Prosím o kotrolu logu

[tomly]

Logfile of random's system information tool 1.08 (written by random/random)
Run by Zdenko at 2010-09-18 11:48:00
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 5 GB (9%) free of 51 GB
Total RAM: 1790 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:48:43, on 18.09.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\NDrive\NDrive Update Agent\NDriveAgent.exe
C:\Windows\system32\ntvdm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Opera\opera.exe
D:\Zdenko\Desktop\RSIT.exe
C:\Program Files\trend micro\Zdenko.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cas.sk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=14597&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cas.sk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cas.sk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Poskytovateľ aplikácie Windows Internet Explorer: ČAS.SK
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - D:\PROGRA~1\PCTRAN~1\webie.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Metropolis] rundll32.exe C:\Windows\system32\sshnas21.dll,GetHandle
O4 - HKCU\..\Run: [ASH24SXZ9S] C:\Users\Zdenko\AppData\Local\Temp\Vdl.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2942068607-3278375336-704925009-1010\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'HypoUverSqlSvc')
O4 - HKUS\S-1-5-18\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Default user')
O4 - Startup: Kalendár.lnk = C:\Windows\MENINY.EXE
O4 - Global Startup: NDrive Update Agent.lnk = ?
O8 - Extra context menu item: Previesť cieľ odkazu do formátu Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Previesť do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Pridať cieľ odkazu do existujúceho súboru PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Pridať do existujúceho súboru PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Pridať do blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Pridať do blogu v programe Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - D:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B870044-D183-4575-963A-BA59DFB34EFC}: NameServer = 93.188.162.82,93.188.161.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{A50B11AC-1163-41FD-9921-E60B8E8DC1DE}: NameServer = 213.151.200.30 213.151.208.161
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD834D36-49B5-48BE-AEA6-F1CAB62664DE}: NameServer = 93.188.162.82,93.188.161.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB7E4DD3-03FC-4DD9-805F-3DF995D1FB8E}: NameServer = 93.188.162.82,93.188.161.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.82,93.188.161.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ProgramData\Skype\Plugins\Plugins\D32D9ABFBE354AC8A84F07C309C1E3AF\Skype4COM.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Windows\system32\acs.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9aeeead7fd411) (gupdate1c9aeeead7fd411) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 10385 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2942068607-3278375336-704925009-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2942068607-3278375336-704925009-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{EE751960-1D38-4847-B4FD-5F12A26B257E}.job
C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL [2009-02-18 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-14 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v sieti Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-06-19 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-06-19 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-27 501056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - D:\PROGRA~1\PCTRAN~1\webie.dll [2004-05-13 319488]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-06-19 349640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-07-25 13548064]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-07-09 2048352]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"Metropolis"=C:\Windows\system32\sshnas21.dll,GetHandle []
"ASH24SXZ9S"=C:\Users\Zdenko\AppData\Local\Temp\Vdl.exe [2010-09-16 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\CloneCD 5.2.9.1\CloneCDTray.exe [2005-05-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero 8\Nero BackItUp\NBKeyScan.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
C:\Program Files\CyberLink PowerDVD 8\PowerDVD8\PDVD8Serv.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Software Director Scheduler.lnk]
C:\PROGRA~1\COMMON~1\Cloanto\SOFTWA~1\softdir.exe [2009-03-06 288328]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
NDrive Update Agent.lnk - C:\Windows\Installer\{B87E4198-5CB0-4AAE-8229-C64540BFA0EE}\_9F1B2EA6AA5D69A3AE10FB.exe

C:\Users\Zdenko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Kalendár.lnk - C:\Windows\MENINY.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"EnableLUA"=0
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-09-18 11:48:01 ----D---- C:\Program Files\trend micro
2010-09-18 11:48:00 ----D---- C:\rsit
2010-09-16 20:47:22 ----D---- C:\Users\Zdenko\AppData\Roaming\Smart PC Solutions
2010-09-16 20:47:15 ----D---- C:\Program Files\Smart PC Solutions
2010-09-16 20:39:20 ----A---- C:\Windows\Vvygoa.exe
2010-09-11 06:41:52 ----A---- C:\Windows\ntbtlog.txt
2010-09-09 18:05:58 ----D---- C:\Users\Zdenko\AppData\Roaming\Nero
2010-09-09 17:25:07 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-09-09 17:24:51 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-09-09 17:16:56 ----A---- C:\Windows\system32\msimsg.dll
2010-09-09 17:16:56 ----A---- C:\Windows\system32\msihnd.dll
2010-09-09 17:16:56 ----A---- C:\Windows\system32\msiexec.exe
2010-09-09 17:16:55 ----A---- C:\Windows\system32\msi.dll
2010-08-31 13:39:15 ----A---- C:\Windows\MENINY.EXE
2010-08-27 13:32:31 ----D---- C:\Users\Zdenko\AppData\Roaming\vlc
2010-08-22 21:40:53 ----D---- C:\Program Files\NDrive
2010-08-21 10:24:32 ----RA---- C:\Windows\system32\AdobePDFUI.dll

======List of files/folders modified in the last 1 months======

2010-09-18 11:48:21 ----D---- C:\Windows\Prefetch
2010-09-18 11:48:12 ----D---- C:\Windows\Temp
2010-09-18 11:48:01 ----RD---- C:\Program Files
2010-09-18 11:40:03 ----D---- C:\Windows\System32
2010-09-18 11:40:03 ----D---- C:\Windows\inf
2010-09-18 11:40:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-09-18 11:34:48 ----A---- C:\Windows\win.ini
2010-09-18 11:28:45 ----D---- C:\Windows
2010-09-18 11:27:57 ----D---- C:\Windows\Tasks
2010-09-18 11:07:41 ----SHD---- C:\Windows\Installer
2010-09-18 11:07:41 ----HD---- C:\Config.Msi
2010-09-17 22:17:57 ----D---- C:\Users\Zdenko\AppData\Roaming\Skype
2010-09-17 21:08:56 ----D---- C:\Projection
2010-09-17 20:41:56 ----D---- C:\Windows\system32\FxsTmp
2010-09-17 20:02:31 ----D---- C:\Windows\system32\catroot2
2010-09-17 17:08:14 ----D---- C:\Windows\system32\drivers\Avg
2010-09-17 14:57:59 ----HD---- C:\$AVG8.VAULT$
2010-09-17 11:00:53 ----SHD---- C:\System Volume Information
2010-09-17 08:44:34 ----HD---- C:\ProgramData
2010-09-16 21:48:05 ----D---- C:\Windows\system32\Tasks
2010-09-16 20:56:43 ----AD---- C:\ProgramData\TEMP
2010-09-16 20:06:21 ----A---- C:\Windows\system32\omginstlog.txt
2010-09-16 19:57:42 ----A---- C:\Windows\wtran32.INI
2010-09-16 13:42:30 ----A---- C:\fftrlog.txt
2010-09-12 15:54:26 ----D---- C:\Windows\system32\drivers
2010-09-10 15:58:36 ----D---- C:\Program Files\Opera
2010-09-10 15:19:40 ----D---- C:\Program Files\Common Files
2010-09-10 15:16:51 ----D---- C:\Program Files\Common Files\Nero
2010-09-09 18:57:34 ----A---- C:\Windows\wdict32.INI
2010-09-09 17:56:25 ----D---- C:\ProgramData\Nero
2010-09-09 17:38:50 ----D---- C:\Windows\rescache
2010-09-09 17:25:37 ----RSD---- C:\Windows\assembly
2010-09-09 17:18:32 ----D---- C:\Windows\system32\zh-TW
2010-09-09 17:18:32 ----D---- C:\Windows\system32\zh-CN
2010-09-09 17:18:32 ----D---- C:\Windows\system32\uk-UA
2010-09-09 17:18:32 ----D---- C:\Windows\system32\tr-TR
2010-09-09 17:18:32 ----D---- C:\Windows\system32\th-TH
2010-09-09 17:18:32 ----D---- C:\Windows\system32\sv-SE
2010-09-09 17:18:32 ----D---- C:\Windows\system32\sr-Latn-CS
2010-09-09 17:18:32 ----D---- C:\Windows\system32\sl-SI
2010-09-09 17:18:32 ----D---- C:\Windows\system32\sk-SK
2010-09-09 17:18:32 ----D---- C:\Windows\system32\pt-PT
2010-09-09 17:18:32 ----D---- C:\Windows\system32\pt-BR
2010-09-09 17:18:32 ----D---- C:\Windows\system32\pl-PL
2010-09-09 17:18:32 ----D---- C:\Windows\system32\nl-NL
2010-09-09 17:18:32 ----D---- C:\Windows\system32\lv-LV
2010-09-09 17:18:32 ----D---- C:\Windows\system32\lt-LT
2010-09-09 17:18:32 ----D---- C:\Windows\system32\ko-KR
2010-09-09 17:18:32 ----D---- C:\Windows\system32\ja-JP
2010-09-09 17:18:32 ----D---- C:\Windows\system32\it-IT
2010-09-09 17:18:32 ----D---- C:\Windows\system32\hu-HU
2010-09-09 17:18:32 ----D---- C:\Windows\system32\hr-HR
2010-09-09 17:18:32 ----D---- C:\Windows\system32\he-IL
2010-09-09 17:18:32 ----D---- C:\Windows\system32\fr-FR
2010-09-09 17:18:32 ----D---- C:\Windows\system32\fi-FI
2010-09-09 17:18:32 ----D---- C:\Windows\system32\et-EE
2010-09-09 17:18:32 ----D---- C:\Windows\system32\es-ES
2010-09-09 17:18:32 ----D---- C:\Windows\system32\el-GR
2010-09-09 17:18:32 ----D---- C:\Windows\system32\de-DE
2010-09-09 17:18:32 ----D---- C:\Windows\system32\cs-CZ
2010-09-09 17:18:32 ----D---- C:\Windows\system32\bg-BG
2010-09-09 17:18:31 ----D---- C:\Windows\system32\ru-RU
2010-09-09 17:18:31 ----D---- C:\Windows\system32\ro-RO
2010-09-09 17:18:31 ----D---- C:\Windows\system32\nb-NO
2010-09-09 17:18:31 ----D---- C:\Windows\system32\en-US
2010-09-09 17:18:31 ----D---- C:\Windows\system32\da-DK
2010-09-09 17:18:31 ----D---- C:\Windows\system32\ar-SA
2010-09-09 17:17:59 ----D---- C:\Windows\winsxs
2010-09-09 17:17:49 ----D---- C:\Windows\system32\catroot
2010-09-08 21:00:33 ----D---- C:\Program Files\JDownloader
2010-09-08 08:15:33 ----D---- C:\ProgramData\avg8
2010-09-06 08:58:17 ----D---- C:\Program Files\Mozilla Thunderbird
2010-09-03 00:33:10 ----D---- C:\Program Files\Avidemux 2.4
2010-09-01 17:14:24 ----D---- C:\Program Files\Flexibil
2010-08-31 21:39:09 ----A---- C:\Windows\SmartMapsHomeFree.INI
2010-08-30 09:06:06 ----A---- C:\Windows\system32\PnkBstrB.exe
2010-08-27 09:57:38 ----D---- C:\Users\Zdenko\AppData\Roaming\dvdcss
2010-08-27 08:00:16 ----D---- C:\Windows\SoftwareDistribution
2010-08-26 19:17:40 ----D---- C:\Users\Zdenko\AppData\Roaming\LimeWire
2010-08-25 21:37:17 ----A---- C:\Windows\TRNCOM.INI
2010-08-20 20:27:54 ----A---- C:\Windows\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AvgRkx86;avgrkx86.sys; C:\Windows\System32\Drivers\avgrkx86.sys [2009-08-24 12552]
R0 fvevol;BitLocker Drive Encryption Filter Driver; C:\Windows\System32\DRIVERS\fvevol.sys [2008-01-19 145464]
R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2008-07-21 145952]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-09-29 717296]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2009-08-24 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-08-24 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-08-24 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-08-24 108552]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-11-16 50704]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athw.sys [2008-11-05 1343616]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-01-31 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-01-31 29184]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 ElbyDelay;ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2007-05-26 101376]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-05-07 2134424]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-07-08 1050656]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-07-25 7547552]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-07-22 15872]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-19 9216]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 92672]
S1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2007-07-20 25288]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\ar5211.sys [2006-03-22 488992]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-04-05 908800]
S3 auqub8mq;auqub8mq; C:\Windows\system32\drivers\auqub8mq.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-01-31 220160]
S3 Camav;SAMSUNG Video Capture Driver; C:\Windows\System32\Drivers\Camav.sys [2007-01-27 54656]
S3 camflt;Samsung USB Audio Filter; C:\Windows\system32\DRIVERS\camflt.sys [2007-01-27 12160]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\Windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\Windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\Windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\Windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2008-05-22 1772544]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2008-01-19 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 VirtualDK;VirtualDK; \??\C:\Make-bootable-USB\vdk.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-10-02 94208]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-24 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-24 297752]
R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2009-08-24 1370488]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MSSQL$CSOB;SQL Server (CSOB); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-07-25 196608]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-03-08 66872]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-08-12 603904]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 ACS;Atheros Configuration Service; C:\Windows\system32\acs.exe [2006-03-25 278613]
S2 gupdate1c9aeeead7fd411;Google Update Service (gupdate1c9aeeead7fd411); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-27 133104]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-06-19 651720]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-08-12 360192]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------


Vopred dakujem za pomoc...

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[tomly]

Neviem deaktivovat antivirus a antispyware v AVG Internet Security. Neviem tam najst moznost deaktivacie, vobec to tam nevidim. Combofix spusteny, ale upozornuje na deaktivaciu antivirus a antispyware.

Urobil som toto:
Firewall: zastavené
Anti Spam: zrušený
Rezidentný štít: Deaktivovaný
Manažér aktualizácii: Aktualizácia databázy zrušená.

Ale antivirus a antispyware sú stále aktívne

Už to hľadám v návode, verím, že sa mi to podarí...

[Rudy]

AVG to má, pokud vím, v nastaveních, která rozkliknete ikonou na tray. Někdy ale CF hlásí zapnuté rezidenty, i když jsou vypnuty.

[tomly]

Mne sice CF ukazal log na celej obrazovke a ked som ho dal ulozit na plochu, tak mi ostala modra obrazovka bez ikon, tak som dal tvrdy restart, lebo sa nic dlho nedialo, len neviem, ci som nieco nepo....

ComboFix 10-09-17.04 - Zdenko 18.09.2010 15:40:00.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.420.1033.18.1790.945 [GMT 2:00]
Spuštěný z: d:\zdenko\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
SP: AVG Internet Security *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSrcas.dll
c:\users\Zdenko\AppData\Roaming\inst.exe
c:\windows\system32\bszip.dll
c:\windows\system32\vbzlib1.dll
D:\install.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-18 do 2010-09-18 )))))))))))))))))))))))))))))))
.

2010-09-18 14:02 . 2010-09-18 14:02 -------- d-----w- c:\users\Zdenko\AppData\Local\temp
2010-09-18 14:02 . 2010-09-18 14:02 -------- d-----w- c:\users\HypoUverSqlSvc\AppData\Local\temp
2010-09-18 09:48 . 2010-09-18 09:48 -------- d-----w- c:\program files\trend micro
2010-09-18 09:48 . 2010-09-18 09:48 -------- d-----w- C:\rsit
2010-09-16 18:47 . 2010-09-16 18:47 -------- d-----w- c:\users\Zdenko\AppData\Roaming\Smart PC Solutions
2010-09-16 18:47 . 2010-09-16 18:47 -------- d-----w- c:\program files\Smart PC Solutions
2010-09-16 18:39 . 2010-09-16 18:39 185344 ----a-w- c:\windows\Vvygoa.exe
2010-09-16 17:57 . 2010-09-16 17:57 -------- d-----w- c:\users\Zdenko\AppData\Local\PackageAware
2010-09-09 16:08 . 2010-09-09 16:08 -------- d-----w- c:\users\Zdenko\AppData\Local\Nero_AG
2010-09-09 16:05 . 2010-09-09 16:05 -------- d-----w- c:\users\Zdenko\AppData\Roaming\Nero
2010-09-09 15:25 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-09-09 15:24 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-09-09 15:16 . 2008-04-18 05:30 332800 ----a-w- c:\windows\system32\msihnd.dll
2010-09-09 15:16 . 2008-04-18 02:33 73216 ----a-w- c:\windows\system32\msiexec.exe
2010-09-09 15:16 . 2008-04-18 02:33 2560 ----a-w- c:\windows\system32\msimsg.dll
2010-09-09 15:16 . 2008-04-18 05:30 2241536 ----a-w- c:\windows\system32\msi.dll
2010-09-07 10:10 . 2010-06-20 02:21 214016 ----a-w- c:\users\Zdenko\AppData\Roaming\Thunderbird\Profiles\02pq8644.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbscmp.dll
2010-08-31 11:39 . 2010-08-31 11:39 53808 ----a-w- c:\windows\MENINY.EXE
2010-08-27 11:32 . 2010-09-15 07:38 -------- d-----w- c:\users\Zdenko\AppData\Roaming\vlc
2010-08-22 19:40 . 2010-08-22 19:40 -------- d-----w- c:\program files\NDrive
2010-08-21 08:24 . 2009-08-19 21:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 13:28 . 2009-01-31 12:47 221854 ----a-w- c:\programdata\nvModes.dat
2010-09-18 13:26 . 2009-01-31 10:31 6604 ----a-w- c:\windows\bthservsdp.dat
2010-09-18 12:56 . 2009-01-31 15:49 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-09-17 20:17 . 2009-07-01 22:27 -------- d-----w- c:\users\Zdenko\AppData\Roaming\Skype
2010-09-10 13:58 . 2009-10-06 09:26 -------- d-----w- c:\program files\Opera
2010-09-10 13:16 . 2009-03-14 21:52 -------- d-----w- c:\program files\Common Files\Nero
2010-09-09 15:56 . 2009-01-31 11:35 -------- d-----w- c:\programdata\Nero
2010-09-08 19:00 . 2010-07-27 08:39 -------- d-----w- c:\program files\JDownloader
2010-09-08 06:15 . 2009-08-12 16:56 -------- d-----w- c:\programdata\avg8
2010-09-02 22:33 . 2009-10-09 14:34 -------- d-----w- c:\program files\Avidemux 2.4
2010-09-01 15:14 . 2009-08-25 07:46 -------- d-----w- c:\program files\Flexibil
2010-08-30 07:06 . 2009-03-07 18:07 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-30 07:06 . 2009-03-07 18:07 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-27 07:57 . 2009-11-13 20:56 -------- d-----w- c:\users\Zdenko\AppData\Roaming\dvdcss
2010-08-26 17:17 . 2009-02-16 21:14 -------- d-----w- c:\users\Zdenko\AppData\Roaming\LimeWire
2010-08-17 12:36 . 2009-12-17 10:16 -------- d-----w- c:\users\Zdenko\AppData\Roaming\PC Suite
2010-08-11 06:25 . 2009-01-31 11:57 -------- d-----w- c:\users\Zdenko\AppData\Roaming\BSplayer Pro
2010-08-09 09:18 . 2009-12-30 20:43 -------- d-----w- c:\programdata\Installations
2010-08-09 09:17 . 2010-01-25 21:16 -------- d-----w- c:\program files\Nokia
2010-08-09 09:16 . 2010-08-09 09:16 3351812 ----a-w- c:\programdata\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\Installer\CommonCustomActions\msxml6Exec.exe
2010-08-09 09:16 . 2010-08-09 09:16 36864 ----a-w- c:\programdata\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\Installer\CommonCustomActions\Sleep.exe
2010-08-09 09:16 . 2010-08-09 09:16 3203453 ----a-w- c:\programdata\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\Installer\CommonCustomActions\vcredistExec.exe
2010-08-09 09:16 . 2010-08-09 09:17 36598408 ----a-w- c:\programdata\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\NokiaSoftwareUpdaterSetup_2.5.8SK.exe
2010-08-07 15:07 . 2010-08-07 09:17 -------- d-----w- c:\programdata\Sony Ericsson
2010-08-06 08:23 . 2010-08-06 08:23 -------- d-----w- c:\program files\WinPcap
2010-07-30 16:12 . 2010-07-30 16:12 249856 ------w- c:\windows\Setup1.exe
2010-07-30 16:12 . 2010-07-30 16:12 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-07-30 15:27 . 2010-07-30 15:27 -------- d-----w- c:\program files\GPLGS
2010-07-30 15:26 . 2010-07-30 15:26 -------- d-----w- c:\program files\Acro Software
2010-07-30 10:17 . 2010-07-30 10:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-07-27 12:19 . 2010-01-24 00:54 -------- d-----w- c:\programdata\OviInstallerCache
2010-07-27 12:17 . 2009-12-17 09:40 -------- d-----w- c:\program files\Common Files\Nokia
2010-07-27 12:14 . 2010-07-27 12:14 -------- d-----w- c:\program files\PC Connectivity Solution
2010-07-27 12:10 . 2010-07-27 12:10 77824 ----a-w- c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-07-27 12:10 . 2010-07-27 12:10 50000 ----a-w- c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-07-27 12:07 . 2010-07-27 12:07 -------- d-----w- c:\programdata\NokiaInstallerCache
2010-07-26 13:30 . 2010-06-19 14:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-09 08:42 . 2010-07-27 12:10 69222840 ----a-w- c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-07-09 08:42 . 2010-02-15 14:13 69222840 ----a-w- c:\users\Zdenko\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2010-06-28 19:02 . 2010-06-28 19:02 471040 ----a-w- c:\programdata\Skype\Plugins\Plugins\D32D9ABFBE354AC8A84F07C309C1E3AF\MikogoSkypeExtra.exe
2010-06-28 19:02 . 2010-06-28 19:02 1828440 ----a-w- c:\programdata\Skype\Plugins\Plugins\D32D9ABFBE354AC8A84F07C309C1E3AF\Skype4COM.dll
2010-06-28 19:02 . 2010-06-28 19:02 1115960 ----a-w- c:\programdata\Skype\Plugins\Plugins\D32D9ABFBE354AC8A84F07C309C1E3AF\Mikogo.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-25 13548064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-09 2048352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

c:\users\Zdenko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Kalend r.lnk - c:\windows\MENINY.EXE [2010-8-31 53808]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NDrive Update Agent.lnk - c:\windows\Installer\{B87E4198-5CB0-4AAE-8229-C64540BFA0EE}\_9F1B2EA6AA5D69A3AE10FB.exe [2010-8-22 140206]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Software Director Scheduler.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Software Director Scheduler.lnk
backup=c:\windows\pss\Software Director Scheduler.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2005-05-19 13:47 57344 ----a-w- c:\program files\CloneCD 5.2.9.1\CloneCDTray.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"NBAgent"="d:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2942068607-3278375336-704925009-1000]
"EnableNotificationsRef"=dword:00000012

R2 gupdate1c9aeeead7fd411;Google Update Service (gupdate1c9aeeead7fd411);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 133104]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
R3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
R3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
R3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
R3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
R3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
R3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
R3 VirtualDK;VirtualDK;c:\make-bootable-usb\vdk.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-09-29 717296]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-08-24 12552]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2009-08-24 23832]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-24 335240]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-08-24 108552]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-24 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-24 297752]
S2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-08-24 1370488]
S2 MSSQL$CSOB;SQL Server (CSOB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-09-16 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2010-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 15:13]

2010-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 15:13]

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2942068607-3278375336-704925009-1000Core.job
- c:\users\Zdenko\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-05 18:09]

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2942068607-3278375336-704925009-1000UA.job
- c:\users\Zdenko\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-05 18:09]

2010-06-10 c:\windows\Tasks\User_Feed_Synchronization-{EE751960-1D38-4847-B4FD-5F12A26B257E}.job
- c:\windows\system32\msfeedssync.exe [2009-08-20 20:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=14597&l=dis
mStart Page = hxxp://www.cas.sk
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Previesť cieľ odkazu do formátu Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Previesť do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridať cieľ odkazu do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Pridať do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - d:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - d:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - d:\progra~1\PCTRAN~1\webie.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-Locked - (no file)
HKCU-Run-Metropolis - c:\windows\system32\sshnas21.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero 8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-RemoteControl8 - c:\program files\CyberLink PowerDVD 8\PowerDVD8\PDVD8Serv.exe
AddRemove-ETS CZ - c:\program files\Euro Truck Simulator\mod\Uninstal ETS CZ.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-18 16:02
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0018\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0019\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-09-18 16:06:29
ComboFix-quarantined-files.txt 2010-09-18 14:06

Před spuštěním: 4 889 489 408 bytes free
Po spuštění: 7 370 866 688 bytes free

- - End Of File - - FE1DFAD7204745D5774219A5687F6B47

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\Vvygoa.exe

Uložte na plochu jakjo CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkaz ze skriptu.

[tomly]

Už som to urobil. A teraz je už počítač čistý?
Pred posledným krokom som mal viac miesta na C a teraz menej o cca 1,5 Gb, je to v poriadku?

[Rudy]

PC by měl být čistý. Odinstalujte CF: Start>spustit>(napsat) combofix /uninstall>OK a smažte složku C:\Quoobox.

[tomly]

Po poslednom kroku sa znovu spustil CF a vytvoril tento log:

ComboFix 10-09-17.04 - Zdenko 18.09.2010 17:24:46.2.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.420.1033.18.1790.869 [GMT 2:00]
Spuštěný z: d:\zdenko\Desktop\ComboFix.exe
Použité ovládací přepínače :: d:\zdenko\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
SP: AVG Internet Security *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-08-18 do 2010-09-18 )))))))))))))))))))))))))))))))
.

2010-09-18 15:48 . 2010-09-18 15:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-18 15:48 . 2010-09-18 15:48 -------- d-----w- c:\users\HypoUverSqlSvc\AppData\Local\temp
2010-09-18 15:48 . 2010-09-18 15:48 -------- d-----w- c:\users\HypoUverSqlSvc.ZDENKO\AppData\Local\temp
2010-09-18 15:48 . 2010-09-18 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-18 14:06 . 2010-09-18 15:48 -------- d-----w- c:\users\Zdenko\AppData\Local\temp
2010-09-18 09:48 . 2010-09-18 09:48 -------- d-----w- c:\program files\trend micro
2010-09-18 09:48 . 2010-09-18 09:48 -------- d-----w- C:\rsit
2010-09-16 18:47 . 2010-09-16 18:47 -------- d-----w- c:\users\Zdenko\AppData\Roaming\Smart PC Solutions
2010-09-16 18:47 . 2010-09-16 18:47 -------- d-----w- c:\program files\Smart PC Solutions
2010-09-16 18:39 . 2010-09-16 18:39 185344 ----a-w- c:\windows\Vvygoa.exe
2010-09-16 17:57 . 2010-09-16 17:57 -------- d-----w- c:\users\Zdenko\AppData\Local\PackageAware
2010-09-09 16:08 . 2010-09-09 16:08 -------- d-----w- c:\users\Zdenko\AppData\Local\Nero_AG
2010-09-09 16:05 . 2010-09-09 16:05 -------- d-----w- c:\users\Zdenko\AppData\Roaming\Nero
2010-09-09 15:25 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-09-09 15:24 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-09-09 15:16 . 2008-04-18 05:30 332800 ----a-w- c:\windows\system32\msihnd.dll
2010-09-09 15:16 . 2008-04-18 02:33 73216 ----a-w- c:\windows\system32\msiexec.exe
2010-09-09 15:16 . 2008-04-18 02:33 2560 ----a-w- c:\windows\system32\msimsg.dll
2010-09-09 15:16 . 2008-04-18 05:30 2241536 ----a-w- c:\windows\system32\msi.dll
2010-09-07 10:10 . 2010-06-20 02:21 214016 ----a-w- c:\users\Zdenko\AppData\Roaming\Thunderbird\Profiles\02pq8644.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbscmp.dll
2010-08-31 11:39 . 2010-08-31 11:39 53808 ----a-w- c:\windows\MENINY.EXE
2010-08-27 11:32 . 2010-09-15 07:38 -------- d-----w- c:\users\Zdenko\AppData\Roaming\vlc
2010-08-22 19:40 . 2010-08-22 19:40 -------- d-----w- c:\program files\NDrive
2010-08-21 08:24 . 2009-08-19 21:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 14:15 . 2009-01-31 15:49 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-09-18 13:28 . 2009-01-31 12:47 221854 ----a-w- c:\programdata\nvModes.dat
2010-09-18 13:26 . 2009-01-31 10:31 6604 ----a-w- c:\windows\bthservsdp.dat
2010-09-17 20:17 . 2009-07-01 22:27 -------- d-----w- c:\users\Zdenko\AppData\Roaming\Skype
2010-09-10 13:58 . 2009-10-06 09:26 -------- d-----w- c:\program files\Opera
2010-09-10 13:16 . 2009-03-14 21:52 -------- d-----w- c:\program files\Common Files\Nero
2010-09-09 15:56 . 2009-01-31 11:35 -------- d-----w- c:\programdata\Nero
2010-09-08 19:00 . 2010-07-27 08:39 -------- d-----w- c:\program files\JDownloader
2010-09-08 06:15 . 2009-08-12 16:56 -------- d-----w- c:\programdata\avg8
2010-09-02 22:33 . 2009-10-09 14:34 -------- d-----w- c:\program files\Avidemux 2.4
2010-09-01 15:14 . 2009-08-25 07:46 -------- d-----w- c:\program files\Flexibil
2010-08-30 07:06 . 2009-03-07 18:07 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-30 07:06 . 2009-03-07 18:07 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-27 07:57 . 2009-11-13 20:56 -------- d-----w- c:\users\Zdenko\AppData\Roaming\dvdcss
2010-08-26 17:17 . 2009-02-16 21:14 -------- d-----w- c:\users\Zdenko\AppData\Roaming\LimeWire
2010-08-17 12:36 . 2009-12-17 10:16 -------- d-----w- c:\users\Zdenko\AppData\Roaming\PC Suite
2010-08-11 06:25 . 2009-01-31 11:57 -------- d-----w- c:\users\Zdenko\AppData\Roaming\BSplayer Pro
2010-08-09 09:18 . 2009-12-30 20:43 -------- d-----w- c:\programdata\Installations
2010-08-09 09:17 . 2010-01-25 21:16 -------- d-----w- c:\program files\Nokia
2010-08-09 09:16 . 2010-08-09 09:16 3351812 ----a-w- c:\programdata\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\Installer\CommonCustomActions\msxml6Exec.exe
2010-08-09 09:16 . 2010-08-09 09:16 36864 ----a-w- c:\programdata\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\Installer\CommonCustomActions\Sleep.exe
2010-08-09 09:16 . 2010-08-09 09:16 3203453 ----a-w- c:\programdata\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\Installer\CommonCustomActions\vcredistExec.exe
2010-08-09 09:16 . 2010-08-09 09:17 36598408 ----a-w- c:\programdata\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\NokiaSoftwareUpdaterSetup_2.5.8SK.exe
2010-08-07 15:07 . 2010-08-07 09:17 -------- d-----w- c:\programdata\Sony Ericsson
2010-08-06 08:23 . 2010-08-06 08:23 -------- d-----w- c:\program files\WinPcap
2010-07-30 16:12 . 2010-07-30 16:12 249856 ------w- c:\windows\Setup1.exe
2010-07-30 16:12 . 2010-07-30 16:12 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-07-30 15:27 . 2010-07-30 15:27 -------- d-----w- c:\program files\GPLGS
2010-07-30 15:26 . 2010-07-30 15:26 -------- d-----w- c:\program files\Acro Software
2010-07-30 10:17 . 2010-07-30 10:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-07-27 12:19 . 2010-01-24 00:54 -------- d-----w- c:\programdata\OviInstallerCache
2010-07-27 12:17 . 2009-12-17 09:40 -------- d-----w- c:\program files\Common Files\Nokia
2010-07-27 12:14 . 2010-07-27 12:14 -------- d-----w- c:\program files\PC Connectivity Solution
2010-07-27 12:10 . 2010-07-27 12:10 77824 ----a-w- c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-07-27 12:10 . 2010-07-27 12:10 50000 ----a-w- c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-07-27 12:07 . 2010-07-27 12:07 -------- d-----w- c:\programdata\NokiaInstallerCache
2010-07-26 13:30 . 2010-06-19 14:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-09 08:42 . 2010-07-27 12:10 69222840 ----a-w- c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-07-09 08:42 . 2010-02-15 14:13 69222840 ----a-w- c:\users\Zdenko\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2010-06-28 19:02 . 2010-06-28 19:02 471040 ----a-w- c:\programdata\Skype\Plugins\Plugins\D32D9ABFBE354AC8A84F07C309C1E3AF\MikogoSkypeExtra.exe
2010-06-28 19:02 . 2010-06-28 19:02 1828440 ----a-w- c:\programdata\Skype\Plugins\Plugins\D32D9ABFBE354AC8A84F07C309C1E3AF\Skype4COM.dll
2010-06-28 19:02 . 2010-06-28 19:02 1115960 ----a-w- c:\programdata\Skype\Plugins\Plugins\D32D9ABFBE354AC8A84F07C309C1E3AF\Mikogo.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-09-18_14.03.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-18 13:28 . 2010-09-18 14:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-18 13:28 . 2010-09-18 13:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-18 13:28 . 2010-09-18 14:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-09-18 13:28 . 2010-09-18 13:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-25 13548064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-09 2048352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

c:\users\Zdenko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Kalend r.lnk - c:\windows\MENINY.EXE [2010-8-31 53808]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NDrive Update Agent.lnk - c:\windows\Installer\{B87E4198-5CB0-4AAE-8229-C64540BFA0EE}\_9F1B2EA6AA5D69A3AE10FB.exe [2010-8-22 140206]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Software Director Scheduler.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Software Director Scheduler.lnk
backup=c:\windows\pss\Software Director Scheduler.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2005-05-19 13:47 57344 ----a-w- c:\program files\CloneCD 5.2.9.1\CloneCDTray.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"NBAgent"="d:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2942068607-3278375336-704925009-1000]
"EnableNotificationsRef"=dword:00000012

R2 gupdate1c9aeeead7fd411;Google Update Service (gupdate1c9aeeead7fd411);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 133104]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
R3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
R3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
R3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
R3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
R3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
R3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
R3 VirtualDK;VirtualDK;c:\make-bootable-usb\vdk.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-09-29 717296]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-08-24 12552]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2009-08-24 23832]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-24 335240]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-08-24 108552]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-24 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-24 297752]
S2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-08-24 1370488]
S2 MSSQL$CSOB;SQL Server (CSOB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-09-16 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2010-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 15:13]

2010-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 15:13]

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2942068607-3278375336-704925009-1000Core.job
- c:\users\Zdenko\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-05 18:09]

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2942068607-3278375336-704925009-1000UA.job
- c:\users\Zdenko\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-05 18:09]

2010-06-10 c:\windows\Tasks\User_Feed_Synchronization-{EE751960-1D38-4847-B4FD-5F12A26B257E}.job
- c:\windows\system32\msfeedssync.exe [2009-08-20 20:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=14597&l=dis
mStart Page = hxxp://www.cas.sk
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Previesť cieľ odkazu do formátu Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Previesť do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridať cieľ odkazu do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Pridať do existujúceho súboru PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - d:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - d:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - d:\progra~1\PCTRAN~1\webie.dll
TCP: {A50B11AC-1163-41FD-9921-E60B8E8DC1DE} = 213.151.200.30 213.151.208.161
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-18 17:48
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0018\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0019\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-09-18 17:51:32
ComboFix-quarantined-files.txt 2010-09-18 15:51
ComboFix2.txt 2010-09-18 14:06

Před spuštěním: 7 348 707 328 bytes free
Po spuštění: 7 285 854 208 bytes free

- - End Of File - - C7CE5F7A95BC40893001F7A34444E767

[Rudy]

Použijte Avenger: http://www.viry.cz/forum/viewtopic.php?f=15&t=19832 se skriptem:

Files to delete:
c:\windows\Vvygoa.exe

[tomly]

Po spusteni Avengeru mi vypisalo toto:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\Vvygoa.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Teraz idem vymazat CF podla postupu...

[Rudy]

Soubor smazán. Teď by měl být PC čistý.

[tomly]

Chcem sa poďakovať za pomoc a vyčistenie notebooku. Chcel by som prispieť nejakým eurom. Dočítal som sa, že by to mohlo ísť cez mBank (mám účet mBank ), ale neviem nájsť číslo účtu a kód banky...
Kolega má tiež zavírený notebook, tak vás budem ešte potrebovať...

[Rudy]

Nemáte zač! Naše fórum lze podpořit způsoby, uvedenými v mém podpisu pod "Podpořte fórum".

[tomly]

Ešte by som ťa chcel poprosiť: pri otváraní ktoréhokoľvek súboru stlačením pravého tlačítka myši mi niekedy ukáže hlášku priloženú v prílohe.