 11:00 . 2010-03-29 11:00 -------- d-----w- c:\program files\Common Files\Apple
2010-03-29 10:59 . 2010-03-29 11:00 -------- d-----w- c:\program files\QuickTime
2010-03-26 13:36 . 2010-03-26 13:36 634352 ----a-w- c:\windows\system32\FLVDirect.exe
2010-03-12 12:52 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-10 07:05 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-07 09:11 . 2007-07-18 06:55 529 ----a-w- c:\windows\system32\SP701ASM.dat
2010-03-29 11:14 . 2006-03-02 12:00 87218 ----a-w- c:\windows\system32\perfc005.dat
2010-03-29 11:14 . 2006-03-02 12:00 447112 ----a-w- c:\windows\system32\perfh005.dat
2010-03-05 07:28 . 2009-04-28 05:31 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-05 07:28 . 2010-03-05 07:28 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-05 07:28 . 2008-03-12 13:17 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-05 07:28 . 2009-04-28 05:31 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-05 07:28 . 2009-04-28 05:31 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-25 06:18 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-15 09:36 . 2009-12-03 08:47 -------- d-----w- c:\program files\rajce
2010-02-08 15:00 . 2009-06-12 05:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"Chat"="c:\program files\VALID\CHAT\CHAT.EXE" [2005-09-18 101888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\pa\Nabˇdka Start\Programy\Po spuçtŘnˇ\
123.lnk - c:\program files\TightVNC\WinVNC.exe [2007-5-7 589824]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
LINKMAGIC.lnk - c:\program files\LINKMAGIC\LINKMAGIC.EXE [2007-7-18 1822720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-05 07:28 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^pa^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\pa\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-12 07:06 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-11-16 15:36 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-15 16:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 17:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2009-07-09 06:48 2173440 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2009-06-12 10:30 3055616 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 02:00 132496 ----a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-09 08:52 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 17:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programy\\QIP\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VALID\\Chat\\chat.exe"=
"\\\\Nb3\\GorpokSD\\Gorpok\\WPOK.EXE"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\TightVNC\\WinVNC.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [28.4.2009 7:31 52872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12.6.2009 8:06 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28.4.2009 7:31 216200]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [28.4.2009 7:31 242696]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [12.6.2009 12:30 142592]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [5.3.2010 9:28 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [5.3.2010 9:28 308064]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2.7.2009 13:21 222968]
S0 nqxka;nqxka; [x]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 1029456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'

2010-03-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 07:06]

2010-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://flvdirect.iamwired.net/
uInternet Settings,ProxyServer = 172.16.150.249:3128
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout Star Downloaderem - c:\programy\Star Downloader\sdie.htm
TCP: {2B00E46D-B5BB-4554-A984-E3B69D69EC0C} = 192.168.124.254,192.168.123.254
FF - ProfilePath - c:\documents and settings\pa\Data aplikací\Mozilla\Firefox\Profiles\kqp94sk0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=42&tp=ab&q=
FF - prefs.js: network.proxy.ftp - 172.16.150.249
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 172.16.150.249
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 172.16.150.249
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 172.16.150.249
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 172.16.150.249
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{f1dadeef-cba7-9d0e-ba1c-50eb64b6eefa}\components\CAiIzK.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-55UtR0E- - c:\windows\system32\55UtR0E-.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 11:11
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-04-07 11:13:58
ComboFix-quarantined-files.txt 2010-04-07 09:13

Před spuštěním: Volných bajtů: 180 791 193 600
Po spuštění: Volných bajtů: 180 748 333 056

- - End Of File - - 113971790381CDBA10B144FFA2A6436D

[cernohous13]

Pokud nemáš ComboFix na ploše, přesuň jej tam.
Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

ComboFix se spustí - počkej na log a vlož ho sem.

CFscript

Kód: Vybrat vše

KillAll::

Registry::
[-HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[-HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"

Driver::
nqxka

Firefox::
FF - ProfilePath - c:\documents and settings\pa\Data aplikací\Mozilla\Firefox\Profiles\kqp94sk0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch ... ps&search=
FF - component: c:\program files\Mozilla Firefox\extensions\{f1dadeef-cba7-9d0e-ba1c-50eb64b6eefa}\components\CAiIzK.dll

Při zasunutých klíčenkách

-Stáhni na plochu UsbFix
-spusť -> zvol jazyk E - [enter]
-klik 1 - [enter] -> po skenu dej log sem (C:\UsbFix.txt)

[mika666]

ComboFix 10-04-07.01 - pa 08.04.2010 9:08.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.551 [GMT 2:00]
Spuštěný z: c:\documents and settings\pa\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\pa\Plocha\CFscript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\extensions\{f1dadeef-cba7-9d0e-ba1c-50eb64b6eefa}\components\CAiIzK.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_nqxka


((((((((((((((((((((((((( Soubory vytvořené od 2010-03-08 do 2010-04-08 )))))))))))))))))))))))))))))))
.

2010-04-06 07:56 . 2010-04-06 07:56 -------- d-----w- C:\_OTM
2010-04-06 06:13 . 2010-04-06 06:14 -------- d-----w- c:\program files\trend micro
2010-04-06 06:13 . 2010-04-06 06:15 -------- d-----w- C:\rsit
2010-04-01 12:48 . 2001-08-17 18:49 26624 -c--a-w- c:\windows\system32\dllcache\ativxbar.sys
2010-04-01 12:36 . 2001-08-17 20:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2010-03-30 07:44 . 2010-04-06 06:54 -------- d-----w- c:\program files\Opera
2010-03-29 11:00 . 2010-03-29 11:00 -------- d-----w- c:\program files\Common Files\Apple
2010-03-29 10:59 . 2010-03-29 11:00 -------- d-----w- c:\program files\QuickTime
2010-03-26 13:36 . 2010-03-26 13:36 634352 ----a-w- c:\windows\system32\FLVDirect.exe
2010-03-12 12:52 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-10 07:05 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-08 07:02 . 2007-07-18 06:55 529 ----a-w- c:\windows\system32\SP701ASM.dat
2010-03-29 11:14 . 2006-03-02 12:00 87218 ----a-w- c:\windows\system32\perfc005.dat
2010-03-29 11:14 . 2006-03-02 12:00 447112 ----a-w- c:\windows\system32\perfh005.dat
2010-03-05 07:28 . 2009-04-28 05:31 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-05 07:28 . 2010-03-05 07:28 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-05 07:28 . 2008-03-12 13:17 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-05 07:28 . 2009-04-28 05:31 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-05 07:28 . 2009-04-28 05:31 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-25 06:18 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2010-02-15 09:36 . 2009-12-03 08:47 -------- d-----w- c:\program files\rajce
2010-02-08 15:00 . 2009-06-12 05:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"Chat"="c:\program files\VALID\CHAT\CHAT.EXE" [2005-09-18 101888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\pa\Nabˇdka Start\Programy\Po spuçtŘnˇ\
123.lnk - c:\program files\TightVNC\WinVNC.exe [2007-5-7 589824]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
LINKMAGIC.lnk - c:\program files\LINKMAGIC\LINKMAGIC.EXE [2007-7-18 1822720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-05 07:28 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^pa^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\pa\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-12 07:06 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-11-16 15:36 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 17:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2009-07-09 06:48 2173440 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2009-06-12 10:30 3055616 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 02:00 132496 ----a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-09 08:52 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 17:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programy\\QIP\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VALID\\Chat\\chat.exe"=
"\\\\Nb3\\GorpokSD\\Gorpok\\WPOK.EXE"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\TightVNC\\WinVNC.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [28.4.2009 7:31 52872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12.6.2009 8:06 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28.4.2009 7:31 216200]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [28.4.2009 7:31 242696]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [12.6.2009 12:30 142592]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [5.3.2010 9:28 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [5.3.2010 9:28 308064]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2.7.2009 13:21 222968]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.1.2009 23:34 1029456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'

2010-03-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 07:06]

2010-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://flvdirect.iamwired.net/
uInternet Settings,ProxyServer = 172.16.150.249:3128
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout Star Downloaderem - c:\programy\Star Downloader\sdie.htm
TCP: {2B00E46D-B5BB-4554-A984-E3B69D69EC0C} = 192.168.124.254,192.168.123.254
FF - ProfilePath - c:\documents and settings\pa\Data aplikací\Mozilla\Firefox\Profiles\kqp94sk0.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=42&tp=ab&q=
FF - prefs.js: network.proxy.ftp - 172.16.150.249
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 172.16.150.249
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 172.16.150.249
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 172.16.150.249
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 172.16.150.249
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-08 09:16
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(184)
c:\windows\system32\webcheck.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1029\OWCI11.DLL
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Celkový čas: 2010-04-08 09:21:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-08 07:21
ComboFix2.txt 2010-04-07 09:13

Před spuštěním: Volných bajtů: 180 759 502 848
Po spuštění: Volných bajtů: 180 625 620 992







----------------------------------------------------------------------------

UsbFix


############################## | UsbFix V6.100 |

User : pa (Administrators) # PC-M
Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 9:40:15 | 8.4.2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Celeron(R) CPU 2.80GHz
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AVG Anti-Virus 9.0 [ (!) Disabled | Updated ]

A:\ -> Disketová jednotka 3 1/2"
C:\ -> Místní pevný disk # 232,88 Go (168,24 Go free) # NTFS
D:\ -> Disk CD-ROM
E:\ -> Vyměnitelný disk # 3,84 Go (1,58 Go free) # FAT32
F:\ -> Vyměnitelný disk # 3,8 Go (2,19 Go free) # FAT32
P:\ -> Síťové připojení # 74,53 Go (42,25 Go free) # NTFS
X:\ -> Síťové připojení # 291,35 Go (148,88 Go free) [Volume_1] # NTFS
Y:\ -> Síťové připojení # 291,35 Go (148,88 Go free) [Volume_1] # NTFS

################## | Files # Infected Folders |

C:\khw
E:\autorun.inf -> Called file : "E:\KBYbSM.eXe" ( Found ! )
E:\autorun.inf
F:\autorun.inf -> Called file : "F:\Images.exe" ( Not Found ! )
F:\autorun.inf
P:\khv
P:\khw

################## | Registry |

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{134e36f0-176d-11dd-acac-0015586c6485}
Shell\AutoRun\command =E:\kByBSm.exE
Shell\oPEN\cOMmand =E:\KBYbSM.eXe

HKCU\..\..\Explorer\MountPoints2\{9ee17e65-2596-11de-ae0a-0015586c6485}
shell\explore\Command =Images.exe
shell\open\Command =Images.exe

################## | Vaccin |


################## | ! End of report # UsbFix V6.100 ! |


- - End Of File - - 4BA47EC57C809CC334022A9158512A9D

[cernohous13]

Klikni na https://www.virustotal.com/cs/
klik "Procházet" > do zadávacího pole zkopíruj:

c:\windows\system32\msls31.dll

"Odeslat soubor" (pokud byl již testován, nech testovat znovu)
Trpělivě vyčkej dokončení scanu dokud se neobjeví konečný výsledek např.0/39
Do fóra zkopíruj výsledný log. nebo link na stránku.

totéž se souborem:
c:\program files\Common Files\Microsoft Shared\Web Components\11\1029\OWCI11.DLL

USBfix

spusť znovu -> klik 2 - [enter]
-Počítač sa restartuje a dokončí skan a mazání
-na ploš se vytvoří - log.zip -> Usb fix upload -> otevři a usbfix.txt dej sem

Co je toto? P:\ -> Síťové připojení # 74,53 Go (42,25 Go free) # NTFS
P:\khv P:\khw

[mika666]

UsbFix se mi kousl, už hodinu scanuje

okno usbfixu

scan progress 80%
cleaning of temporary files......please wait


co mám dělat?
restartovat?

[Marek-26]

Zaskočím na chvilku za kolegu
Okno USB Fixu můžete zavřít Pročistěte PC pomocí CCleaneru a poté zkuste znovu spustit USB Fix

[mika666]

Disk P:\ je síťový HDD kde je účetnictví
X: síťový HDD pro zálohy
Y: síťový HDD pro zálohy

-------------------------------------------------------------------------------------------------------------

kontrola
c:\windows\system32\msls31.dll
0/39
https://www.virustotal.com/cs/analisis/ ... 1270554610


c:\program files\Common Files\Microsoft Shared\Web Components\11\1029\OWCI11.DLL
0/39
https://www.virustotal.com/cs/analisis/ ... 1270795702


-------------------------------------------------------------------------------------------------------------
log bez připojených síťových disků P: X: Y:


############################## | UsbFix V6.100 |

User : pa (Administrators) # PC-M
Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 9:06:12 | 9.4.2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Celeron(R) CPU 2.80GHz
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AVG Anti-Virus 9.0 [ (!) Disabled | Updated ]

A:\ -> Disketová jednotka 3 1/2"
C:\ -> Místní pevný disk # 232,88 Go (167,69 Go free) # NTFS
D:\ -> Disk CD-ROM
E:\ -> Vyměnitelný disk # 3,84 Go (1,58 Go free) # FAT32
F:\ -> Vyměnitelný disk # 3,8 Go (2,19 Go free) # FAT32

################## | Files # Infected Folders |

Deleted ! C:\khw
Deleted ! C:\Recycler\S-1-5-21-2025429265-1292428093-725345543-1004
E:\autorun.inf -> Called file : "E:\KBYbSM.eXe" ( Found ! )
Deleted ! E:\KBYbSM.eXe
Deleted ! E:\autorun.inf
F:\autorun.inf -> Called file : "F:\Images.exe" ( Not Found ! )
F:\autorun.inf -> Called file : "F:\Images.exe" ( Not Found ! )
Deleted ! F:\autorun.inf

################## | Registry |

Deleted ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
Deleted ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Mountpoints2 |


################## | Listing of the present files |

[09.04.2010 09:05|--a------|63805] C:\aaw7boot.log
[20.06.2007 13:21|--a------|0] C:\AUTOEXEC.BAT
[20.06.2007 13:16|--a------|211] C:\Boot.bak
[07.04.2010 10:59|-rahs----|281] C:\boot.ini
[02.03.2006 14:00|-rahs----|4952] C:\Bootfont.bin
[03.08.2004 23:00|--a------|261312] C:\cmldr
[08.04.2010 09:21|--a------|17018] C:\ComboFix_1.txt
[20.06.2007 13:21|--a------|0] C:\CONFIG.SYS
[20.06.2007 13:21|-rahs----|0] C:\IO.SYS
[20.06.2007 13:21|-rahs----|0] C:\MSDOS.SYS
[02.03.2006 14:00|-rahs----|47564] C:\NTDETECT.COM
[19.03.2009 14:05|-rahs----|250576] C:\ntldr
[?|?|?] C:\pagefile.sys
[02.02.2009 09:30|--a------|16194992] C:\PDFCreator-0_9_6_setup.exe
[06.04.2010 16:47|--a------|13030] C:\PDOXUSRS.NET
[09.04.2010 09:10|--a------|2221] C:\UsbFix.txt
[14.04.2008 09:48|-rahs----|726188] E:\eogpmg.exe
[20.12.2009 12:38|--a------|2343737344] E:\Smrt źek  vçude - The Hurt Locker (2008).avi
[09.07.2009 13:26|--a------|59904] F:\O vˇnŘ.doc
[17.06.2009 16:08|--a------|358] F:\skype.txt
[15.03.2010 12:26|--a------|483] F:\AVG_9.txt
[05.01.2010 14:17|--a------|650020] F:\SSMM37.zip
[09.04.2010 09:05|--a------|1390] F:\BOOTEX.LOG
[21.05.2009 22:14|--a------|7195311] F:\mobilevideo3gp.exe
[29.03.2009 19:08|--a------|12800] F:\zivotopis2.doc
[15.03.2010 15:34|--a------|57187288] F:\Nero-9.4.12.3_free.exe
[29.01.2010 12:39|--a------|35074836] F:\Inkscape-0.46.win32.exe
[13.01.2010 08:52|--a------|3522198] F:\convert-dvd-to-avi.exe
[30.04.2009 09:05|--a------|195] F:\ping.rar

################## | Vaccination |

# C:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# E:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# F:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).

################## | Upload |

Please send the file : C:\UsbFix_Upload_Me_PC-M.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution .

################## | ! End of report # UsbFix V6.100 ! |


-------------------------------------------------------------------------------------------
tady už je připojený síťový disk P: X: Y:



############################## | UsbFix V6.100 |

User : pa (Administrators) # PC-M
Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 10:56:45 | 9.4.2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Celeron(R) CPU 2.80GHz
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AVG Anti-Virus 9.0 [ (!) Disabled | Updated ]

A:\ -> Disketová jednotka 3 1/2"
C:\ -> Místní pevný disk # 232,88 Go (167,69 Go free) # NTFS
D:\ -> Disk CD-ROM
E:\ -> Vyměnitelný disk # 3,84 Go (1,58 Go free) # FAT32
F:\ -> Vyměnitelný disk # 3,8 Go (2,19 Go free) # FAT32
P:\ -> Síťové připojení # 74,53 Go (42,19 Go free) # NTFS
X:\ -> Síťové připojení # 291,35 Go (148,88 Go free) [Volume_1] # NTFS
Y:\ -> Síťové připojení # 291,35 Go (148,88 Go free) [Volume_1] # NTFS

################## | Files # Infected Folders |

Deleted ! C:\Recycler\S-1-5-21-2025429265-1292428093-725345543-1004

################## | Registry |


################## | Mountpoints2 |


################## | Listing of the present files |

[09.04.2010 10:56|--a------|64477] C:\aaw7boot.log
[20.06.2007 13:21|--a------|0] C:\AUTOEXEC.BAT
[20.06.2007 13:16|--a------|211] C:\Boot.bak
[07.04.2010 10:59|-rahs----|281] C:\boot.ini
[02.03.2006 14:00|-rahs----|4952] C:\Bootfont.bin
[03.08.2004 23:00|--a------|261312] C:\cmldr
[08.04.2010 09:21|--a------|17018] C:\ComboFix_1.txt
[20.06.2007 13:21|--a------|0] C:\CONFIG.SYS
[20.06.2007 13:21|-rahs----|0] C:\IO.SYS
[20.06.2007 13:21|-rahs----|0] C:\MSDOS.SYS
[02.03.2006 14:00|-rahs----|47564] C:\NTDETECT.COM
[19.03.2009 14:05|-rahs----|250576] C:\ntldr
[?|?|?] C:\pagefile.sys
[02.02.2009 09:30|--a------|16194992] C:\PDFCreator-0_9_6_setup.exe
[06.04.2010 16:47|--a------|13030] C:\PDOXUSRS.NET
[09.04.2010 11:01|--a------|1944] C:\UsbFix.txt
[09.04.2010 09:12|--a------|430127] C:\UsbFix_Upload_Me_PC-M.zip
[14.04.2008 09:48|-rahs----|726188] E:\eogpmg.exe
[20.12.2009 12:38|--a------|2343737344] E:\Smrt źek  vçude - The Hurt Locker (2008).avi
[09.07.2009 13:26|--a------|59904] F:\O vˇnŘ.doc
[17.06.2009 16:08|--a------|358] F:\skype.txt
[15.03.2010 12:26|--a------|483] F:\AVG_9.txt
[05.01.2010 14:17|--a------|650020] F:\SSMM37.zip
[09.04.2010 09:05|--a------|1390] F:\BOOTEX.LOG
[21.05.2009 22:14|--a------|7195311] F:\mobilevideo3gp.exe
[29.03.2009 19:08|--a------|12800] F:\zivotopis2.doc
[15.03.2010 15:34|--a------|57187288] F:\Nero-9.4.12.3_free.exe
[29.01.2010 12:39|--a------|35074836] F:\Inkscape-0.46.win32.exe
[13.01.2010 08:52|--a------|3522198] F:\convert-dvd-to-avi.exe
[30.04.2009 09:05|--a------|195] F:\ping.rar
[09.11.2009 14:47|---h-----|460] P:\TREEINFO.WC

################## | Vaccination |

# C:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# E:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# F:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# P:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# X:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# Y:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).

[Marek-26]

Otestovat níže uvedený soubor na virustotal.com
E:\eogpmg.exe

[mika666]

Na virustotal.com test se nedokončí, hodí hlášku

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, webmaster@hispasec.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.


A AVG mě hlásí virus "PacketAutolt" v E:\eogpmg.exe

[Marek-26]

AVG zablokovalo upload viru Soubor smažte

Jak se chová PC?

[mika666]

PC zdá se být OK.