vyděrači

Zpráva

#16 Příspěvek od **earl** » 12 kvě 2010 14:47

Pouzijte Avenger dle postupu viz muj podpis s timto skriptem:

Files to delete:
c:\windows\system32\drivers\36444432.sys
c:\windows\system32\drivers\3644443.sys
c:\windows\system32\drivers\36444431.sys
c:\Documents and Settings\Kryštof\Local Settings\Temp\jgameenp.sys
c:\windows\system32\78.tmp
c:\Documents and Settings\Borusík\Local Settings\Temp\NFZEXS.exe

Drivers to delete:
36444432
3644443
36444431
36444432 Boot Guard Driver
MEMSWEEP2

Log z nej vlozte sem.

chronos_m · #17 Příspěvek od **chronos_m** » 12 kvě 2010 14:59

tak asi CF přeci jen něco zlikvidoval (nebo už ničemu nerozumím)
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: file "c:\windows\system32\drivers\36444432.sys" not found!
Deletion of file "c:\windows\system32\drivers\36444432.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\windows\system32\drivers\3644443.sys" not found!
Deletion of file "c:\windows\system32\drivers\3644443.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\windows\system32\drivers\36444431.sys" not found!
Deletion of file "c:\windows\system32\drivers\36444431.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\Documents and Settings\Kryštof\Local Settings\Temp\jgameenp.sys" not found!
Deletion of file "c:\Documents and Settings\Kryštof\Local Settings\Temp\jgameenp.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\windows\system32\78.tmp" not found!
Deletion of file "c:\windows\system32\78.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\Documents and Settings\Borusík\Local Settings\Temp\NFZEXS.exe" not found!
Deletion of file "c:\Documents and Settings\Borusík\Local Settings\Temp\NFZEXS.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\36444432" not found!
Deletion of driver "36444432" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\3644443" not found!
Deletion of driver "3644443" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\36444431" not found!
Deletion of driver "36444431" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\36444432 Boot Guard Driver" not found!
Deletion of driver "36444432 Boot Guard Driver" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Driver "MEMSWEEP2" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

a ještě pro jistotu nový log z RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Borusík at 2010-05-12 15:56:30
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 22 GB (36%) free of 60 GB
Total RAM: 1023 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:56:40, on 12.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\lxducoms.exe
C:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
D:\Hry\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Borusík\Plocha\RSIT.exe
C:\Documents and Settings\Borusík\Plocha\Borusík.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O3 - Toolbar: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxdumon.exe] "C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe"
O4 - HKLM\..\Run: [lxduamon] "C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Hry\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5383642859
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: BKU - Unknown owner - C:\DOCUME~1\BORUSK~1\LOCALS~1\Temp\BKU.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe
O23 - Service: NFZEXS - Unknown owner - C:\DOCUME~1\BORUSK~1\LOCALS~1\Temp\NFZEXS.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Armed Assault Drivers Auto Removal (pr2agmlb) (pr2agmlb) - Bohemia Interactive - C:\WINDOWS\system32\pr2agmlb.exe
O23 - Service: Helldorado Drivers Auto Removal (pr2anfab) (pr2anfab) - seven m Kft - C:\WINDOWS\system32\pr2anfab.exe
O23 - Service: CD Guard Drivers Auto Removal (v2) (psrem02) - Protection Technology - C:\WINDOWS\system32\psrem02.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8167 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Panel nástrojů - C:\Program Files\Lexmark Toolbar\toolband.dll [2009-05-06 372736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2C5E510-BE6D-42CC-9F61-E4F939078474}]
Lexmark - C:\Program Files\Lexmark Printable Web\bho.dll [2008-11-03 180224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Panel nástrojů - C:\Program Files\Lexmark Toolbar\toolband.dll [2009-05-06 372736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-10-07 131072]
"Control Center"=C:\Program Files\ASUS\WLAN Card Utilities\Center.exe [2006-03-02 1667584]
"Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"lxdumon.exe"=C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe [2008-05-29 676520]
"lxduamon"=C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe [2008-05-29 16040]
"NPSStartup"= []
"QuickTime Task"=D:\Hry\QuickTime\qttask.exe [2008-09-04 98304]
"nwiz"=nwiz.exe /installquiet []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-01-11 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-01-11 13666408]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-04-07 2145000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ASUS SmartDoctor"=C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe [2005-03-24 983040]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"D:\Hry\Team17 Software Ltd\WormsForts\wf.exe"="D:\Hry\Team17 Software Ltd\WormsForts\wf.exe:*:Enabled:wf"
"D:\Hry\UBISOFT\Heroes of Might and Magic V\bin\H5_Game.exe"="D:\Hry\UBISOFT\Heroes of Might and Magic V\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V"
"D:\Hry\Pyro\Commandos 3 - Destination Berlin\Commandos3.exe"="D:\Hry\Pyro\Commandos 3 - Destination Berlin\Commandos3.exe:*:Enabled:Commandos3"
"D:\Hry\OpenArena\ioquake3.x86.exe"="D:\Hry\OpenArena\ioquake3.x86.exe:*:Enabled:ioquake3.x86"
"D:\Hry\5star Gomoku\Gomoku.exe"="D:\Hry\5star Gomoku\Gomoku.exe:*:Enabled:Gomoku"
"D:\Hry\FlatOut2\FlatOut2.exe"="D:\Hry\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"D:\Hry\Cenega Czech\Sid Meier's Civilization III Gold\CIV3PTW\Civilization3X.exe"="D:\Hry\Cenega Czech\Sid Meier's Civilization III Gold\CIV3PTW\Civilization3X.exe:*:Enabled:Civilization3Xd"
"D:\Hry\Eidos\Pyro Studios\Commandos Strike Force\CommXPC.exe"="D:\Hry\Eidos\Pyro Studios\Commandos Strike Force\CommXPC.exe:*:Disabled:CommXPC"
"D:\Hry\TrackMania Sunrise\TmSunrise.exe"="D:\Hry\TrackMania Sunrise\TmSunrise.exe:*:Enabled:TmSunrise"
"D:\Hry\UBISOFT\Prince of Persia\Prince of Persia.exe"="D:\Hry\UBISOFT\Prince of Persia\Prince of Persia.exe:*:Enabled:Prince of Persia Dx"
"D:\Hry\UBISOFT\Prince of Persia\PrinceOfPersia_Launcher.exe"="D:\Hry\UBISOFT\Prince of Persia\PrinceOfPersia_Launcher.exe:*:Enabled:Prince of Persia Update"
"D:\Hry\EA SPORTS\UEFA EURO 2008\EURO08.exe"="D:\Hry\EA SPORTS\UEFA EURO 2008\EURO08.exe:*:Enabled:EURO08"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"D:\Hry\Activision\Mat Hoffman's Pro BMX\BMX.exe"="D:\Hry\Activision\Mat Hoffman's Pro BMX\BMX.exe:*:Enabled:BMX"
"D:\Hry\THQ\Pandemic Studios\Full Spectrum Warrior\Launcher.exe"="D:\Hry\THQ\Pandemic Studios\Full Spectrum Warrior\Launcher.exe:*:Enabled:Launcher"
"D:\Hry\Call of Duty\CoDUOMP.exe"="D:\Hry\Call of Duty\CoDUOMP.exe:*:Enabled:CoDUOMP"
"D:\Hry\Call of Duty\CoDMP.exe"="D:\Hry\Call of Duty\CoDMP.exe:*:Disabled:CoDMP"
"D:\Hry\UBISOFT\Gearbox Software\BrothersInArms\System\bia.exe"="D:\Hry\UBISOFT\Gearbox Software\BrothersInArms\System\bia.exe:*:Enabled:Brothers In Arms: Road to Hill 30"
"D:\Hry\Microsoft Games\Age of Empires\Empires.exe"="D:\Hry\Microsoft Games\Age of Empires\Empires.exe:*:Enabled:Age of Empires"
"D:\Hry\Microsoft Games\Age of Empires II\empires2.exe"="D:\Hry\Microsoft Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\Hry\Activision\Call of Duty - World at War\CoDWaWmp.exe"="D:\Hry\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"D:\Hry\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="D:\Hry\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"D:\Hry\UBISOFT\Shaun White Snowboarding\ShaunWhiteSnowboardingGame.exe"="D:\Hry\UBISOFT\Shaun White Snowboarding\ShaunWhiteSnowboardingGame.exe:*:Enabled:Shaun White Snowboarding Game"
"D:\Hry\UBISOFT\Shaun White Snowboarding\ShaunWhiteSnowboarding.exe"="D:\Hry\UBISOFT\Shaun White Snowboarding\ShaunWhiteSnowboarding.exe:*:Enabled:Shaun White Snowboarding Update"
"D:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="D:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"D:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="D:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"D:\Hry\Counter-Strike Source\hl2.exe"="D:\Hry\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\WINDOWS\system32\lxducoms.exe"="C:\WINDOWS\system32\lxducoms.exe:*:Enabled:5600-6600 Series Server"
"D:\Hry\Tony Hawk's Underground 2\Game\THUG2.exe"="D:\Hry\Tony Hawk's Underground 2\Game\THUG2.exe:*:Disabled:THUG2"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-05-12 15:54:04 ----D---- C:\Avenger
2010-05-12 15:54:04 ----A---- C:\avenger.txt
2010-05-12 15:30:13 ----D---- C:\WINDOWS\temp
2010-05-12 15:23:40 ----D---- C:\ComboFix
2010-05-12 14:55:47 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-10 19:48:23 ----A---- C:\WINDOWS\ntbtlog.txt
2010-05-10 19:46:48 ----D---- C:\Program Files\HD Tune
2010-05-09 15:20:17 ----A---- C:\mbam-error.txt
2010-05-09 14:52:22 ----D---- C:\Program Files\VirusTotalUploader2
2010-05-08 18:41:29 ----D---- C:\Program Files\Sophos
2010-05-08 16:18:50 ----D---- C:\Documents and Settings\Borusík\Data aplikací\ESET
2010-05-08 16:17:27 ----D---- C:\Program Files\ESET
2010-05-08 16:17:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-05-08 15:31:55 ----A---- C:\Boot.bak
2010-05-08 15:31:47 ----RASHD---- C:\cmdcons
2010-05-08 14:48:59 ----A---- C:\WINDOWS\NIRCMD.exe
2010-05-08 14:48:59 ----A---- C:\WINDOWS\MBR.exe
2010-05-08 14:48:58 ----A---- C:\WINDOWS\zip.exe
2010-05-08 14:48:58 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-05-08 14:48:58 ----A---- C:\WINDOWS\SWSC.exe
2010-05-08 14:48:58 ----A---- C:\WINDOWS\SWREG.exe
2010-05-08 14:48:58 ----A---- C:\WINDOWS\sed.exe
2010-05-08 14:48:58 ----A---- C:\WINDOWS\PEV.exe
2010-05-08 14:48:58 ----A---- C:\WINDOWS\grep.exe
2010-05-08 14:47:40 ----D---- C:\WINDOWS\ERDNT
2010-05-08 14:40:52 ----D---- C:\Qoobox
2010-05-08 08:30:59 ----D---- C:\Program Files\trend micro
2010-05-07 19:50:05 ----D---- C:\Program Files\Norton 360
2010-05-07 19:50:04 ----D---- C:\Program Files\Windows Sidebar
2010-05-07 19:49:48 ----D---- C:\Program Files\NortonInstaller
2010-05-04 19:23:51 ----D---- C:\Program Files\Roger Wilco
2010-05-02 19:24:12 ----D---- C:\Program Files\1944 - Bitva v Ardenách
2010-04-14 18:50:13 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 18:49:55 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 18:44:47 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 18:44:35 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 16:40:28 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 16:39:57 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$

======List of files/folders modified in the last 1 months======

2010-05-12 15:55:33 ----D---- C:\WINDOWS\system32\ias
2010-05-12 15:55:32 ----A---- C:\ASWL2K.ini
2010-05-12 15:55:19 ----A---- C:\WINDOWS\ModemLog_Sériový kabel mezi dvěma počítači.txt
2010-05-12 15:54:04 ----D---- C:\WINDOWS\system32\drivers
2010-05-12 15:52:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-12 15:39:00 ----D---- C:\WINDOWS\Minidump
2010-05-12 15:39:00 ----AD---- C:\WINDOWS
2010-05-12 15:36:20 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-12 15:33:39 ----D---- C:\WINDOWS\Prefetch
2010-05-12 15:32:50 ----A---- C:\WINDOWS\system.ini
2010-05-12 15:30:45 ----D---- C:\WINDOWS\system32\config
2010-05-12 15:28:44 ----D---- C:\WINDOWS\system32
2010-05-12 15:28:44 ----D---- C:\WINDOWS\AppPatch
2010-05-12 15:28:41 ----D---- C:\Program Files\Common Files
2010-05-12 15:02:11 ----D---- C:\Program Files\Outlook Express
2010-05-12 14:57:07 ----D---- C:\WINDOWS\Debug
2010-05-12 14:56:49 ----SHD---- C:\WINDOWS\Installer
2010-05-12 14:56:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-05-12 14:55:56 ----HD---- C:\WINDOWS\inf
2010-05-12 14:55:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-12 14:52:48 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-10 19:46:48 ----RD---- C:\Program Files
2010-05-09 21:30:54 ----D---- C:\Documents and Settings
2010-05-09 15:20:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-08 16:52:55 ----SD---- C:\WINDOWS\Tasks
2010-05-08 16:27:00 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-05-08 16:26:10 ----D---- C:\Program Files\Lavasoft
2010-05-08 16:26:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-05-08 16:25:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-05-08 15:31:55 ----RASH---- C:\boot.ini
2010-05-08 15:30:20 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-05-08 14:44:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-05-07 22:08:43 ----D---- C:\WINDOWS\system32\CatRoot
2010-05-07 21:53:32 ----D---- C:\WINDOWS\system32\wbem
2010-05-07 21:53:31 ----D---- C:\WINDOWS\Registration
2010-05-07 21:52:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2010-05-07 19:53:07 ----SHD---- C:\System Volume Information
2010-05-07 19:50:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2010-05-04 19:24:23 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-04 19:23:42 ----D---- C:\Program Files\GameSpy Arcade
2010-05-02 18:41:03 ----D---- C:\WINDOWS\system32\DirectX
2010-05-02 14:08:59 ----D---- C:\Program Files\Mozilla Thunderbird
2010-04-30 20:51:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-14 18:43:54 ----D---- C:\WINDOWS\ie8updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2004-07-20 20096]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-04-07 55232]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 SAVRKBootTasks;Boot Tasks Driver; \??\C:\WINDOWS\system32\SAVRKBootTasks.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-11-16 20747]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-12-25 278728]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-04-07 139192]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-04-07 134488]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-12-21 18048]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
R3 BCM43XX;Ovladač síťového adaptéru ASUS 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-04-07 32584]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-01-12 10276768]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-09-10 52224]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-10-05 33280]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-10-05 12928]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-09-10 412032]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D.sys [2004-07-06 44544]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-05-14 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-05-14 44384]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 ac0r7z55;ac0r7z55; C:\WINDOWS\system32\drivers\ac0r7z55.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\BORUSK~1\LOCALS~1\Temp\catchme.sys []
S3 FXDRV;FXDRV; \??\J:\Fxdrv.sys []
S3 jgameenp;jgameenp; \??\C:\DOCUME~1\KRYTOF~1\LOCALS~1\Temp\jgameenp.sys []
S3 kvpndev;Kerio VPN adapter; C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2008-06-24 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer; C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 mirrorv3;mirrorv3; C:\WINDOWS\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 PRODIGY;PRODIGY; C:\WINDOWS\System32\Drivers\PRODIGY.SYS [2006-08-29 32377]
S3 rkhdrv40;Rootkit Unhooker Driver; C:\WINDOWS\system32\drivers\rkhdrv40.sys []
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2004-05-14 21440]
S3 WmHidLo;Logitech WingMan USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2004-05-14 14720]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-05-14 5600]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2004-07-20 90112]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-04-07 810120]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 lxdu_device;lxdu_device; C:\WINDOWS\system32\lxducoms.exe [2008-05-23 594600]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-01-11 154216]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-09-14 66872]
R2 StarWindServiceAE;StarWind AE Service; D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ASWLSVC;ASWLSVC; C:\WINDOWS\system32\ASWLSVC.exe [2004-05-06 496640]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe [2008-05-23 98984]
S2 pr2agmlb;Armed Assault Drivers Auto Removal (pr2agmlb); C:\WINDOWS\system32\pr2agmlb.exe [2007-06-04 407168]
S2 pr2anfab;Helldorado Drivers Auto Removal (pr2anfab); C:\WINDOWS\system32\pr2anfab.exe [2007-10-04 411000]
S2 psrem02;CD Guard Drivers Auto Removal (v2); C:\WINDOWS\system32\psrem02.exe [2006-05-11 358008]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 BKU;BKU; C:\DOCUME~1\BORUSK~1\LOCALS~1\Temp\BKU.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-04-07 33560]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NFZEXS;NFZEXS; C:\DOCUME~1\BORUSK~1\LOCALS~1\Temp\NFZEXS.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#18 Příspěvek od **earl** » 12 kvě 2010 17:22

Odinstalujte Kerio Winroute Firewall - mate ESS - dva firewally v systemu jsou nezadouci.

Jdete do Ovladacich panelu-Nastroje pro spravu-Sluzby-a tyto sluzby zakazte a typ spousteni nastavte na zakazano:

BKU

NFZEXS

Jak se chova pc nyni?

chronos_m · #19 Příspěvek od **chronos_m** » 12 kvě 2010 18:25

kerio jsem odinstaloval již dávno, nevím proč se v logu ještě objevuje. patrně nějaký pozůstatek.
Ty ddvě akce jsem zakázal a znovu zkusil CF. Průběh stejný jako dosud - nález rootkit a opakovaný restart.
Zkusil jsem to projet HJT a našel jsem tam ještě tento soubor, který jsem odeslal na virustotal:
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

File PnkBstrA.exe received on 2010.05.11 21:17:03 (UTC)
Current status: finished

Result: 1/41 (2.44%)
Compact Print results Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.11.00 2010.05.10 -
AntiVir 8.2.1.236 2010.05.11 -
Antiy-AVL 2.0.3.7 2010.05.11 -
Authentium 5.2.0.5 2010.05.11 -
Avast 4.8.1351.0 2010.05.11 -
Avast5 5.0.332.0 2010.05.11 -
AVG 9.0.0.787 2010.05.11 -
BitDefender 7.2 2010.05.11 -
CAT-QuickHeal 10.00 2010.05.11 -
ClamAV 0.96.0.3-git 2010.05.11 -
Comodo 4825 2010.05.11 -
DrWeb 5.0.2.03300 2010.05.11 -
eSafe 7.0.17.0 2010.05.11 Win32.Banker
eTrust-Vet 35.2.7481 2010.05.11 -
F-Prot 4.5.1.85 2010.05.11 -
F-Secure 9.0.15370.0 2010.05.11 -
Fortinet 4.1.133.0 2010.05.11 -
GData 21 2010.05.11 -
Ikarus T3.1.1.84.0 2010.05.11 -
Jiangmin 13.0.900 2010.05.11 -
Kaspersky 7.0.0.125 2010.05.11 -
McAfee 5.400.0.1158 2010.05.11 -
McAfee-GW-Edition 2010.1 2010.05.11 -
Microsoft 1.5703 2010.05.11 -
NOD32 5106 2010.05.11 -
Norman 6.04.12 2010.05.11 -
nProtect 2010-05-11.01 2010.05.11 -
Panda 10.0.2.7 2010.05.11 -
PCTools 7.0.3.5 2010.05.11 -
Prevx 3.0 2010.05.11 -
Rising 22.47.01.04 2010.05.11 -
Sophos 4.53.0 2010.05.11 -
Sunbelt 6291 2010.05.11 -
Symantec 20101.1.0.89 2010.05.11 -
TheHacker 6.5.2.0.279 2010.05.11 -
TrendMicro 9.120.0.1004 2010.05.11 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.11 -
VBA32 3.12.12.4 2010.05.11 -
ViRobot 2010.5.11.2310 2010.05.11 -
VirusBuster 5.0.27.0 2010.05.11 -
Additional information
File size: 66872 bytes
MD5 : 831883b107684301f48ace752c963984
SHA1 : c3c4cb668c12cd267e6cf56e35ca3b29c768a71c
SHA256: eaf383c4acc17dbb060bb8398225222175e028e1e332e2ce0548c97daed3620e
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x46E6
timedatestamp.....: 0x46B4E3C9 (Sat Aug 4 22:38:33 2007)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x9B67 0xA000 6.66 018a3376d6bc944177c251eeb05bb2da
.rdata 0xB000 0x25DC 0x3000 4.50 c359eef8ac921a1ef5f3475058da55f9
.data 0xE000 0x4BC8 0x1000 1.17 2e0e3834394a62add8287692ef84ee71

( 7 imports )

> advapi32.dll: RegSetValueExA, CreateServiceA, CloseServiceHandle, DeleteService, ControlService, OpenServiceA, OpenSCManagerA, AdjustTokenPrivileges, LookupPrivilegeValueA, StartServiceCtrlDispatcherA, RegisterServiceCtrlHandlerA, RegCreateKeyExA, StartServiceA, RegOpenKeyExA, RegCloseKey, SetServiceStatus, OpenProcessToken
> crypt32.dll: CertGetNameStringA, CryptDecodeObject, CertFreeCertificateContext, CryptMsgClose, CertCloseStore, CertVerifyTimeValidity, CertFindCertificateInStore, CryptQueryObject, CryptMsgGetParam
> kernel32.dll: GetCurrentProcess, GetTickCount, GetCPInfo, Sleep, GetSystemDirectoryA, CopyFileA, WideCharToMultiByte, SystemTimeToFileTime, FileTimeToLocalFileTime, lstrcmpA, lstrcpyW, FileTimeToSystemTime, MultiByteToWideChar, GetLastError, FormatMessageA, lstrlenA, LocalAlloc, LocalFree, HeapSize, SetEndOfFile, GetLocaleInfoA, VirtualProtect, GetACP, GetStringTypeW, GetStringTypeA, LoadLibraryA, GetSystemInfo, LCMapStringA, LCMapStringW, CompareStringA, CompareStringW, SetEnvironmentVariableA, CreateDirectoryA, GetFileAttributesA, SetFileAttributesA, GetOEMCP, DeleteFileA, GetSystemTimeAsFileTime, ExitProcess, RtlUnwind, HeapFree, HeapAlloc, GetModuleHandleA, GetCommandLineA, GetVersionExA, WriteFile, FlushFileBuffers, CloseHandle, GetProcAddress, TerminateProcess, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, SetFilePointer, GetTimeZoneInformation, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, GetModuleFileNameA, InterlockedExchange, VirtualQuery, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, ReadFile, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetStdHandle, CreateFileA
> shell32.dll: SHGetFolderPathA
> user32.dll: wsprintfA
> wintrust.dll: WinVerifyTrust
> wsock32.dll: -, -, -, -, -, -, -, -, -, -, -, -

( 0 exports )

TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ThreatExpert: http://www.threatexpert.com/report.aspx ... 752c963984
ssdeep: 1536:mB1UhY9ELMz2SGpQ4tsh3TpdUe5Pl7IfY:m3Uyziq/3vPleY
sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: Even Balance, Inc.
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 9:38 PM 8/4/2007
verified.....: -

PEiD : -
CWSandbox: http://research.sunbelt-software.com/pa ... 752c963984
RDS : NSRL Reference Data Set
-

#20 Příspěvek od **earl** » 12 kvě 2010 19:17

C:\WINDOWS\system32\PnkBstrA.exe - PunkBuster - proticheatovaci ochrana - souvisi s online hrami - OK.

Kde ComboFix hlasil ten rootkit?

Sken MBAMem jste delal UPLNY?

Pouzijte CureIt a provedte uplny sken dle navodu viz muj podpis.Pak nahlaste vysledek.

Udelejte kompletni scan pomoci AvpTool,

postupujte presne dle navodu, pri vyberu jaka akce nechte lecit,obsah logu vlozte sem.

Stahnete OTL

spustte, oznacte "Pro vsechny uzivatele,30 dnů zmente na 7,kliknete na Prohledat,

po skonceni skenu sem vlozte obsah logu z OTL.txt.

Stahnete MBR

ulozte ho na plochu-spustte - vytvori se log mbr.log, vlozte ho cely sem.

Stahnete si na plochu a rozbalte RootRepeal

spustte RootRepeal.exe - klepnete na File a potom na Scan - po skenu kliknete na Save Report a log vlozte sem.

V pripade nejasnosti navod v mem podpisu.

chronos_m · #21 Příspěvek od **chronos_m** » 12 kvě 2010 19:29

CF hlásí rootkit téměř okamžitě, neproběhne ani jedna fáze.
AVP tool jsem již dělal a bylo to čistý, ale zkusím znova
RootRepeal jsem již taky dělal a log je na předchozí stránce
MBAM jsem dělal úplný

Všechny ty scany nechám proběhnout, ale asi to zabere dost času, protože ty důkladné scany mi běží několik hodin. takže to sem budu dávat postupně

chronos_m · #22 Příspěvek od **chronos_m** » 13 kvě 2010 07:20

Curelt se vždy zasekne ještě v průběhu rychlého scanu - když projíždí složku system32 tak se PC zablokuje a musím ho restartovat. Chová se takhle v normálním i nouzovém režimu (poakždé se zasekne u jiného souboru)

teď ho znovu projíždím úplným scanem MBAM - třeba došlo po vymazání těch souborů k nějakému posunu

#23 Příspěvek od **earl** » 13 kvě 2010 13:42

ale nechal jsem to ještě projet RootkitReveal

Myslel jste RootkitRevealer?

Ja mel nyni na mysli RootRepeal - http://www.viry.cz/forum/viewtopic.php?f=29&t=86010

Potom sem vlozte ty logy z MBR a OTL.

chronos_m · #24 Příspěvek od **chronos_m** » 13 kvě 2010 17:27

hurá a sláva. Konečně je čeho se chytit. mám to vymazat?
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4081

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13.5.2010 18:24:38
mbam-log-2010-05-13 (18-24-38).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 426273
Uplynulý čas: 1 hodina(y), 58 minuta(y), 27 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\System Volume Information\_restore{7CCD2A51-56EF-482E-AC67-E5C8DB51965D}\RP337\A0449905.sys (Rootkit.Agent) -> No action taken.
D:\System Volume Information\_restore{7CCD2A51-56EF-482E-AC67-E5C8DB51965D}\RP297\A0403850.exe (Trojan.Downloader) -> No action taken.

chronos_m · #25 Příspěvek od **chronos_m** » 13 kvě 2010 18:20

soubory jsem smazal a tady je log z otl (protože CF se chová stále stejně)

OTL logfile created on: 13.5.2010 19:09:49 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Borusík\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 616,00 Mb Available Physical Memory | 60,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 22,45 Gb Free Space | 38,31% Space Free | Partition Type: NTFS
Drive D: | 174,29 Gb Total Space | 49,14 Gb Free Space | 28,19% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KLUCI-PC
Current User Name: Borusík
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.12 20:21:49 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Borusík\Plocha\OTL.exe
PRC - [2010.04.07 21:07:24 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010.04.07 21:07:04 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008.05.29 15:04:45 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
PRC - [2008.05.29 15:04:41 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe
PRC - [2008.05.26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008.05.23 14:58:34 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxducoms.exe
PRC - [2008.04.14 05:22:44 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.11 22:16:00 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2006.03.02 22:10:26 | 001,667,584 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
PRC - [2004.10.07 18:53:06 | 000,131,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
PRC - [2004.07.20 15:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe

========== Modules (SafeList) ==========

MOD - [2010.05.12 20:21:49 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Borusík\Plocha\OTL.exe
MOD - [2008.04.14 05:19:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NFZEXS)
SRV - File not found [Disabled | Stopped] -- -- (BKU)
SRV - [2010.04.07 21:10:38 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.04.07 21:07:24 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009.09.23 17:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.05.23 14:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxducoms.exe -- (lxdu_device)
SRV - [2008.05.23 14:58:22 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.10.04 18:27:03 | 000,411,000 | ---- | M] (seven m Kft) [Auto | Stopped] -- C:\WINDOWS\System32\pr2anfab.exe -- (pr2anfab) Helldorado Drivers Auto Removal (pr2anfab)
SRV - [2007.06.04 21:02:09 | 000,407,168 | ---- | M] (Bohemia Interactive) [Auto | Stopped] -- C:\WINDOWS\System32\pr2agmlb.exe -- (pr2agmlb) Armed Assault Drivers Auto Removal (pr2agmlb)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006.05.11 18:46:25 | 000,358,008 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\WINDOWS\System32\psrem02.exe -- (psrem02) CD Guard Drivers Auto Removal (v2)
SRV - [2004.07.20 15:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2004.05.06 13:21:04 | 000,496,640 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ASWLSVC.exe -- (ASWLSVC)

========== Driver Services (SafeList) ==========

DRV - [2010.04.07 21:08:08 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010.04.07 21:08:06 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010.04.07 21:08:04 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010.04.07 21:07:08 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.04.07 21:03:44 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010.01.12 12:03:34 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009.12.25 18:22:25 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.09.11 17:00:56 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009.03.31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.03.20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.03.20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009.03.20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009.03.19 15:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009.03.19 15:48:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009.02.09 09:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.02.09 09:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.02.09 09:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.02.09 09:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.06.24 10:36:14 | 000,065,024 | ---- | M] (Kerio Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kvpndrv.sys -- (kvpndev)
DRV - [2007.12.21 19:04:24 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007.10.04 18:26:30 | 000,064,632 | ---- | M] (seven m Kft) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pe3anfab.sys -- (pe3anfab) Helldorado Environment Driver (pe3anfab)
DRV - [2007.10.04 18:25:51 | 000,083,576 | ---- | M] (seven m Kft) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pf2anfab.sys -- (pf2anfab) Helldorado File System Driver (pf2anfab)
DRV - [2007.10.04 18:25:03 | 000,068,224 | ---- | M] (seven m Kft) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ps7anfab.sys -- (ps7anfab) Helldorado Synchronization Driver (ps7anfab)
DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.06.04 21:01:45 | 000,065,408 | ---- | M] (Bohemia Interactive) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pe3agmlb.sys -- (pe3agmlb) Armed Assault Environment Driver (pe3agmlb)
DRV - [2007.06.04 21:01:20 | 000,055,688 | ---- | M] (Bohemia Interactive) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ps6agmlb.sys -- (ps6agmlb) Armed Assault Synchronization Driver (ps6agmlb)
DRV - [2007.04.16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007.01.12 20:09:53 | 000,082,296 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006.11.03 10:24:01 | 000,061,312 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pssync05.sys -- (pssync05) CD Guard Synchronization Driver (v5)
DRV - [2006.11.01 06:01:56 | 000,003,328 | ---- | M] (Famatech International Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rminiv3.sys -- (mirrorv3)
DRV - [2006.10.12 17:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006.09.11 14:01:44 | 000,067,960 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\psdrv02.sys -- (psdrv02) CD Guard Environment Driver (v2)
DRV - [2006.08.29 16:56:20 | 000,032,377 | ---- | M] (B-phreaks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\prodigy.sys -- (PRODIGY)
DRV - [2006.07.10 18:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2006.07.05 14:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004.12.14 17:55:22 | 000,009,472 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2004.10.05 10:38:16 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2004.10.05 10:38:12 | 000,033,280 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004.09.10 07:02:12 | 000,412,032 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2004.09.10 06:58:52 | 000,052,224 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2004.08.09 13:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.08.09 13:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004.07.20 15:19:16 | 000,020,096 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2004.07.19 16:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2004.07.06 20:56:26 | 000,044,544 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D.sys -- (Video3D)
DRV - [2004.05.14 00:54:34 | 000,014,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2004.05.14 00:54:32 | 000,021,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004.05.14 00:54:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004.05.14 00:54:26 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2004.05.14 00:54:24 | 000,044,384 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2002.09.09 20:54:06 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5)
DRV - [2001.08.17 23:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1614895754-179605362-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
IE - HKU\S-1-5-21-1614895754-179605362-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.seznam.cz"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... id=afex&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.18 10:03:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.02 18:46:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.04.17 09:01:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009.09.08 16:15:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.05.08 16:17:30 | 000,000,000 | ---D | M]

[2008.07.20 13:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Borusík\Data aplikací\Mozilla\Extensions
[2010.05.12 19:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Borusík\Data aplikací\Mozilla\Firefox\Profiles\e4xsboq6.default\extensions
[2009.10.11 14:23:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Borusík\Data aplikací\Mozilla\Firefox\Profiles\e4xsboq6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.07 15:20:25 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Borusík\Data aplikací\Mozilla\Firefox\Profiles\e4xsboq6.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009.10.11 12:02:52 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Borusík\Data aplikací\Mozilla\Firefox\Profiles\e4xsboq6.default\searchplugins\icq-search.xml
[2010.02.17 21:20:29 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Borusík\Data aplikací\Mozilla\Firefox\Profiles\e4xsboq6.default\searchplugins\icqplugin-1.xml
[2010.03.21 14:27:50 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Borusík\Data aplikací\Mozilla\Firefox\Profiles\e4xsboq6.default\searchplugins\icqplugin-2.xml
[2010.05.08 16:58:16 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Borusík\Data aplikací\Mozilla\Firefox\Profiles\e4xsboq6.default\searchplugins\icqplugin-3.xml
[2008.03.31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Borusík\Data aplikací\Mozilla\Firefox\Profiles\e4xsboq6.default\searchplugins\icqplugin.gif
[2008.03.31 09:52:00 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Borusík\Data aplikací\Mozilla\Firefox\Profiles\e4xsboq6.default\searchplugins\icqplugin.src
[2009.11.07 15:18:30 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Borusík\Data aplikací\Mozilla\Firefox\Profiles\e4xsboq6.default\searchplugins\icqplugin.xml
[2010.05.12 19:30:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.16 18:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.06.30 22:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.bak
[2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2010.03.30 08:25:12 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.03.30 08:25:12 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.03.30 08:25:12 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.03.30 08:25:13 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.03.30 08:25:13 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.05.12 15:32:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Panel nástrojů) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Panel nástrojů) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-1614895754-179605362-839522115-1004\..\Toolbar\ShellBrowser: (Lexmark Panel nástrojů) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-1614895754-179605362-839522115-1004\..\Toolbar\WebBrowser: (Lexmark Panel nástrojů) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe (ASUSTeK COMPUTER INC.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe ()
O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe ()
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1614895754-179605362-839522115-1004..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe (ASUSTeK Inc.)
O4 - Startup: C:\Documents and Settings\Administrator.KLUCI-PC\Nabídka Start\Programy\Po spuštění\setup_9.0.0.722_08.05.2010_09-25.lnk = C:\Documents and Settings\Borusík\Plocha\Virus Removal Tool\setup_9.0.0.722_08.05.2010_09-25\startup.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Kryštof\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1614895754-179605362-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1614895754-179605362-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1614895754-179605362-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1614895754-179605362-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - D:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 5383642859 (WUWebControl Class)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://icq.oberon-media.com/Gameshell/G ... meHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.252
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.08.21 15:47:00 | 000,000,046 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.10.22 16:26:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.NAV -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 7 Days ==========

[2010.05.13 19:02:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.05.13 18:47:26 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.05.12 20:39:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Borusík\DoctorWeb
[2010.05.12 20:25:12 | 071,965,984 | ---- | C] ( ) -- C:\Documents and Settings\Borusík\Plocha\setup_9.0.0.722_12.05.2010_21-28.exe
[2010.05.12 20:21:14 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Borusík\Plocha\OTL.exe
[2010.05.12 20:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\The Cleaner
[2010.05.12 20:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Borusík\Plocha\Downloads
[2010.05.12 20:11:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Borusík\Data aplikací\GetRightToGo
[2010.05.12 20:02:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Borusík\Recent
[2010.05.12 20:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Borusík\Dokumenty\a-squared Anti-Dialer
[2010.05.12 19:53:52 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Anti-Dialer
[2010.05.12 15:41:49 | 000,396,288 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Borusík\Plocha\Borusík.exe
[2010.05.10 19:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune
[2010.05.09 18:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Borusík\Plocha\20071210_182632_rku37300509
[2010.05.09 18:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Borusík\Plocha\RootRepeal
[2010.05.09 15:12:37 | 000,396,288 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Borusík\Plocha\hijackthis.exe
[2010.05.09 14:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\VirusTotalUploader2
[2010.05.08 18:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010.05.08 17:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Borusík\Plocha\RootkitRevealer
[2010.05.08 16:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Borusík\Local Settings\Data aplikací\ESET
[2010.05.08 16:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Borusík\Data aplikací\ESET
[2010.05.08 16:18:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
[2010.05.08 16:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.05.08 16:17:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2010.05.08 15:31:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.05.08 14:48:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.05.08 14:48:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.05.08 14:48:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.05.08 14:48:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.05.08 14:47:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.05.08 14:40:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.05.08 08:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.05.07 19:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Borusík\Local Settings\Data aplikací\Symantec
[2010.05.07 19:50:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0400000.07F
[2010.05.07 19:50:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010.05.07 19:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2010.05.07 19:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010.05.07 19:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010.02.17 21:02:22 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDUhcp.dll
[2010.02.17 21:02:21 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduinpa.dll
[2010.02.17 21:02:21 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduiesc.dll
[2010.02.17 21:02:20 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduusb1.dll
[2010.02.17 21:02:19 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduserv.dll
[2010.02.17 21:02:18 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdupmui.dll
[2010.02.17 21:02:17 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdulmpm.dll
[2010.02.17 21:02:15 | 000,679,936 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduhbn3.dll
[2010.02.17 21:02:12 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxducomc.dll
[2010.02.17 21:02:12 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxducomm.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.05.13 19:06:56 | 000,000,184 | ---- | M] () -- C:\ASWL2K.ini
[2010.05.13 19:06:16 | 000,267,361 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.05.13 19:06:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.13 19:05:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.13 19:02:22 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.05.13 18:54:35 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.13 18:53:13 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\Borusík\ntuser.dat
[2010.05.13 18:46:58 | 003,688,590 | R--- | M] () -- C:\Documents and Settings\Borusík\Plocha\ComboFix.exe
[2010.05.12 20:59:18 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Borusík\ntuser.ini
[2010.05.12 20:37:49 | 040,047,808 | ---- | M] () -- C:\Documents and Settings\Borusík\Plocha\y2q9q457.exe
[2010.05.12 20:34:45 | 071,965,984 | ---- | M] ( ) -- C:\Documents and Settings\Borusík\Plocha\setup_9.0.0.722_12.05.2010_21-28.exe
[2010.05.12 20:23:55 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Borusík\Plocha\mbr.exe
[2010.05.12 20:21:49 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Borusík\Plocha\OTL.exe
[2010.05.12 20:13:07 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\The Cleaner 2010.lnk
[2010.05.12 20:10:08 | 001,339,288 | ---- | M] () -- C:\Documents and Settings\Borusík\Plocha\Sophos-Anti-Rootkit_1.5.0.exe
[2010.05.12 19:34:49 | 000,018,878 | ---- | M] () -- C:\Documents and Settings\Borusík\Dokumenty\cc_20100512_193445.reg
[2010.05.12 18:31:39 | 000,000,017 | ---- | M] () -- C:\WINDOWS\compedia.ini
[2010.05.12 15:50:38 | 000,731,136 | ---- | M] () -- C:\Documents and Settings\Borusík\Plocha\avenger.exe
[2010.05.12 15:32:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.05.11 16:43:14 | 000,037,683 | ---- | M] () -- C:\Documents and Settings\Borusík\Plocha\HDTune_Info_ST3250824AS.png
[2010.05.11 16:37:08 | 000,032,237 | ---- | M] () -- C:\Documents and Settings\Borusík\Plocha\HDTune_Health_ST3250824AS.png
[2010.05.11 16:37:02 | 000,033,314 | ---- | M] () -- C:\Documents and Settings\Borusík\Plocha\HDTune_Error_Scan_ST3250824AS.png
[2010.05.10 19:47:00 | 000,000,613 | ---- | M] () -- C:\Documents and Settings\Borusík\Plocha\HD Tune.lnk
[2010.05.09 21:35:11 | 000,045,270 | ---- | M] () -- C:\Documents and Settings\Borusík\Plocha\Reportq
[2010.05.09 15:12:43 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Borusík\Plocha\hijackthis.exe
[2010.05.09 15:12:43 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Borusík\Plocha\Borusík.exe
[2010.05.09 14:52:23 | 000,001,710 | ---- | M] () -- C:\Documents and Settings\Borusík\Plocha\VirusTotal Uploader 2.0.lnk
[2010.05.08 17:08:57 | 000,027,198 | ---- | M] () -- C:\Documents and Settings\Borusík\Dokumenty\cc_20100508_170850.reg
[2010.05.08 17:05:45 | 000,000,658 | ---- | M] () -- C:\Documents and Settings\Borusík\Plocha\CCleaner.lnk
[2010.05.08 15:31:55 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.05.08 14:44:42 | 000,002,504 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.05.07 21:57:52 | 003,727,478 | -H-- | M] () -- C:\Documents and Settings\Borusík\Local Settings\Data aplikací\IconCache.db
[2010.05.07 19:54:09 | 000,701,054 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\Cat.DB
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.12 20:32:47 | 040,047,808 | ---- | C] () -- C:\Documents and Settings\Borusík\Plocha\y2q9q457.exe
[2010.05.12 20:23:54 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Borusík\Plocha\mbr.exe
[2010.05.12 20:13:07 | 000,000,645 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\The Cleaner 2010.lnk
[2010.05.12 20:09:49 | 001,339,288 | ---- | C] () -- C:\Documents and Settings\Borusík\Plocha\Sophos-Anti-Rootkit_1.5.0.exe
[2010.05.12 19:34:47 | 000,018,878 | ---- | C] () -- C:\Documents and Settings\Borusík\Dokumenty\cc_20100512_193445.reg
[2010.05.12 15:49:32 | 000,731,136 | ---- | C] () -- C:\Documents and Settings\Borusík\Plocha\avenger.exe
[2010.05.11 16:43:14 | 000,037,683 | ---- | C] () -- C:\Documents and Settings\Borusík\Plocha\HDTune_Info_ST3250824AS.png
[2010.05.11 16:37:07 | 000,032,237 | ---- | C] () -- C:\Documents and Settings\Borusík\Plocha\HDTune_Health_ST3250824AS.png
[2010.05.11 16:37:02 | 000,033,314 | ---- | C] () -- C:\Documents and Settings\Borusík\Plocha\HDTune_Error_Scan_ST3250824AS.png
[2010.05.10 19:47:00 | 000,000,613 | ---- | C] () -- C:\Documents and Settings\Borusík\Plocha\HD Tune.lnk
[2010.05.09 21:38:55 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Borusík\Plocha\gmer.exe
[2010.05.09 21:35:11 | 000,045,270 | ---- | C] () -- C:\Documents and Settings\Borusík\Plocha\Reportq
[2010.05.09 14:52:23 | 000,001,710 | ---- | C] () -- C:\Documents and Settings\Borusík\Plocha\VirusTotal Uploader 2.0.lnk
[2010.05.08 17:08:52 | 000,027,198 | ---- | C] () -- C:\Documents and Settings\Borusík\Dokumenty\cc_20100508_170850.reg
[2010.05.08 16:37:25 | 003,688,590 | R--- | C] () -- C:\Documents and Settings\Borusík\Plocha\ComboFix.exe
[2010.05.08 15:31:55 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.05.08 15:31:51 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.05.08 14:48:59 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.05.08 14:48:58 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.05.08 14:48:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.05.08 14:48:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.05.08 14:48:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.05.07 19:53:59 | 000,701,054 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\Cat.DB
[2010.03.21 15:07:21 | 000,007,008 | ---- | C] () -- C:\WINDOWS\System32\SETUPKIT.DLL
[2010.03.13 15:31:00 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010.02.17 21:10:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxduvs.dll
[2010.02.17 21:10:38 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\lxducoin.dll
[2010.02.17 21:09:30 | 001,036,288 | ---- | C] () -- C:\WINDOWS\System32\lxdudrs.dll
[2010.02.17 21:09:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxducaps.dll
[2010.02.17 21:09:29 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxducnv4.dll
[2010.02.17 21:05:16 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdurwrd.ini
[2010.02.17 21:02:22 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\LXDUinst.dll
[2010.02.17 21:02:17 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lxdujswr.dll
[2010.02.17 21:02:16 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxduinsr.dll
[2010.02.17 21:02:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdugrd.dll
[2009.12.26 17:04:12 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009.12.26 17:04:12 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009.12.25 18:21:30 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.12.25 18:21:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.09.26 12:39:25 | 000,000,017 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2009.09.14 18:03:21 | 000,000,309 | ---- | C] () -- C:\WINDOWS\game.ini
[2009.08.21 16:11:50 | 000,000,117 | ---- | C] () -- C:\WINDOWS\SDDINST.INI
[2009.08.04 11:11:17 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009.08.04 11:10:08 | 000,000,062 | ---- | C] () -- C:\WINDOWS\MeTcd.ini
[2009.07.01 11:44:22 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009.05.13 18:25:51 | 000,000,327 | ---- | C] () -- C:\WINDOWS\CODUO.ini
[2009.05.13 18:11:43 | 000,000,725 | ---- | C] () -- C:\WINDOWS\COD.INI
[2009.01.29 15:11:03 | 000,000,099 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2009.01.10 13:47:37 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.11.09 16:35:40 | 000,000,142 | ---- | C] () -- C:\WINDOWS\didakta.ini
[2008.09.20 17:35:00 | 000,000,347 | ---- | C] () -- C:\WINDOWS\level.ini
[2008.09.01 21:08:38 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\ktzlib80_1.2.3.dll
[2008.05.26 22:22:14 | 000,015,552 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:22:10 | 000,021,464 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:22:04 | 000,014,910 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.03.02 19:02:52 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2008.03.02 19:02:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008.01.02 13:27:27 | 000,001,337 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008.01.02 13:27:10 | 000,000,199 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2008.01.02 12:50:05 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007.12.21 19:04:24 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007.12.21 19:04:24 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007.12.21 19:03:42 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2007.12.19 19:33:05 | 000,000,972 | ---- | C] () -- C:\WINDOWS\MHPB.ini
[2007.12.14 09:57:23 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007.12.07 12:32:48 | 000,001,096 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007.12.07 12:26:25 | 000,001,272 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007.11.22 19:33:44 | 000,000,091 | ---- | C] () -- C:\WINDOWS\ALIK.INI
[2007.11.17 11:14:43 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2007.11.17 11:14:43 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2007.11.17 11:14:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\ATKCheckDispIDs.dll
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2005.02.24 01:32:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005.02.24 01:32:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
< End of report >

#26 Příspěvek od **earl** » 13 kvě 2010 18:21

otestujte na VIRUSTOTALu

C:\Documents and Settings\Borusík\Plocha\y2q9q457.exe

C:\WINDOWS\disney.ini

C:\WINDOWS\disneysy.ini

(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledek sem vlozte)

Pokud skener napíše, že soubor již byl testován, dejte otestovat znovu.

chronos_m · #27 Příspěvek od **chronos_m** » 13 kvě 2010 18:44

tady je otestování těch 2 disney souborů. Ten exe na ploše je cureit (ten jsem stahoval včera)
také připojuji log z RootRepeal:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Time: 2010/05/13 19:38
Program Version: Version 1.3.0.0
Windows Version: Windows XP SP3
==================================================

Hidden/Locked Files
-------------------
Path: D:\Unreal Commander\ini backup.txt:Uncomstyles.ini 9
Status: Visible to the Windows API, but not on disk.

File disneysy.ini received on 2010.05.13 17:41:11 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 46 and 66 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.13.01 2010.05.13 -
AntiVir 8.2.1.242 2010.05.13 -
Antiy-AVL 2.0.3.7 2010.05.13 -
Authentium 5.2.0.5 2010.05.13 -
Avast 4.8.1351.0 2010.05.13 -
Avast5 5.0.332.0 2010.05.13 -
AVG 9.0.0.787 2010.05.13 -
BitDefender 7.2 2010.05.13 -
CAT-QuickHeal 10.00 2010.05.13 -
ClamAV 0.96.0.3-git 2010.05.13 -
Comodo 4832 2010.05.13 -
DrWeb 5.0.2.03300 2010.05.13 -
eSafe 7.0.17.0 2010.05.13 -
eTrust-Vet 35.2.7485 2010.05.13 -
F-Prot 4.5.1.85 2010.05.13 -
F-Secure 9.0.15370.0 2010.05.13 -
Fortinet 4.1.133.0 2010.05.13 -
GData 21 2010.05.13 -
Ikarus T3.1.1.84.0 2010.05.13 -
Jiangmin 13.0.900 2010.05.13 -
Kaspersky 7.0.0.125 2010.05.13 -
McAfee 5.400.0.1158 2010.05.13 -
McAfee-GW-Edition 2010.1 2010.05.13 -
Microsoft 1.5703 2010.05.13 -
NOD32 5113 2010.05.13 -
Norman 6.04.12 2010.05.13 -
nProtect 2010-05-13.01 2010.05.13 -
Panda 10.0.2.7 2010.05.13 -
PCTools 7.0.3.5 2010.05.13 -
Prevx 3.0 2010.05.13 -
Rising 22.47.03.04 2010.05.13 -
Sophos 4.53.0 2010.05.13 -
Sunbelt 6298 2010.05.13 -
Symantec 20101.1.0.89 2010.05.13 -
TheHacker 6.5.2.0.280 2010.05.13 -
TrendMicro 9.120.0.1004 2010.05.13 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.13 -
VBA32 3.12.12.4 2010.05.13 -
ViRobot 2010.5.13.2314 2010.05.13 -
VirusBuster 5.0.27.0 2010.05.13 -
Additional information
File size: 199 bytes
MD5...: 605907ccead917027ead114e6e896c89
SHA1..: f6dd14a7bf79d9b15274fe8f76a2899ee251d258
SHA256: f546584689d638a463bfd113e1e014ec85350214ba9e3f0179a55cf7d5a357d3
ssdeep: 6:kqFcEXKnQUcgrRHwh7eag38ckp9pED8V6rSEDYqH8eDv:hF1anbtwh7ME9pUrS
2tDv
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic INI configuration (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

File disney.ini received on 2010.05.13 17:41:52 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 46 and 66 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.13.01 2010.05.13 -
AntiVir 8.2.1.242 2010.05.13 -
Antiy-AVL 2.0.3.7 2010.05.13 -
Authentium 5.2.0.5 2010.05.13 -
Avast 4.8.1351.0 2010.05.13 -
Avast5 5.0.332.0 2010.05.13 -
AVG 9.0.0.787 2010.05.13 -
BitDefender 7.2 2010.05.13 -
CAT-QuickHeal 10.00 2010.05.13 -
ClamAV 0.96.0.3-git 2010.05.13 -
Comodo 4832 2010.05.13 -
DrWeb 5.0.2.03300 2010.05.13 -
eSafe 7.0.17.0 2010.05.13 -
eTrust-Vet 35.2.7485 2010.05.13 -
F-Prot 4.5.1.85 2010.05.13 -
F-Secure 9.0.15370.0 2010.05.13 -
Fortinet 4.1.133.0 2010.05.13 -
GData 21 2010.05.13 -
Ikarus T3.1.1.84.0 2010.05.13 -
Jiangmin 13.0.900 2010.05.13 -
Kaspersky 7.0.0.125 2010.05.13 -
McAfee 5.400.0.1158 2010.05.13 -
McAfee-GW-Edition 2010.1 2010.05.13 -
Microsoft 1.5703 2010.05.13 -
NOD32 5113 2010.05.13 -
Norman 6.04.12 2010.05.13 -
nProtect 2010-05-13.01 2010.05.13 -
Panda 10.0.2.7 2010.05.13 -
PCTools 7.0.3.5 2010.05.13 -
Prevx 3.0 2010.05.13 -
Rising 22.47.03.04 2010.05.13 -
Sophos 4.53.0 2010.05.13 -
Sunbelt 6298 2010.05.13 -
Symantec 20101.1.0.89 2010.05.13 -
TheHacker 6.5.2.0.280 2010.05.13 -
TrendMicro 9.120.0.1004 2010.05.13 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.13 -
VBA32 3.12.12.4 2010.05.13 -
ViRobot 2010.5.13.2314 2010.05.13 -
VirusBuster 5.0.27.0 2010.05.13 -
Additional information
File size: 1337 bytes
MD5...: 7d712b8c59fed3ea12c2f11915638f55
SHA1..: 198abc6a677d469d9932850425f0b064be97aee3
SHA256: b644fd8f92096844eccc625af6e7b4ca2a837f70ce0a267a145f97f237665b0e
ssdeep: 24:hFoOoN/M6en4GSGtIGMGi4nGE5eXM7U7oNuMwGvgnGKoN/7AcwOoNn:ToOoBj
s4bGtI7B8RCMMoE5kk3oRUczoN
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic INI configuration (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

#28 Příspěvek od **earl** » 13 kvě 2010 19:01

Start - spustit - napiste ComboFix /Uninstall - a klepnout na OK,

pokud to takto nepujde,tak přejmenovat ComboFix.exe na Uninstall.exe a spustit ho.
-----------------------------------------------------------------------------------------------------------------

Pouzijte T-Cleaner na vycisteni pc po utilitach pouzitych pri odvirovani.Postupujte dle instrukci na obrazovce.Pri detekci antivirem se jedna o falesny poplach.

-----------------------------------------------------------------------------------------------------------------

Vycistete pc Ccleanerem.

Vzdy nejprve Analyzovat a pak Spustit Cleaner.2x po sobe.

Windows-odskrtnout historii a historii automatickeho vyplnovani formularu - prisel byste o historii navstivenych stranek a o ulozena hesla ve formularich

(je to sice z pohledu zabezpeceni spatne,ale aspon pak uzivatel nenadava,kam ze mu to zmizelo

)

Aplikace-u prohlizecu internetu odskrtnout Historii internetu.

Registry-nechat vse zaskrtle,Hledej problemy,Opravit vybrane problemy

(nechat ho udelat zalohu-ta je ulozena v Dokumentech-DULEZITE).

Taktez 2x-3x po sobe.

A popiste mi presne chovani pc.

chronos_m · #29 Příspěvek od **chronos_m** » 13 kvě 2010 20:27

Start - spustit - napiste ComboFix /Uninstall - a klepnout na OK,
bez problémů zafungoval a odinstaloval se CF

Pouzijte T-Cleaner na vycisteni pc
taktéž bez problémů. vše trvalo asi 2 minuty. Na začátku se mne jen optal zda-li souhlasím se smazáním souboru C:\ windows\erdnt . to jsem mu potvrdil. Po dokončení mi zmizelo několik nástrojů na kontrolu PC co jsem používal (bohužel neumím přesně říct které všechny)

Vycistete pc Ccleanerem.
vyčištěno několikráte dle pokynů, nyní již nic nenachází ani v registrech ani pro čištění.

Celá akce proběhla čistě bez zyblokování PC, restartů a jiného utrpení.

Mohu si to vyložit tak, že by mohl být čistý?

#30 Příspěvek od **earl** » 15 kvě 2010 20:09

Ano,to je vse.

VIRY.CZ

vyděrači

Re: vyděrači

Re: vyděrači

Re: vyděrači

Re: vyděrači

Re: vyděrači

Re: vyděrači

Re: vyděrači

Re: vyděrači

Re: vyděrači

Re: vyděrači

Re: vyděrači

Re: vyděrači

Re: vyděrači

Re: vyděrači

Re: vyděrači