Prosím o kontrolu stále asi zavirované

[ROKO]

Toto mi našel NOD32: Iframe.B.Gen virus a TrojanClicker.IFrame.NAP virus
Vygůglil jsem na to Malwarebytes Anti-Malware který jsem spustil a nechal odstranit kolem 160 souborů.
Prosím o kontrolu logu jistě se tam něco najde

Kód: Vybrat vše

Logfile of random's system information tool 1.06 (written by random/random)
Run by L0G0S at 2010-04-08 09:25:11
Systém Microsoft Windows XP Professional Service Pack 3
System drive D: has 4 GB (19%) free of 19 GB
Total RAM: 767 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:17, on 8.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Eset\nod32kui.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Ufonuv fofr internet\EASYWIRELESSNET.EXE
D:\Documents and Settings\L0G0S\Dokumenty\Downloads\RSIT.exe
D:\Program Files\trend micro\L0G0S.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Dot TK Registry Toolbar - {22EB0F38-22A5-405B-8308-677DAA3318CF} - D:\Program Files\TK-it!\dottktb.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Dot TK Registry Toolbar - {22EB0F38-22A5-405B-8308-677DAA3318CF} - D:\Program Files\TK-it!\dottktb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MPlayerForWindows_UpdateReminder] "D:\Program Files\MPlayer for Windows\AutoUpdate.exe" /L=1033 /TASK
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {13750BBB-B753-4d3d-B660-3AEEE71535A7} - D:\Program Files\TK-it!\dottktb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F84CC0DF-1ADB-49BD-9F78-BE7112067641}: NameServer = 78.136.128.4 78.136.128.12
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c9f5c760d6b2b0) (gupdate1c9f5c760d6b2b0) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe

--
End of file - 7112 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\Google Software Updater.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-05-26 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22EB0F38-22A5-405B-8308-677DAA3318CF}]
Dot TK Registry Toolbar - D:\Program Files\TK-it!\dottktb.dll [2009-09-18 687408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-06-25 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-12 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
{22EB0F38-22A5-405B-8308-677DAA3318CF} - Dot TK Registry Toolbar - D:\Program Files\TK-it!\dottktb.dll [2009-09-18 687408]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=D:\WINDOWS\System32\NvCpl.dll [2005-06-15 6803456]
"nwiz"=nwiz.exe /install []
"Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"MPlayerForWindows_UpdateReminder"=D:\Program Files\MPlayer for Windows\AutoUpdate.exe [2009-06-13 80224]
"Adobe Acrobat Speed Launcher"=D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
""= []
"Acrobat Assistant 8.0"=D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2009-08-12 149280]
"RegistryMechanic"= []
"nod32kui"=D:\Program Files\Eset\nod32kui.exe [2009-12-21 950664]
"NvMediaCenter"=D:\WINDOWS\System32\NvMcTray.dll [2005-06-15 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=D:\Program Files\Skype\Phone\Skype.exe [2009-05-26 24267560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-25 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^L0G0S^Nabídka Start^Programy^Po spuštění^rncsys32.exe]
 []

D:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"NoSecCpl"=0
"DisableChangePassword"=0
"DisableLockWorkstation"=0
"NoDispCpl"=0
"NoDispScrSavPage"=0
"NoDispAppearancePage"=0
"NoDispSettingsPage"=0
"NoVisualStyleChoice"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoDesktop"=0
"NoActiveDesktop"=0
"HideClock"=0
"NoStartMenuPinnedList"=0
"NoStartMenuMFUprogramsList"=0
"NoUserNameInStartMenu"=0
"StartmenuLogoff"=0
"NoStartMenuSubFolders"=0
"NoCommonGroups"=0
"NoPrinterTabs"=0
"NoDeletePrinter"=0
"NoAddPrinter"=0
"NoPrinters"=0
"NoFavoritesMenu"=0
"NoRun"=0
"NoFind"=0
"NoClose"=0
"NoSetFolders"=0
"NoViewContextMenu"=0
"NoToolbarCustomize"=0
"NoRecentDocsNetHood"=0
"NoChangeAnimation"=0
"NoChangeKeyboardNavigationIndicators"=0
"NoThemesTab"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Winamp Remote\bin\Orb.exe"="D:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"D:\Program Files\Winamp Remote\bin\OrbTray.exe"="D:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"D:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="D:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"D:\Program Files\SecondLife\SLVoice.exe"="D:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice"
"D:\WINDOWS\system32\sessmgr.exe"="D:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\_D_A_T_A_\NOD32\eavbe_nt32_enu.exe"="C:\_D_A_T_A_\NOD32\eavbe_nt32_enu.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\_D_A_T_A_\_I.N.S.T.A.L.A.C.E_\NOD32\eavbe_nt32_enu.exe"="C:\_D_A_T_A_\_I.N.S.T.A.L.A.C.E_\NOD32\eavbe_nt32_enu.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-04-08 09:25:11 ----D---- D:\rsit
2010-04-07 10:56:45 ----D---- D:\Documents and Settings\L0G0S\Data aplikací\Malwarebytes
2010-04-07 10:50:41 ----D---- D:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-04-07 10:50:38 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
2010-03-27 08:08:59 ----D---- D:\Program Files\Ext2Fsd
2010-03-11 11:49:51 ----D---- D:\Program Files\Machinarium
2010-03-09 08:00:35 ----A---- D:\WINDOWS\game.ini
2010-03-09 07:47:14 ----SHD---- D:\WINDOWS\ftpcache

======List of files/folders modified in the last 1 months======

2010-04-08 09:25:17 ----A---- D:\WINDOWS\red_dialer.ini
2010-04-08 09:25:14 ----D---- D:\Program Files\trend micro
2010-04-08 09:24:38 ----A---- D:\WINDOWS\ModemLog_AnyDATA CDMA USB Modem (PID 6502) #2.txt
2010-04-08 09:23:12 ----D---- D:\Documents and Settings\L0G0S\Data aplikací\Skype
2010-04-08 09:03:39 ----D---- D:\WINDOWS\Prefetch
2010-04-08 08:55:37 ----SD---- D:\WINDOWS\Tasks
2010-04-08 08:55:31 ----D---- D:\WINDOWS\temp
2010-04-08 08:54:32 ----A---- D:\WINDOWS\SchedLgU.Txt
2010-04-08 08:54:24 ----D---- D:\WINDOWS\system32\config
2010-04-08 08:53:13 ----D---- D:\Program Files\Registry Mechanic
2010-04-08 08:41:35 ----D---- D:\Program Files
2010-04-08 08:39:16 ----D---- D:\Program Files\Astonsoft
2010-04-08 08:37:31 ----D---- D:\WINDOWS
2010-04-08 08:35:51 ----D---- D:\Program Files\Winamp
2010-04-08 08:35:24 ----D---- D:\WINDOWS\system32
2010-04-08 08:32:07 ----D---- D:\Program Files\Ufonuv fofr internet
2010-04-07 20:26:48 ----D---- D:\WINDOWS\system32\CatRoot2
2010-04-07 20:25:53 ----RD---- D:\WINDOWS\Web
2010-04-07 20:25:53 ----D---- D:\WINDOWS\system32\drivers
2010-04-07 11:06:25 ----D---- D:\WINDOWS\WinSxS
2010-04-05 13:20:45 ----SHD---- D:\WINDOWS\Installer
2010-03-30 17:38:23 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2010-03-15 12:35:58 ----D---- D:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; D:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 Ext2Fsd;Linux ext2 file system driver; D:\WINDOWS\system32\drivers\Ext2Fsd.sys [2009-07-26 651264]
R1 nod32drv;nod32drv; D:\WINDOWS\system32\drivers\nod32drv.sys [2009-12-21 15424]
R1 PQNTDrv;PQNTDrv; D:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; D:\WINDOWS\system32\drivers\amon.sys [2009-12-21 512096]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication; D:\WINDOWS\System32\DRIVERS\adusbser.sys [2006-10-23 93440]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; D:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 nv;nv; D:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2005-06-15 3200256]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; D:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; D:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 hamachi;Hamachi Network Interface; D:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-10-08 25280]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; D:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
S3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; D:\WINDOWS\system32\drivers\nvax.sys [2003-03-19 29696]
S3 NVENET;NVIDIA nForce MCP Networking Controller Driver; D:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-11-27 80896]
S3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; D:\WINDOWS\system32\drivers\nvapu.sys [2003-03-19 280704]
S3 usbaudio;Ovladač zvukové karty USB (WDM); D:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; D:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; D:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2009-08-12 153376]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); D:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 NOD32krn;NOD32 Kernel Service; D:\Program Files\Eset\nod32krn.exe [2009-12-21 549256]
R2 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS\System32\nvsvc32.exe [2005-06-15 127043]
R2 SQLWriter;SQL Server VSS Writer; D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 UMWdf;Windows User Mode Driver Framework; D:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 gupdate1c9f5c760d6b2b0;Služba Google Update (gupdate1c9f5c760d6b2b0); D:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-25 133104]
S2 gusvc;Google Software Updater; D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-25 183280]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-07-31 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; D:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 SQLBrowser;SQL Server Browser; D:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------

[earl]

Zdravim,

priste prosim nedavat logy do code-spatne se to cte,diky.

CTETE POZORNE NAVOD,TENTO SOFT NETOLERUJE CHYBY V POSTUPU APLIKOVANI!

Klidne si nasledujici radky vytisknete,at vite,co se bude na obrazovce odehravat.

Budte prihlasen na pc s administratorskymi pravy.

stahnete a ulozte nejlepe na plochu ComboFix

v pripade,ze nepujde stranka nacist-stahnete odtud download , popr. nepujde ComboFix spustit - prejmenujte jej na grinder.com a postupujte dale dle instrukci.

hned po startu se zobrazi Zreknuti se prava zaruky na funkcnost software, pokracujte kliknutim na tlacitko Ano:



pote muze nasledovat upozorneni na nainstalovane emulatory CD mechanik,typicky Daemon Tools nebo Alcohol 120



odklepnout OK

Souhlasit s instalaci Recovery console(Konzola pro zotaveni)-nutno funkcni internet

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: upozorneni: Vypnete rezidentni stit u antiviru a antispywaru a zakazte docasne firewall-ComboFix by nemusel fungovat korektne-pokud budete mit stity vypnute a Combofix zahlasi,ze nejsou,pokracujte dal a potvrdte.

po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

[ROKO]

Také Vás zdravim a moc děkuji za ochotu.

ComboFix 10-04-07.04 - L0G0S 08.04.2010 11:15:26.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.524 [GMT 2:00]
Spuštěný z: d:\documents and settings\L0G0S\Plocha\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\L0G0S\Local Settings\Temporary Internet Files\stb06759.tmp
d:\recycler\S-1-5-21-1123561945-1303643608-842925246-1003
d:\recycler\S-1-5-21-1123561945-308236825-682003330-1004
d:\recycler\S-1-5-21-1644491937-1214440339-839522115-1003
d:\recycler\S-1-5-21-1715567821-1220945662-725345543-1003
d:\recycler\S-1-5-21-1757981266-1532298954-1177238915-1003
d:\recycler\S-1-5-21-1801674531-73586283-682003330-1003
d:\recycler\S-1-5-21-1844237615-484763869-854245398-500
d:\recycler\S-1-5-21-776561741-115176313-839522115-1003
D:\Thumbs.db
d:\windows\system32\ieuinit.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-08 do 2010-04-08 )))))))))))))))))))))))))))))))
.

2010-04-08 07:25 . 2010-04-08 07:25 -------- d-----w- D:\rsit
2010-04-07 08:50 . 2010-03-29 22:46 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-04-07 08:50 . 2010-03-29 22:45 20824 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-04-07 08:50 . 2010-04-07 08:50 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-03-27 06:09 . 2009-07-26 15:22 651264 ----a-w- d:\windows\system32\drivers\ext2fsd.sys
2010-03-27 06:08 . 2010-03-27 06:09 -------- d-----w- d:\program files\Ext2Fsd
2010-03-11 09:49 . 2010-03-11 09:50 -------- d-----w- d:\program files\Machinarium

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-08 09:07 . 2009-06-22 14:04 -------- d-----w- d:\program files\Ufonuv fofr internet
2010-04-08 07:25 . 2009-06-24 08:55 -------- d-----w- d:\program files\trend micro
2010-04-08 06:39 . 2009-08-24 14:46 -------- d-----w- d:\program files\Astonsoft
2010-04-08 06:35 . 2009-06-24 07:28 -------- d-----w- d:\program files\Winamp
2010-03-30 15:38 . 2001-10-25 12:00 96966 ----a-w- d:\windows\system32\perfc005.dat
2010-03-30 15:38 . 2001-10-25 12:00 479162 ----a-w- d:\windows\system32\perfh005.dat
2010-03-15 10:35 . 2009-06-25 18:55 -------- d-----w- d:\program files\Google
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 16:01 85712 ----a-w- d:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2009-05-26 24267560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\System32\NvCpl.dll" [2005-06-15 6803456]
"nwiz"="nwiz.exe" [2005-06-15 1519616]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"MPlayerForWindows_UpdateReminder"="d:\program files\MPlayer for Windows\AutoUpdate.exe" [2009-06-12 80224]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 149280]
"nod32kui"="d:\program files\Eset\nod32kui.exe" [2009-12-21 950664]
"NvMediaCenter"="d:\windows\System32\NvMcTray.dll" [2005-06-15 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - d:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-4 113664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[HKLM\~\startupfolder\D:^Documents and Settings^L0G0S^Nabídka Start^Programy^Po spuštění^rncsys32.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-06-25 18:56 39408 ----a-w- d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\SecondLife\\SLVoice.exe"=
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\_D_A_T_A_\\NOD32\\eavbe_nt32_enu.exe"=
"c:\\_D_A_T_A_\\_I.N.S.T.A.L.A.C.E_\\NOD32\\eavbe_nt32_enu.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 vax347s;vax347s;d:\windows\system32\drivers\vax347s.sys [23.6.2009 18:21 5248]
R1 Ext2Fsd;Linux ext2 file system driver;d:\windows\system32\drivers\ext2fsd.sys [27.3.2010 8:09 651264]
R1 nod32drv;nod32drv;d:\windows\system32\drivers\nod32drv.sys [21.12.2009 22:08 15424]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;d:\windows\system32\drivers\adusbser.sys [22.6.2009 16:04 93440]
S0 vax347b;vax347b;d:\windows\system32\drivers\vax347b.sys [23.6.2009 18:21 159616]
S2 gupdate1c9f5c760d6b2b0;Služba Google Update (gupdate1c9f5c760d6b2b0);d:\program files\Google\Update\GoogleUpdate.exe [25.6.2009 21:01 133104]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-08 d:\windows\Tasks\Google Software Updater.job
- d:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-25 18:55]

2010-04-08 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 19:01]

2010-04-08 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-06-25 19:01]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.theprizeday.com/today.php
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - d:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
LSP: d:\windows\system32\imon.dll
DPF: DirectAnimation Java Classes - file://d:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://d:\windows\Java\classes\xmldso.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-RegistryMechanic - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-08 11:23
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(716)
d:\windows\system32\imon.dll
.
Celkový čas: 2010-04-08 11:25:30
ComboFix-quarantined-files.txt 2010-04-08 09:25

Před spuštěním: 4 459 737 088
Po spuštění: 5 245 956 096

- - End Of File - - C45413DECD5F3D1BBF6B6C701DCFDC6B

[ROKO]

Poradí někdo prosím ?

[earl]

Stahnete si OTM , spustte (pokud mate vistu spuste run as administrator) a
do leveho policka se zlutym hornim okrajem Paste Instructions for Items to be Moved zkopirujte toto:

Kód: Vybrat vše

:processes
explorer.exe
:files
D:\Documents and Settings\L0G0S\Nabídka Start\Programy\Po spuštění\rncsys32.exe
:services
:reg
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page"=www.seznam.cz
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:\Documents and Settings\L0G0S\Nabídka Start\Programy\Po spuštění\rncsys32.exe]
:commands
[emptytemp]
[start explorer]
[reboot]

Kliknete na MoveIt, v okne se zelenym hornim okrajem Results se objevi vysledek,obsah okna zkopirujte sem. Kdyby OTMoveIt vyzadoval restart - povolit. Nasledujici log najdete v C:\_OTMoveIt\MovedFiles\xxxxx.log (x je zastupny znak) ktery otevrete v poznamkovem bloku.

[ROKO]

Dobrý den, zdá se že ta potvora rncsys32.exe je pryč, díky Mistře.
Ještě bych měl dotaz prosím, jaký by jste mi doporučil firewall zdarma a potřebuji něco na spyware? Ještě jednou Díky.


All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder D:\Documents and Settings\L0G0S\Nabídka Start\Programy\Po spuštění\rncsys32.exe not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
HKCU\Software\Microsoft\Internet Explorer\Main\\"Start Page"|www.seznam.cz /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:\Documents and Settings\L0G0S\Nabídka Start\Programy\Po spuštění\rncsys32.exe\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41 bytes

User: L0G0S
->Temp folder emptied: 4253546 bytes
->Temporary Internet Files folder emptied: 235582 bytes
->Java cache emptied: 39780415 bytes
->FireFox cache emptied: 96660024 bytes
->Google Chrome cache emptied: 240989649 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 61604 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 31220596 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33728 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 394,00 mb


OTM by OldTimer - Version 3.1.10.1 log created on 04092010_075751

Files moved on Reboot...
File move failed. D:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_70c.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[earl]

Antispyware - Spyware Terminator.

Firewall - Sunbelt Kerio nebo Zone Alarm.

Navody jsou zde na foru.

Start - spustit - napiste ComboFix /Uninstall - a klepnout na OK,

pokud to takto nepujde,tak přejmenovat ComboFix.exe na Uninstall.exe a spustit ho.
-----------------------------------------------------------------------------------------------------------------

Pouzijte T-Cleaner na vycisteni pc po utilitach pouzitych pri odvirovani.Postupujte dle instrukci na obrazovce.Pri detekci antivirem se jedna o falesny poplach.
-----------------------------------------------------------------------------------------------------------------

Vycistete pc Ccleanerem.

Vzdy nejprve Analyzovat a pak Spustit Cleaner.2x po sobe.

Windows-odskrtnout historii a historii automatickeho vyplnovani formularu - prisel byste o historii navstivenych stranek a o ulozena hesla ve formularich

(je to sice z pohledu zabezpeceni spatne,ale aspon pak uzivatel nenadava,kam ze mu to zmizelo )

Aplikace-u prohlizecu internetu odskrtnout Historii internetu.

Registry-nechat vse zaskrtle,Hledej problemy,Opravit vybrane problemy

(nechat ho udelat zalohu-ta je ulozena v Dokumentech-DULEZITE).

Taktez 2x-3x po sobe.

A neni samozrejme zac.