Neustálý útok na pc

[Andrew14]

Dobrý den, norton neustále vypisuje tuto hlášku:


Když kliknu na zobrazit podrobnosti, tak se otevře toto:

Akorát je pokaždé různý počítač útočníka.

A ještě jedno. Po skenu pc najde Norton vir, který nelze Nortonem a ani ručně vymazat:


Zde je log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:55:55, on 10.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Soluto\soluto.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PicPick\picpick.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Documents and Settings\Ondra\Data aplikací\Dropbox\bin\Dropbox.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Documents and Settings\Ondra\Plocha\hijackthis.exe
C:\WINDOWS\System32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Ondra\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: _URLHandler - {6E6624DD-AB4A-45E9-B9B7-393CB62C45ED} - C:\PROGRA~1\BACKUP~1\SHELLH~1.DLL
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Ondra\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\PROGRA~1\FREEDO~1\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PicPick Start] C:\Program Files\PicPick\picpick.exe
O4 - HKCU\..\Run: [Vdopumokabadebi] rundll32.exe "C:\WINDOWS\mdpeWuin.dll",Startup
O4 - HKLM\..\Policies\Explorer\Run: []
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Startup: Dropbox.lnk = ?
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download Flash with Flash &Grabber - res://C:\PROGRA~1\FLASHG~1\swfgrab.dll/iesave
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout obsah FLV videa s IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.cz/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Ondra/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 12029 bytes

[vyosek]

Zdravim a pekny den preji

Predpokladam ze Nortona mate legalniho = zakoupena licence

Prectete si pravidla fora a dejte log z RSIT -je podrobnejsi nez HJT

[Andrew14]

ano mám

zde je log z RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Ondra at 2010-10-10 16:27:07
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 44 GB (24%) free of 181 GB
Total RAM: 2046 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:27:14, on 10.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Soluto\soluto.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PicPick\picpick.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Documents and Settings\Ondra\Data aplikací\Dropbox\bin\Dropbox.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ondra\Plocha\file uplaoder\FileUploader.exe
C:\Program Files\ACD Systems\ACDSee\ACDSee.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Ondra\Plocha\RSIT.exe
C:\Program Files\trend micro\Ondra.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Ondra\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: _URLHandler - {6E6624DD-AB4A-45E9-B9B7-393CB62C45ED} - C:\PROGRA~1\BACKUP~1\SHELLH~1.DLL
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Ondra\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\PROGRA~1\FREEDO~1\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PicPick Start] C:\Program Files\PicPick\picpick.exe
O4 - HKCU\..\Run: [Vdopumokabadebi] rundll32.exe "C:\WINDOWS\mdpeWuin.dll",Startup
O4 - HKLM\..\Policies\Explorer\Run: []
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Startup: Dropbox.lnk = ?
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download Flash with Flash &Grabber - res://C:\PROGRA~1\FLASHG~1\swfgrab.dll/iesave
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout obsah FLV videa s IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.cz/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\BROWSEUI.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\BROWSEUI.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Ondra/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 12587 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1336601894-2147125571-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1336601894-2147125571-1003UA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-839522115-1336601894-2147125571-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-1336601894-2147125571-1003.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure Startup.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2010-05-26 193968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll [2010-09-04 396144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL [2010-05-14 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\Ondra\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-24 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-06-23 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\PROGRA~1\FREEDO~1\iefdm2.dll [2007-11-26 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2007-05-16 191096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-17 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll [2010-09-04 396144]
{4064EA35-578D-4073-A834-C96D82CBCF40} - &Save Flash - C:\Program Files\Save Flash\SaveFlash.dll [2010-06-01 1210368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-10-06 18750976]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2009-10-26 15872]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-05-23 202256]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-07-07 1753192]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2010-06-26 1311312]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"=rundll32 netman.dll,ProcessQueue []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
""=1 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"PicPick Start"=C:\Program Files\PicPick\picpick.exe [2010-07-30 4972032]
"Vdopumokabadebi"=C:\WINDOWS\mdpeWuin.dll [2008-04-14 83456]
""= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

C:\Documents and Settings\Ondra\Nabídka Start\Programy\Po spuštění
Dropbox.lnk - C:\Documents and Settings\Ondra\Data aplikací\Dropbox\bin\Dropbox.exe
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2010-05-06 64592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SolutoService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=149
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108719
"NoDrives"=0
"HonorAutoRunSetting"=1
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:*:Enabled:VoipBuster"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\WINDOWS\system32\CNAB4RPK.EXE"="C:\WINDOWS\system32\CNAB4RPK.EXE:*:Disabled:Canon LBP2900 RPC Server Process"
"C:\Program Files\Free Music Zilla\FMZilla.exe"="C:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla"
"C:\Program Files\Opera 10.10 Beta\opera.exe"="C:\Program Files\Opera 10.10 Beta\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\River Past\Animated GIF Converter and Booster Pack\VideoCleaner.exe"="C:\Program Files\River Past\Animated GIF Converter and Booster Pack\VideoCleaner.exe:*:Enabled:River Past Animated GIF Converter"
"C:\Documents and Settings\Ondra\Plocha\stahle soubory\utorrent-portable\utorrent.exe"="C:\Documents and Settings\Ondra\Plocha\stahle soubory\utorrent-portable\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Soluto\Soluto.exe"="C:\Program Files\Soluto\Soluto.exe:*:Enabled:Soluto Tray"
"C:\Program Files\Soluto\SolutoService.exe"="C:\Program Files\Soluto\SolutoService.exe:*:Enabled:Soluto Service"
"C:\Program Files\Soluto\SolutoConsole.exe"="C:\Program Files\Soluto\SolutoConsole.exe:*:Enabled:Soluto Console"
"C:\Program Files\Soluto\SolutoUpdateService.exe"="C:\Program Files\Soluto\SolutoUpdateService.exe:*:Enabled:Soluto Update Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2010-10-10 08:27:16 ----A---- C:\WINDOWS\ntbtlog.txt
2010-10-09 13:08:05 ----D---- C:\Documents and Settings\Ondra\Data aplikací\Nokia Ovi Suite
2010-10-09 13:01:28 ----HDC---- C:\WINDOWS\$NtUninstallWudf01009$
2010-10-09 12:55:15 ----HDC---- C:\WINDOWS\$NtUninstallWdf01009$
2010-10-09 12:45:42 ----A---- C:\WINDOWS\system32\drivers\pccsmcfd.sys
2010-10-09 12:45:34 ----D---- C:\Program Files\PC Connectivity Solution
2010-10-09 12:45:10 ----A---- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2010-10-09 12:45:09 ----A---- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2010-10-09 12:45:09 ----A---- C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010-10-09 12:45:08 ----A---- C:\WINDOWS\system32\wdfcoinstaller01009.dll
2010-10-09 12:45:08 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2010-10-09 12:45:08 ----A---- C:\WINDOWS\system32\drivers\ccdcmb.sys
2010-10-09 12:43:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\NokiaInstallerCache
2010-10-09 07:54:46 ----D---- C:\Program Files\Adobe
2010-10-06 17:47:17 ----D---- C:\Documents and Settings\Ondra\Data aplikací\UseNeXT
2010-10-06 17:47:08 ----D---- C:\Program Files\UseNeXT
2010-10-06 17:01:54 ----D---- C:\Documents and Settings\Ondra\Data aplikací\IObit
2010-10-06 17:01:53 ----D---- C:\Program Files\IObit
2010-10-03 16:38:48 ----D---- C:\Program Files\FramePhotoEditor
2010-09-29 23:11:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$
2010-09-27 23:45:30 ----D---- C:\Documents and Settings\Ondra\Data aplikací\Digsby
2010-09-27 23:45:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Digsby
2010-09-27 23:43:54 ----D---- C:\Program Files\Digsby
2010-09-26 23:45:29 ----A---- C:\WINDOWS\system32\drivers\LNonPnP.sys
2010-09-26 23:45:01 ----A---- C:\WINDOWS\system32\drivers\LBeepKE.sys
2010-09-26 23:44:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Logishrd
2010-09-26 23:44:33 ----D---- C:\Program Files\Logitech
2010-09-26 23:28:16 ----D---- C:\Documents and Settings\Ondra\Data aplikací\vlc
2010-09-26 23:27:21 ----D---- C:\Documents and Settings\Ondra\Data aplikací\Logishrd
2010-09-26 15:51:56 ----D---- C:\Documents and Settings\Ondra\Data aplikací\eBookPro6
2010-09-22 20:35:18 ----D---- C:\Program Files\Soluto
2010-09-18 09:06:55 ----D---- C:\Program Files\LizardTech
2010-09-15 23:08:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-15 23:08:35 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-15 23:08:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-15 23:08:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-15 23:08:16 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-15 23:07:53 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-15 23:04:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-09-15 17:07:13 ----D---- C:\Program Files\Nsasoft
2010-09-12 14:33:04 ----D---- C:\Program Files\Abidan
2010-09-11 22:14:07 ----D---- C:\Documents and Settings\Ondra\Data aplikací\HD Tune Pro
2010-09-11 22:13:59 ----D---- C:\Program Files\HD Tune Pro
2010-09-11 17:59:30 ----A---- C:\Documents and Settings\All Users\Data aplikací\Microsoft.SqlServer.Compact.351.32.bc
2010-09-11 17:58:10 ----A---- C:\WINDOWS\system32\drivers\PCGenFAM.sys
2010-09-11 17:57:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Soluto

======List of files/folders modified in the last 1 months======

2010-10-10 16:27:14 ----D---- C:\Program Files\Trend Micro
2010-10-10 16:26:43 ----D---- C:\WINDOWS\TEMP
2010-10-10 15:55:37 ----D---- C:\Documents and Settings\Ondra\Data aplikací\Dropbox
2010-10-10 15:51:54 ----SHD---- C:\System Volume Information
2010-10-10 15:50:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-10 08:27:16 ----D---- C:\WINDOWS
2010-10-09 22:38:36 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-09 20:37:47 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-10-09 20:26:13 ----D---- C:\Documents and Settings\Ondra\Data aplikací\Nokia
2010-10-09 13:01:51 ----D---- C:\WINDOWS\system32\drivers
2010-10-09 13:01:46 ----HD---- C:\WINDOWS\inf
2010-10-09 13:01:40 ----D---- C:\WINDOWS\system32
2010-10-09 13:01:09 ----D---- C:\WINDOWS\system32\drivers\UMDF
2010-10-09 12:55:42 ----A---- C:\WINDOWS\imsins.BAK
2010-10-09 12:48:04 ----SHD---- C:\WINDOWS\Installer
2010-10-09 12:48:02 ----SHD---- C:\Config.Msi
2010-10-09 12:47:29 ----D---- C:\WINDOWS\WinSxS
2010-10-09 12:46:51 ----D---- C:\WINDOWS\Prefetch
2010-10-09 12:46:23 ----D---- C:\Program Files\Common Files\Nokia
2010-10-09 12:45:50 ----D---- C:\Program Files\Nokia
2010-10-09 12:45:42 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-10-09 12:45:34 ----D---- C:\Program Files
2010-10-09 11:02:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-10-09 11:02:04 ----D---- C:\Program Files\Spyware Terminator
2010-10-09 10:26:33 ----A---- C:\WINDOWS\NeroDigital.ini
2010-10-09 10:24:02 ----D---- C:\Documents and Settings\Ondra\Data aplikací\Spyware Terminator
2010-10-09 07:54:55 ----D---- C:\Program Files\Common Files\Adobe
2010-10-09 07:54:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-10-08 22:14:35 ----SD---- C:\WINDOWS\Tasks
2010-10-06 19:20:54 ----RSD---- C:\WINDOWS\assembly
2010-10-06 19:20:54 ----D---- C:\WINDOWS\Microsoft.NET
2010-10-06 07:25:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-04 09:52:42 ----D---- C:\Program Files\Mozilla Firefox
2010-09-30 22:04:21 ----D---- C:\Program Files\Mobiola Web Camera for S60
2010-09-30 15:46:04 ----D---- C:\Program Files\Microsoft Silverlight
2010-09-26 23:45:47 ----D---- C:\Program Files\Common Files\Logishrd
2010-09-26 23:45:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-26 23:44:13 ----D---- C:\Program Files\Common Files\Logitech
2010-09-26 23:42:32 ----HD---- C:\Program Files\InstallShield Installation Information
2010-09-26 23:39:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-09-26 23:39:26 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2010-09-26 23:27:21 ----D---- C:\Documents and Settings\Ondra\Data aplikací\Logitech
2010-09-26 23:14:35 ----D---- C:\WINDOWS\system32\drivers\etc
2010-09-26 23:10:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-09-26 22:59:59 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-09-26 22:59:00 ----D---- C:\Program Files\VisualConnection
2010-09-26 22:55:08 ----D---- C:\Documents and Settings\Ondra\Data aplikací\Jpeg Resampler
2010-09-26 22:49:48 ----D---- C:\Program Files\Lavasoft
2010-09-26 22:49:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-09-26 22:43:40 ----D---- C:\Program Files\FREE Music Downloader Studio
2010-09-24 17:41:54 ----D---- C:\Documents and Settings\Ondra\Data aplikací\IDM
2010-09-17 14:11:52 ----D---- C:\Documents and Settings\Ondra\Data aplikací\Free Download Manager
2010-09-15 23:09:00 ----A---- C:\WINDOWS\win.ini
2010-09-15 23:08:40 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-15 23:05:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-09-15 18:48:25 ----D---- C:\downloads
2010-09-13 20:00:13 ----D---- C:\Program Files\Opera 10.10 Beta
2010-09-12 23:43:46 ----D---- C:\Program Files\Internet Download Manager
2010-09-12 23:42:02 ----D---- C:\Program Files\NVIDIA Corporation
2010-09-12 23:41:40 ----D---- C:\WINDOWS\Help
2010-09-12 23:40:42 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-09-12 15:03:02 ----D---- C:\Documents and Settings\Ondra\Data aplikací\DMCache
2010-09-12 12:52:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Norton
2010-09-11 21:48:06 ----D---- C:\Program Files\PicPick
2010-09-11 19:41:02 ----D---- C:\Program Files\SpeedFan

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BtHidBus;Bluetooth HID Bus Service; C:\WINDOWS\System32\Drivers\BtHidBus.sys [2009-06-17 20744]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2005-04-30 28271]
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2009-01-18 64160]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2009-12-21 158272]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-04-01 717296]
R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMDS.SYS [2009-08-30 328752]
R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMEFA.SYS [2010-04-22 173104]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258); C:\WINDOWS\system32\DRIVERS\tdrpm258.sys [2009-12-21 911680]
R0 timounter;Acronis Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2009-12-21 581984]
R0 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2006-04-22 24320]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16877]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys []
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\system32\drivers\NIS\1108000.005\ccHPx86.sys [2010-02-26 501888]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2008-07-15 33408]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2000-02-03 24608]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1108000.005\SRTSP.SYS [2010-04-22 325680]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NIS\1108000.005\SRTSPX.SYS [2010-04-22 43696]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NIS\1108000.005\Ironx86.SYS [2010-04-29 116784]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NIS\1108000.005\SYMTDI.SYS [2010-05-06 361904]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-04-22 8064]
R2 LBeepKE;Logitech Beep Suppression Driver; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2010-03-18 10448]
R3 afcdp;afcdp; C:\WINDOWS\system32\DRIVERS\afcdp.sys [2009-12-21 160288]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
R3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2003-10-19 25856]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-05-07 16168]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101008.002\IDSxpx86.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-10-06 5922816]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2010-03-18 20304]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2010-03-18 38864]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2010-03-18 37328]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2010-03-18 28624]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101009.002\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101009.002\NAVEX15.SYS []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-10 10604128]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-07-26 47360]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2010-03-08 220112]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S0 PCGenFAM;PCGenFAM; C:\WINDOWS\system32\DRIVERS\PCGenFAM.sys [2010-09-22 183240]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 ayliw0l1;ayliw0l1; C:\WINDOWS\system32\drivers\ayliw0l1.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys [2005-04-30 11860]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 btnetBUs;Bluetooth PAN Bus Service; C:\WINDOWS\System32\Drivers\btnetBus.sys [2009-06-17 29192]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-08-29 25280]
S3 HidBth;Miniport Bluetooth HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25600]
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2009-06-17 25480]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2009-06-17 63248]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2009-06-17 79248]
S3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 afcdpsrv;Acronis Nonstop Backup service; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2009-12-21 2480048]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2000-06-29 52224]
R2 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
R2 SolutoService;Soluto PCGenome Core Service; C:\Program Files\Soluto\SolutoService.exe [2010-09-22 330784]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-10-28 570880]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-25 1047880]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S3 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe [2009-11-26 661008]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-14 136120]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-05-06 293456]
S3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-12-07 73728]
S3 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S3 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S3 O&O Defrag;O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2009-09-12 1488128]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-11-21 66872]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-04-23 435016]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[vyosek]

Tam toho je

Hlaska Nortona ohledne SVI: Havet se usadila v bodech obnoveni - smazte je dle navodu kolegy riffa http://www.viry.cz/forum/viewtopic.php?f=11&t=47040

Odinstalujte Spyware Terminatora - mate NIS coz je balicek vse v jednom - ST neni treba

Spustte HJT a provedeme fixnuti polozek

• HJT najdete zde C:\Program Files\trend micro\Ondra.exe
• Otevre se Vam okno, kliknete na Do a system scan only
• V dalsim okne najdete radky které jsem Vam vypsal nize, vedle nich je ctverecek, do ktereho udelate zatrzitko
• R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
• Kliknete na Fix checked (vlevo dole)
• HJT se Vas zepta zda opravdu ANO, s tim souhlasite a je hotovo

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[Andrew14]

Postupoval jsem podle toho návodu kolegy, ale hned jsem se zastavil při druhém bodu, kde se má zaškrtnout volba Vypnout nastroj Obnoveni systemu
Nemám tam tu možnost, nebo spíše nejde na ni kliknout:


Jinak Spyware Terminatora jsem odinstaloval.

Můžu jít na další kroky, které jste mi napsal? Nebo první musíme pořešit tu havěť v bodech obnovení?

[vyosek]

Pojdme dale

Body obnovy pak procistime jinak

[Andrew14]

Výše uvedené položky v HJT jsem fixnul.

A tady je log z ComboFixu:
ComboFix 10-10-09.06 - Ondra 10.10.2010 17:43:34.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1505 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ondra\Plocha\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ondra\Data aplikací\ACD Systems\ACDSee\ImageDB.ddf
C:\HCTBEC.tmp
C:\HCTBED.tmp
c:\windows\mdpeWuin.dll
c:\windows\system32\spool\prtprocs\w32x86\pnproc2.dll
c:\windows\system32\uninstall.exe
c:\windows\w32dasm8.ini
D:\install.exe

Nakažená kopie c:\windows\system32\DRIVERS\imapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS


((((((((((((((((((((((((( Soubory vytvořené od 2010-09-10 do 2010-10-10 )))))))))))))))))))))))))))))))
.

2010-10-10 15:39 . 2008-04-13 18:40 42112 -c--a-w- c:\windows\system32\dllcache\imapi.sys
2010-10-10 15:39 . 2008-04-13 18:40 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
2010-10-09 11:08 . 2010-10-09 11:08 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\Nokia Ovi Suite
2010-10-09 11:06 . 2010-10-09 11:06 -------- d-----w- c:\documents and settings\Ondra\Data aplikac?
2010-10-09 11:05 . 2010-10-09 11:05 -------- d-----w- c:\documents and settings\All Users\Data aplikacĂ­
2010-10-09 10:45 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-10-09 10:45 . 2010-10-09 10:45 -------- d-----w- c:\program files\PC Connectivity Solution
2010-10-09 10:45 . 2010-02-26 12:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-10-09 10:45 . 2010-02-26 12:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-10-09 10:45 . 2010-02-26 12:32 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-10-09 10:45 . 2010-02-26 12:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-10-09 10:45 . 2010-02-26 12:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-10-09 10:45 . 2010-02-26 12:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-10-09 10:43 . 2010-10-09 10:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NokiaInstallerCache
2010-10-06 15:47 . 2010-10-10 13:50 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\UseNeXT
2010-10-06 15:47 . 2010-10-06 15:47 -------- d-----w- c:\program files\UseNeXT
2010-10-06 15:01 . 2010-10-06 15:01 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\IObit
2010-10-06 15:01 . 2010-10-06 15:01 -------- d-----w- c:\program files\IObit
2010-10-03 14:38 . 2010-10-03 14:38 -------- d-----w- c:\program files\FramePhotoEditor
2010-09-27 21:45 . 2010-09-27 21:53 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\Digsby
2010-09-27 21:45 . 2010-09-27 21:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Digsby
2010-09-27 21:45 . 2010-09-27 21:51 -------- d-----w- c:\documents and settings\Ondra\Local Settings\Data aplikací\Digsby
2010-09-27 21:43 . 2010-09-27 21:44 -------- d-----w- c:\program files\Digsby
2010-09-26 21:45 . 2010-09-26 21:45 -------- d-----w- c:\documents and settings\Ondra\Local Settings\Data aplikací\Logishrd
2010-09-26 21:45 . 2010-09-26 21:45 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-09-26 21:45 . 2010-03-18 09:01 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-09-26 21:44 . 2010-09-26 21:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Logishrd
2010-09-26 21:44 . 2010-09-26 21:44 -------- d-----w- c:\program files\Logitech
2010-09-26 21:28 . 2010-09-26 21:29 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\vlc
2010-09-26 21:27 . 2010-09-26 21:27 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\Logishrd
2010-09-26 21:02 . 2010-09-26 21:02 -------- d-----w- c:\documents and settings\Ondra\%SystemRoot%
2010-09-26 13:51 . 2010-09-26 13:54 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\eBookPro6
2010-09-22 18:35 . 2010-09-22 18:35 -------- d-----w- c:\program files\Soluto
2010-09-22 16:10 . 2010-09-22 16:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-22 16:10 . 2010-09-22 16:10 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-09-21 20:25 . 2010-09-22 04:33 -------- d-----w- c:\windows\system32\drivers\NIS\1108000.005
2010-09-18 07:06 . 2009-07-31 11:06 1654784 ------w- c:\program files\Mozilla Firefox\plugins\npdjvu.dll
2010-09-18 07:06 . 2010-09-18 07:06 -------- d-----w- c:\program files\LizardTech
2010-09-15 15:07 . 2010-09-15 15:07 -------- d-----w- c:\program files\Nsasoft
2010-09-12 21:41 . 2010-09-12 21:41 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-09-12 21:40 . 2010-09-12 21:41 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-09-12 21:40 . 2010-09-12 21:40 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-09-12 12:33 . 2010-09-12 12:33 -------- d-----w- c:\program files\Abidan
2010-09-11 20:14 . 2010-09-11 20:14 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\HD Tune Pro
2010-09-11 20:13 . 2010-09-26 20:43 -------- d-----w- c:\program files\HD Tune Pro
2010-09-11 15:58 . 2010-09-22 09:52 183240 ----a-w- c:\windows\system32\drivers\PCGenFAM.sys
2010-09-11 15:57 . 2010-09-23 20:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Soluto

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-07-14 18:31 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ondra\Data aplikací\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ondra\Data aplikací\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ondra\Data aplikací\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PicPick Start"="c:\program files\PicPick\picpick.exe" [2010-07-30 4972032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RTHDCPL"="RTHDCPL.EXE" [2009-10-06 18750976]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-23 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2008-04-14 198144]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Ondra\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Dropbox.lnk - c:\documents and settings\Ondra\Data aplikacˇ\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 13:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ICQ Lite"="c:\program files\ICQLite\ICQLite.exe" -minimize
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
"EasyTuneVPro"=c:\program files\Gigabyte\ET5Pro\ETcall.exe
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"Služba Acronis Scheduler2"="c:\program files\Common Files\Acronis\Plán2\schedhlp.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"SpeedFan"=c:\program files\SpeedFan\speedfan.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\Opera 10.10 Beta\\opera.exe"=
"c:\\Program Files\\River Past\\Animated GIF Converter and Booster Pack\\VideoCleaner.exe"=
"c:\\Documents and Settings\\Ondra\\Plocha\\stahle soubory\\utorrent-portable\\utorrent.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [17.6.2009 15:01 20744]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9.2.2009 20:03 64160]
R0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [11.9.2010 17:58 183240]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1108000.005\symds.sys [21.9.2010 22:25 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1108000.005\symefa.sys [21.9.2010 22:25 173104]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [21.12.2009 21:49 911680]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [6.10.2010 6:55 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.005\cchpx86.sys [21.9.2010 22:25 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1108000.005\ironx86.sys [21.9.2010 22:25 116784]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [21.12.2009 21:49 2480048]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [26.9.2010 23:45 10448]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe [21.9.2010 22:25 126392]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [22.9.2010 12:00 330784]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25.2.2010 10:59 1047880]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [21.12.2009 21:49 160288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2.8.2010 17:15 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101008.002\IDSXpx86.sys [15.9.2010 20:02 341880]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 10:18 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24.10.2009 0:16 1684736]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [17.6.2009 15:02 29192]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [17.6.2009 15:01 25480]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1.9.2009 11:38 20952]
S3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1.9.2009 11:38 304464]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.1.2007 19:31 42000]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [23.10.2009 22:31 23600]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.4.2008 19:15 717296]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-12-06 22:18 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-10-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-839522115-1336601894-2147125571-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-10-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-1336601894-2147125571-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-10-10 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 08:33]

2010-10-10 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 08:33]

2010-09-12 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 08:33]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
IE: &Download All using 4shared Desktop
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download Flash with Flash &Grabber - c:\progra~1\FLASHG~1\swfgrab.dll/iesave
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout obsah FLV videa s IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: Stáhnout všechny odkazy s IDM - c:\program files\Internet Download Manager\IEGetAll.htm
FF - ProfilePath - c:\documents and settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\k380kytq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - component: c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\npdjvu.dll
FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\npdjvu.dll
FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\nprjplug.dll
FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Vdopumokabadebi - c:\windows\mdpeWuin.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
ActiveSetup-Nitro PDF Professional - (no file)
AddRemove-AviSynth - c:\windows\system32\Uninstall.exe



Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89EBAEC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> ACPI.sys @ 0xb7f7fcb8
\Driver\atapi -> atapi.sys @ 0xb7ef9852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek PCIe GBE Family Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7d3abb0
PacketIndicateHandler -> NDIS.sys @ 0xb7d47a21
SendHandler -> NDIS.sys @ 0xb7d2587b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-839522115-1336601894-2147125571-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:32,36,63,e8,13,56,2f,24,00,1d,d9,3a,70,b6,30,52,f2,8b,3c,c5,cd,01,68,
0c,12,2b,84,f6,17,52,8a,28,0b,26,17,de,c9,83,b9,3b,0b,18,a9,47,46,88,9d,6b,\
"??"=hex:cb,bf,47,35,c5,37,f0,4e,85,19,21,72,33,00,de,28

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2bff27dc-1f66-4030-a1c4-040b1b15cca2}]
@Denied: (Full) (Everyone)
"Model"=dword:00000112
"Therad"=dword:0000001c
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,8c,3f,ce,c4,31,fa,6e,37,20,75,35,e9,8c,75,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d6,3d,d9,37,d6,34,67,ca,21,90,16,c5,50,45,f5,e2,28,9b,6c,ce,56,
41,1d,da,ef,a4,8b,8c,7f,e2,92,0e,d2,e9,c7,e4,5b,78,47,26,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="0C4EF0FA4630ACF4EA3B1926961876E3C2C3E15724B105467E2D7D9612DBDEAA991550551259A6563DA00BBD8C607AB0F3E748C2D178D88961C0430B65A11F2893CF952F535591AC646E0F389350F83C655C920206324B86D9C80EDAF3666313502477062AE1D165B5C564F89C33B0E88BDDA8FC9F5713B4A03D8D142E6EFD99E6E80D2E3AB2F0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C9DB7CE019D40AA5CA6171C11EC38DE3DCA6B020B312A9D94BEB44D66C3F4788C060C2B671E47F29BF042DAB61257DF5C04DF0513316CF7000674CC1E882ED9DD6175B6232591550BD52C5902ED4B83067432669FCFD8BA70F604FEE5AD14C5DB5A1CD25934DB702053249A3967CB68C80CB05936137DE310B59171AE7FE424E86A300C847BB4BB955AFCC701B1D430594F6FC1C4D6E6642D7D93E94E1EDF540B9F27A3837FAD224C6DCC40DED7EBF40F5744BC9CC9AB20B51A405E7DFACA276B1D3A8D981A5B0345246D93BF37154166CFCB9870EEE1F1C06D937ADA60EE64D898E5F2E9F6D830A8A9FC087102DD157FF8E4555A9CA4A506EC4F9DE6E91745C55BEB2F82974272BF3D5D18A8BC52659CA6B1ACD57D15FBE3A0F65C070515F646465253CFD03A83FA31B5EFFC43061AA6419A08431156AB5928D17D8478BC1D164960A3254BE5926CEE6EF0E741100EAAC54984E5298FDB0D326C7C8DDAE74C11EBA399B982EF43CBEFB7314BB98B1356C4AE76686D6D2AC60698893417F10F3BC76E6125C8052CF34403FA698195EB7F61FC6356D61EA874FBE8076B6DBCE3B88AD55AE7C35758E28F06CA6944D1D09DD42B861F3756DAA581350E0F72ACBC5578319AE4E81C463C073BD2D67D666ECAE9F34E98AE4E3A90171A68DA8DA97E7DE520E961880D6A46F86078A181FE64C982D75C7A3540B30D547796717A2105C33E82C487C1E7AA6CC278549C73C8C5FC929987E095EBA998DF72CB5748829C5C007D5C6609EDE23DD748B4004D779BEBA13FDB4D6E166FD3787370755B440824BB7994F0A7E560EB40DB9BE55F4262434C9516A2B2064F836FA41F9A6B5DFC1799A485FB3A18E75096FEBDCD4AE109D2C3AAA82AA8868412A8F7277705CBA6D7D270FB42325331638946051D0217F40E4BD13C90EAE8C10A1E208DA1070F22AC361179E354E865C4DD860F9852A2FC0D3B23296569FEAC9D5F960792A52D02FD2601B161B72EA3B8E95A2DED58CC6D8B80787E1E66A1DB228A9703A7E72ECA5A987B0EA2CB7D7FA3999FE4AA06DE856B1A71009178ACDD8F56229DA12A1EF7731783A971CE3380926BF7EFC3A0A87B2D1E71A2FD0A7EB4838AF92CA61C0EF721425DD57BD5322034F3CABB1042FB757A331E1103DAFBD2BE87"
"OODEFRAG12.00.00.01PROFESSIONAL"="726D19065EE5996F6FBC3D48D92EF31478DE83A2A9041FAB18D98D9D600C05EA41F57E4D4B54A5D8CF5E28CCED5789F2898A42900D5144A4B67D3806D6E3871248CE8205040E42AE0D890E90A4EAD929FCD8BC67E14C651E850369E0659883A67D37882443063EAC102BCC21F999F997C901676882817DBEAD8FCDC5E9B1FD365A6396B4056045E64121E39D2D4462F66DB2DBE88EAF7081DBBDB7DE056BE220DCF858578D77EB418FC2763B42036ED1678CD653EB4A82B8BF9B1D6A9CB77E1B06949C3F61D72A75FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DBA7FD869164D6794A2D97226D213B5555427E6563CF791E6395C2942E049F65EA1D35049EA16F05F2C7CB08825971749C85E242A09FE6EC0DFA95BCF72E90DCD0C8D54566121493F59ED4AE53F3301E62257C5D346D8679FF14EB74E6CA36AA47E6E9FE1DE09A43F2E534AC717B4DEBA29579A88F3A923AE091EE269E93CE0158674D1ABC3D29A36C578EB246CFA31E0AB98941551D02BEE42E0A9DFCF2EA023B0153089B2B329CD411E8B83C21BDDC67A49485563DDEE364050F907C126442A8F37A0619316AF0743FAA80363DA2FB2688C70BCF49441ACA71CE5C32C85C5D83B3731B19018F1B173B6E9D4DA38D0BBCF766B51926F564E236626123CE2842FCD660F891A8D99F6FD6E183D775FD44C0D123A2D0C994A6CE0C71582E28544826507908C61FB31CF91331F164F36B1257F5E047F78731C2C90C9B037586EAB7E25D1AB75DF1FAB0DE20B104B3954BEDA8DCB91092F92AB86696D9CE796CBC61F33737E0ECF64DB4FA9EDA0E0D183BB549EC0D0A04F3E42C7A3249F5E5A8505B8BA0A47B7AF6E7B0FA0C929E9F945C7CDA0175331B77309917E54A4FBA6B3396EE9AC6A664313A49607FE2690544CE956039DD0398FE38D56BA5A3AB342241BB9F360EFA391DE5984A1623991CA7F8BD1BA1621C9BF72C3619E05930B3559C66B10A2830AE50F7DCBB8BCA63F87FA79784037C389F338014E7217881F50083BA37763F44ACE96DAB2164CD7FD7C8EE35611A959341E82000E86C8921F241ADA57E987B8A8209A9B540BC0DAC65CBDE24BAC8BA895F4CF5F66294250CC072BEED0A864E5FD70F6529FEA40DDA7A0BFED89196F1C126ED7A1ED32250701138F21AE7CC9B8B61D3BF0D78B6338C1047F631B5EDBBF9D4B7F2C93FA849A26264C02E1ADF39252412752134B37614A081D84D9884A46C58AE54A17E0E4983C649883AF0D9974E44333B03B083CF68AF0ECF576292807A570DA2A0CC5C3AE55B1E4FE336C6108174989AE91A6E83ADEC575C1F45459797188625EDD8F8FAE9AB8D02F5AA1671AA53E89CF268D250EB95373D4ABA2B1BDEE1FB5DDC8"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1092)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

- - - - - - - > 'explorer.exe'(6120)
c:\documents and settings\Ondra\Data aplikací\Dropbox\bin\DropboxExt.13.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\CNAB4RPK.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\documents and settings\Ondra\Data aplikací\Dropbox\bin\Dropbox.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
.
**************************************************************************
.
Celkový čas: 2010-10-10 18:04:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-10 16:04
ComboFix2.txt 2008-07-17 12:47

Před spuštěním: Volných bajtů: 45 634 723 840
Po spuštění: Volných bajtů: 45 829 746 688

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - A91BEB20E7594E0F962D9755828AD7F2

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "UnlockerAssistant"=-
  "TkBellExe"=-
  "SunJavaUpdateSched"=-
  "Adobe ARM"=-
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
  
  File::
  c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-839522115-1336601894-2147125571-1003.job
  c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-1336601894-2147125571-1003.job
  
  RegLock::
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2bff27dc-1f66-4030-a1c4-040b1b15cca2}]
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
  [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
  
  DirLook::
  c:\documents and settings\Ondra\%SystemRoot%

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Andrew14]

Poslední známou konfiguraci nebylo nutné obnovovat.

Novy log:
ComboFix 10-10-09.06 - Ondra 10.10.2010 18:45:24.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1537 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ondra\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ondra\Plocha\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-839522115-1336601894-2147125571-1003.job"
"c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-1336601894-2147125571-1003.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-839522115-1336601894-2147125571-1003.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-1336601894-2147125571-1003.job

Nakažená kopie c:\windows\system32\drivers\kbdclass.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-10 do 2010-10-10 )))))))))))))))))))))))))))))))
.

2010-10-10 15:39 . 2008-04-13 18:40 42112 -c--a-w- c:\windows\system32\dllcache\imapi.sys
2010-10-10 15:39 . 2008-04-13 18:40 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
2010-10-09 11:08 . 2010-10-09 11:08 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\Nokia Ovi Suite
2010-10-09 11:06 . 2010-10-09 11:06 -------- d-----w- c:\documents and settings\Ondra\Data aplikac?
2010-10-09 11:05 . 2010-10-09 11:05 -------- d-----w- c:\documents and settings\All Users\Data aplikacĂ­
2010-10-09 10:45 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-10-09 10:45 . 2010-10-09 10:45 -------- d-----w- c:\program files\PC Connectivity Solution
2010-10-09 10:45 . 2010-02-26 12:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-10-09 10:45 . 2010-02-26 12:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-10-09 10:45 . 2010-02-26 12:32 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-10-09 10:45 . 2010-02-26 12:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-10-09 10:45 . 2010-02-26 12:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-10-09 10:45 . 2010-02-26 12:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-10-09 10:43 . 2010-10-09 10:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NokiaInstallerCache
2010-10-06 15:47 . 2010-10-10 13:50 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\UseNeXT
2010-10-06 15:47 . 2010-10-06 15:47 -------- d-----w- c:\program files\UseNeXT
2010-10-06 15:01 . 2010-10-06 15:01 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\IObit
2010-10-06 15:01 . 2010-10-06 15:01 -------- d-----w- c:\program files\IObit
2010-10-03 14:38 . 2010-10-03 14:38 -------- d-----w- c:\program files\FramePhotoEditor
2010-09-27 21:45 . 2010-09-27 21:53 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\Digsby
2010-09-27 21:45 . 2010-09-27 21:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Digsby
2010-09-27 21:45 . 2010-09-27 21:51 -------- d-----w- c:\documents and settings\Ondra\Local Settings\Data aplikací\Digsby
2010-09-27 21:43 . 2010-09-27 21:44 -------- d-----w- c:\program files\Digsby
2010-09-26 21:45 . 2010-09-26 21:45 -------- d-----w- c:\documents and settings\Ondra\Local Settings\Data aplikací\Logishrd
2010-09-26 21:45 . 2010-09-26 21:45 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-09-26 21:45 . 2010-03-18 09:01 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-09-26 21:44 . 2010-09-26 21:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Logishrd
2010-09-26 21:44 . 2010-09-26 21:44 -------- d-----w- c:\program files\Logitech
2010-09-26 21:28 . 2010-09-26 21:29 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\vlc
2010-09-26 21:27 . 2010-09-26 21:27 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\Logishrd
2010-09-26 21:02 . 2010-09-26 21:02 -------- d-----w- c:\documents and settings\Ondra\%SystemRoot%
2010-09-26 13:51 . 2010-09-26 13:54 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\eBookPro6
2010-09-22 18:35 . 2010-09-22 18:35 -------- d-----w- c:\program files\Soluto
2010-09-22 16:10 . 2010-09-22 16:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-22 16:10 . 2010-09-22 16:10 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-09-21 20:25 . 2010-05-06 04:01 361904 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-09-21 20:25 . 2010-04-29 05:03 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-09-21 20:25 . 2010-04-22 03:02 173104 ----a-w- c:\windows\system32\drivers\symefa.sys
2010-09-21 20:25 . 2010-04-22 02:29 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-09-21 20:25 . 2010-02-26 00:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-09-21 20:25 . 2009-08-30 00:17 328752 ----a-r- c:\windows\system32\drivers\symds.sys
2010-09-21 20:25 . 2010-09-22 04:33 -------- d-----w- c:\windows\system32\drivers\NIS\1108000.005
2010-09-18 07:06 . 2009-07-31 11:06 1654784 ------w- c:\program files\Mozilla Firefox\plugins\npdjvu.dll
2010-09-18 07:06 . 2010-09-18 07:06 -------- d-----w- c:\program files\LizardTech
2010-09-15 15:07 . 2010-09-15 15:07 -------- d-----w- c:\program files\Nsasoft
2010-09-12 21:41 . 2010-09-12 21:41 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-09-12 21:40 . 2010-09-12 21:41 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-09-12 21:40 . 2010-09-12 21:40 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-09-12 12:33 . 2010-09-12 12:33 -------- d-----w- c:\program files\Abidan
2010-09-11 20:14 . 2010-09-11 20:14 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\HD Tune Pro
2010-09-11 20:13 . 2010-09-26 20:43 -------- d-----w- c:\program files\HD Tune Pro
2010-09-11 15:58 . 2010-09-22 09:52 183240 ----a-w- c:\windows\system32\drivers\PCGenFAM.sys
2010-09-11 15:57 . 2010-09-23 20:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Soluto

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-07-14 18:31 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Ondra\%SystemRoot% ----

2010-09-26 21:02 . 2002-09-25 01:11 2815 ----a-w- c:\documents and settings\Ondra\%SystemRoot%\ERDNT\AutoBackup\26.9.2010\ERDNTDOS.LOC
2010-09-26 21:02 . 2002-09-25 01:09 3275 ----a-w- c:\documents and settings\Ondra\%SystemRoot%\ERDNT\AutoBackup\26.9.2010\ERDNTWIN.LOC
2010-09-26 21:02 . 2005-10-20 10:02 163328 ----a-w- c:\documents and settings\Ondra\%SystemRoot%\ERDNT\AutoBackup\26.9.2010\ERDNT.EXE
2010-09-26 21:02 . 2010-09-26 21:02 319488 ----a-w- c:\documents and settings\Ondra\%SystemRoot%\ERDNT\AutoBackup\26.9.2010\Users\00000002\UsrClass.dat
2010-09-26 21:02 . 2010-09-26 21:02 21958656 ----a-w- c:\documents and settings\Ondra\%SystemRoot%\ERDNT\AutoBackup\26.9.2010\Users\00000001\NTUSER.DAT
2010-09-26 21:02 . 2010-09-26 21:02 28672 ----a-w- c:\documents and settings\Ondra\%SystemRoot%\ERDNT\AutoBackup\26.9.2010\SAM
2010-09-26 21:02 . 2010-09-26 21:02 4071424 ----a-w- c:\documents and settings\Ondra\%SystemRoot%\ERDNT\AutoBackup\26.9.2010\default
2010-09-26 21:02 . 2010-09-26 21:02 6762496 ----a-w- c:\documents and settings\Ondra\%SystemRoot%\ERDNT\AutoBackup\26.9.2010\system
2010-09-26 21:02 . 2010-09-26 21:02 42930176 ----a-w- c:\documents and settings\Ondra\%SystemRoot%\ERDNT\AutoBackup\26.9.2010\software
2010-09-26 21:02 . 2010-09-26 21:02 673 ----a-w- c:\documents and settings\Ondra\%SystemRoot%\ERDNT\AutoBackup\26.9.2010\ERDNT.CON
2010-09-26 21:02 . 2010-09-26 21:02 764 ----a-w- c:\documents and settings\Ondra\%SystemRoot%\ERDNT\AutoBackup\26.9.2010\ERDNT.INF
2010-09-26 21:02 . 2010-09-26 21:02 53248 ----a-w- c:\documents and settings\Ondra\%SystemRoot%\ERDNT\AutoBackup\26.9.2010\SECURITY


((((((((((((((((((((((((((((( SnapShot@2010-10-10_15.59.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-10 16:45 . 2010-10-10 16:45 16384 c:\windows\TEMP\Perflib_Perfdata_620.dat
+ 2010-10-10 16:43 . 2010-10-10 16:43 16384 c:\windows\TEMP\Perflib_Perfdata_600.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ondra\Data aplikací\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ondra\Data aplikací\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ondra\Data aplikací\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PicPick Start"="c:\program files\PicPick\picpick.exe" [2010-07-30 4972032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RTHDCPL"="RTHDCPL.EXE" [2009-10-06 18750976]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2008-04-14 198144]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Ondra\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Dropbox.lnk - c:\documents and settings\Ondra\Data aplikacˇ\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ICQ Lite"="c:\program files\ICQLite\ICQLite.exe" -minimize
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
"EasyTuneVPro"=c:\program files\Gigabyte\ET5Pro\ETcall.exe
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"Služba Acronis Scheduler2"="c:\program files\Common Files\Acronis\Plán2\schedhlp.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"SpeedFan"=c:\program files\SpeedFan\speedfan.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\Opera 10.10 Beta\\opera.exe"=
"c:\\Program Files\\River Past\\Animated GIF Converter and Booster Pack\\VideoCleaner.exe"=
"c:\\Documents and Settings\\Ondra\\Plocha\\stahle soubory\\utorrent-portable\\utorrent.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [17.6.2009 15:01 20744]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9.2.2009 20:03 64160]
R0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [11.9.2010 17:58 183240]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1108000.005\symds.sys [21.9.2010 22:25 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1108000.005\symefa.sys [21.9.2010 22:25 173104]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [21.12.2009 21:49 911680]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [6.10.2010 6:55 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.005\cchpx86.sys [21.9.2010 22:25 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1108000.005\ironx86.sys [21.9.2010 22:25 116784]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [21.12.2009 21:49 2480048]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [26.9.2010 23:45 10448]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe [21.9.2010 22:25 126392]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [22.9.2010 12:00 330784]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25.2.2010 10:59 1047880]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [21.12.2009 21:49 160288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2.8.2010 17:15 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101008.002\IDSXpx86.sys [15.9.2010 20:02 341880]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 10:18 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24.10.2009 0:16 1684736]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [17.6.2009 15:02 29192]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [17.6.2009 15:01 25480]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1.9.2009 11:38 20952]
S3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1.9.2009 11:38 304464]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.1.2007 19:31 42000]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [23.10.2009 22:31 23600]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.4.2008 19:15 717296]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-12-06 22:18 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-10-10 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 08:33]

2010-10-10 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 08:33]

2010-09-12 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 08:33]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
IE: &Download All using 4shared Desktop
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download Flash with Flash &Grabber - c:\progra~1\FLASHG~1\swfgrab.dll/iesave
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout obsah FLV videa s IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: Stáhnout všechny odkazy s IDM - c:\program files\Internet Download Manager\IEGetAll.htm
FF - ProfilePath - c:\documents and settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\k380kytq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - component: c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\npdjvu.dll
FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\nprjplug.dll
FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-839522115-1336601894-2147125571-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:32,36,63,e8,13,56,2f,24,00,1d,d9,3a,70,b6,30,52,f2,8b,3c,c5,cd,01,68,
0c,12,2b,84,f6,17,52,8a,28,0b,26,17,de,c9,83,b9,3b,0b,18,a9,47,46,88,9d,6b,\
"??"=hex:cb,bf,47,35,c5,37,f0,4e,85,19,21,72,33,00,de,28

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="0C4EF0FA4630ACF4EA3B1926961876E3C2C3E15724B105467E2D7D9612DBDEAA991550551259A6563DA00BBD8C607AB0F3E748C2D178D88961C0430B65A11F2893CF952F535591AC646E0F389350F83C655C920206324B86D9C80EDAF3666313502477062AE1D165B5C564F89C33B0E88BDDA8FC9F5713B4A03D8D142E6EFD99E6E80D2E3AB2F0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C9DB7CE019D40AA5CA6171C11EC38DE3DCA6B020B312A9D94BEB44D66C3F4788C060C2B671E47F29BF042DAB61257DF5C04DF0513316CF7000674CC1E882ED9DD6175B6232591550BD52C5902ED4B83067432669FCFD8BA70F604FEE5AD14C5DB5A1CD25934DB702053249A3967CB68C80CB05936137DE310B59171AE7FE424E86A300C847BB4BB955AFCC701B1D430594F6FC1C4D6E6642D7D93E94E1EDF540B9F27A3837FAD224C6DCC40DED7EBF40F5744BC9CC9AB20B51A405E7DFACA276B1D3A8D981A5B0345246D93BF37154166CFCB9870EEE1F1C06D937ADA60EE64D898E5F2E9F6D830A8A9FC087102DD157FF8E4555A9CA4A506EC4F9DE6E91745C55BEB2F82974272BF3D5D18A8BC52659CA6B1ACD57D15FBE3A0F65C070515F646465253CFD03A83FA31B5EFFC43061AA6419A08431156AB5928D17D8478BC1D164960A3254BE5926CEE6EF0E741100EAAC54984E5298FDB0D326C7C8DDAE74C11EBA399B982EF43CBEFB7314BB98B1356C4AE76686D6D2AC60698893417F10F3BC76E6125C8052CF34403FA698195EB7F61FC6356D61EA874FBE8076B6DBCE3B88AD55AE7C35758E28F06CA6944D1D09DD42B861F3756DAA581350E0F72ACBC5578319AE4E81C463C073BD2D67D666ECAE9F34E98AE4E3A90171A68DA8DA97E7DE520E961880D6A46F86078A181FE64C982D75C7A3540B30D547796717A2105C33E82C487C1E7AA6CC278549C73C8C5FC929987E095EBA998DF72CB5748829C5C007D5C6609EDE23DD748B4004D779BEBA13FDB4D6E166FD3787370755B440824BB7994F0A7E560EB40DB9BE55F4262434C9516A2B2064F836FA41F9A6B5DFC1799A485FB3A18E75096FEBDCD4AE109D2C3AAA82AA8868412A8F7277705CBA6D7D270FB42325331638946051D0217F40E4BD13C90EAE8C10A1E208DA1070F22AC361179E354E865C4DD860F9852A2FC0D3B23296569FEAC9D5F960792A52D02FD2601B161B72EA3B8E95A2DED58CC6D8B80787E1E66A1DB228A9703A7E72ECA5A987B0EA2CB7D7FA3999FE4AA06DE856B1A71009178ACDD8F56229DA12A1EF7731783A971CE3380926BF7EFC3A0A87B2D1E71A2FD0A7EB4838AF92CA61C0EF721425DD57BD5322034F3CABB1042FB757A331E1103DAFBD2BE87"
"OODEFRAG12.00.00.01PROFESSIONAL"="726D19065EE5996F6FBC3D48D92EF31478DE83A2A9041FAB18D98D9D600C05EA41F57E4D4B54A5D8CF5E28CCED5789F2898A42900D5144A4B67D3806D6E3871248CE8205040E42AE0D890E90A4EAD929FCD8BC67E14C651E850369E0659883A67D37882443063EAC102BCC21F999F997C901676882817DBEAD8FCDC5E9B1FD365A6396B4056045E64121E39D2D4462F66DB2DBE88EAF7081DBBDB7DE056BE220DCF858578D77EB418FC2763B42036ED1678CD653EB4A82B8BF9B1D6A9CB77E1B06949C3F61D72A75FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DBA7FD869164D6794A2D97226D213B5555427E6563CF791E6395C2942E049F65EA1D35049EA16F05F2C7CB08825971749C85E242A09FE6EC0DFA95BCF72E90DCD0C8D54566121493F59ED4AE53F3301E62257C5D346D8679FF14EB74E6CA36AA47E6E9FE1DE09A43F2E534AC717B4DEBA29579A88F3A923AE091EE269E93CE0158674D1ABC3D29A36C578EB246CFA31E0AB98941551D02BEE42E0A9DFCF2EA023B0153089B2B329CD411E8B83C21BDDC67A49485563DDEE364050F907C126442A8F37A0619316AF0743FAA80363DA2FB2688C70BCF49441ACA71CE5C32C85C5D83B3731B19018F1B173B6E9D4DA38D0BBCF766B51926F564E236626123CE2842FCD660F891A8D99F6FD6E183D775FD44C0D123A2D0C994A6CE0C71582E28544826507908C61FB31CF91331F164F36B1257F5E047F78731C2C90C9B037586EAB7E25D1AB75DF1FAB0DE20B104B3954BEDA8DCB91092F92AB86696D9CE796CBC61F33737E0ECF64DB4FA9EDA0E0D183BB549EC0D0A04F3E42C7A3249F5E5A8505B8BA0A47B7AF6E7B0FA0C929E9F945C7CDA0175331B77309917E54A4FBA6B3396EE9AC6A664313A49607FE2690544CE956039DD0398FE38D56BA5A3AB342241BB9F360EFA391DE5984A1623991CA7F8BD1BA1621C9BF72C3619E05930B3559C66B10A2830AE50F7DCBB8BCA63F87FA79784037C389F338014E7217881F50083BA37763F44ACE96DAB2164CD7FD7C8EE35611A959341E82000E86C8921F241ADA57E987B8A8209A9B540BC0DAC65CBDE24BAC8BA895F4CF5F66294250CC072BEED0A864E5FD70F6529FEA40DDA7A0BFED89196F1C126ED7A1ED32250701138F21AE7CC9B8B61D3BF0D78B6338C1047F631B5EDBBF9D4B7F2C93FA849A26264C02E1ADF39252412752134B37614A081D84D9884A46C58AE54A17E0E4983C649883AF0D9974E44333B03B083CF68AF0ECF576292807A570DA2A0CC5C3AE55B1E4FE336C6108174989AE91A6E83ADEC575C1F45459797188625EDD8F8FAE9AB8D02F5AA1671AA53E89CF268D250EB95373D4ABA2B1BDEE1FB5DDC8"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1088)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Celkový čas: 2010-10-10 18:54:36
ComboFix-quarantined-files.txt 2010-10-10 16:54
ComboFix2.txt 2010-10-10 16:04
ComboFix3.txt 2008-07-17 12:47

Před spuštěním: Volných bajtů: 45 839 503 360
Po spuštění: Volných bajtů: 45 820 280 832

- - End Of File - - D995D739CEC934F36B96CBEDC6CC97C8

[vyosek]

Stahnete SPTD http://www.duplexsecure.com/en/downloads

• Vyberte z uvedene stranky verzi dle sveho operacniho systemu (32(x86)bit ci 64(x64)bit)
• Ulozte na plochu a spustte
• Zvolte moznost Uninstall a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete Defogger http://www.jpshortstuff.247fixes.com/Defogger.exe

• Ulozte na plochu a spustte
• Kliknete na Disable a restartujte PC - pokud nepujde kliknout (tlacitko bude sede), krok preskocte

Stahnete MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

• Vyskoci na Vas okenko, do ktereho zkopirujte text nize

• Kód: Vybrat vše

  "%userprofile%\plocha\mbr" -t

• Kliknete na OK
• Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

[Andrew14]

log z MBR:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Akorát žádné okénko při spuštěném MBR nevyskočilo.

[vyosek]

Spatne jste to pochopil

MBR jen stahnete - nespoustejte - tak jak jste to udelal ted

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

• Vyskoci na Vas okenko, do ktereho zkopirujte text nize

• Kód: Vybrat vše

  "%userprofile%\plocha\mbr" -t

• Kliknete na OK
• Na plose se Vam vytvori log s nazvem mbr.txt, jeho obsah mi sem vlozte

[Andrew14]

jo táák

nový log:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

[vyosek]

Vidim nainstalovany MBAM - udelejte kompletni test a dejte pred mazanim log - navod v mem podpise

[Andrew14]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4700

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10.10.2010 21:13:12
mbam-log-2010-10-10 (21-13-12).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 302565
Uplynulý čas: 1 hodina(y), 14 minuta(y), 13 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\System Volume Information\_restore{8B421B4A-7E96-48D4-A0BA-6F4654F73DAF}\RP794\A0155992.exe (Malware.Packer.Gen) -> No action taken.
C:\System Volume Information\_restore{8B421B4A-7E96-48D4-A0BA-6F4654F73DAF}\RP819\A0166424.dll (Trojan.Hiloti) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\mdpeWuin.dll.vir (Trojan.Hiloti) -> No action taken.