Ahoj,prosím o kontrolu logu po Autorun.inf..A nejakou havěti

Zpráva

salis331 · #1 Příspěvek od **salis331** » 24 říj 2010 11:02

Omlouvam se za použití kombofixu..Našel jsem zde na foru podobny případ..scan superantispyware,avira,mbam negativní..Smazané položky z Combofix
C:\bassmod.dll
c:\programdata\page
c:\programdata\page\page.ico
c:\programdata\page\page.URL
c:\users\Šalis\AppData\Roaming\EurekaLog Zde HTJ-Combo posleze..Děkuji..

ComboFix 10-10-22.05 - Šalis 23.10.2010 20:17:53.9.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.2173 [GMT 2:00]
Spuštěný z: c:\users\Šalis\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bassmod.dll
c:\programdata\page
c:\programdata\page\page.ico
c:\programdata\page\page.URL
c:\users\Šalis\AppData\Roaming\EurekaLog

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-23 do 2010-10-23 )))))))))))))))))))))))))))))))
.

2010-10-22 10:59 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE5F2C7D-475C-4A50-8244-823691F2A706}\mpengine.dll
2010-10-22 01:39 . 2010-10-22 01:39 -------- d-----w- c:\programdata\Norton
2010-10-22 01:39 . 2010-10-22 01:39 -------- d-----w- c:\windows\system32\drivers\NSS
2010-10-22 01:39 . 2010-10-22 01:39 -------- d-----w- c:\programdata\Symantec
2010-10-22 01:39 . 2010-10-22 01:39 -------- d-----w- c:\program files\Norton Security Scan
2010-10-22 01:39 . 2010-10-22 01:39 -------- d-----w- c:\program files\NortonInstaller
2010-10-21 18:29 . 2010-10-21 18:29 -------- d---a-w- c:\windows\rundll16.exe
2010-10-21 18:29 . 2010-10-21 18:29 -------- d---a-w- c:\windows\logo1_.exe
2010-10-20 10:40 . 2010-10-20 10:40 -------- d---a-w- c:\windows\VDLL.DLL
2010-10-20 10:40 . 2010-10-20 10:40 -------- d---a-w- c:\windows\system32\runouce.exe
2010-10-20 10:40 . 2010-10-20 10:40 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-10-20 10:40 . 2010-10-20 10:40 -------- d---a-w- c:\windows\logo_1.exe
2010-10-20 10:31 . 2010-10-20 10:31 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-10-20 10:31 . 2010-10-20 10:31 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-10-20 10:31 . 2010-10-20 10:31 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-10-20 10:31 . 2010-10-20 10:31 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-10-20 10:31 . 2010-10-20 10:31 -------- d-----w- c:\programdata\MicroWorld
2010-10-20 00:46 . 2010-10-20 00:46 -------- d-----w- c:\windows\cs
2010-10-20 00:46 . 2010-09-22 22:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-10-20 00:41 . 2010-10-20 00:41 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\995abffc1cb6fef05\DSETUP.dll
2010-10-20 00:41 . 2010-10-20 00:41 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\995abffc1cb6fef05\DXSETUP.exe
2010-10-20 00:41 . 2010-10-20 00:41 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\995abffc1cb6fef05\dsetup32.dll
2010-10-20 00:41 . 2010-10-20 00:41 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\94e64edc1cb6fef03\DSETUP.dll
2010-10-20 00:41 . 2010-10-20 00:41 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\94e64edc1cb6fef03\DXSETUP.exe
2010-10-20 00:41 . 2010-10-20 00:41 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\94e64edc1cb6fef03\dsetup32.dll
2010-10-20 00:41 . 2010-10-20 03:17 -------- d-----w- c:\users\Šalis\AppData\Local\Windows Live
2010-10-20 00:40 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-20 00:36 . 2010-10-20 00:37 -------- d-----w- C:\rsit
2010-10-19 14:16 . 2008-05-24 08:55 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2010-10-19 14:16 . 2008-05-24 08:55 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-10-19 14:16 . 2010-10-19 14:16 -------- d-----w- c:\program files\ffdshow
2010-10-17 05:10 . 2010-10-17 05:10 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-17 03:12 . 2010-10-17 03:12 -------- d-----w- c:\program files\WinPcap
2010-10-15 16:46 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-15 16:46 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-15 16:46 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-15 16:46 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-15 16:46 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-15 16:43 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-15 16:43 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-15 16:43 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-15 16:43 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-09 14:33 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-09 14:32 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-10-03 18:20 . 2010-10-03 18:20 -------- d-----w- c:\program files\Lavalys
2010-10-02 17:36 . 2010-10-02 17:38 -------- d-----w- c:\users\Šalis\Californication
2010-09-26 17:24 . 2010-09-26 17:24 -------- d-----r- c:\users\Public\Recorded TV
2010-09-25 16:36 . 2010-09-25 16:36 -------- d-----w- c:\users\Šalis\DoctorWeb

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-23 17:59 . 2010-03-22 12:50 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-10-19 09:41 . 2010-02-20 19:21 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-17 03:52 . 2009-05-03 23:40 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-09-17 03:52 . 2010-09-17 03:52 319488 ----a-w- c:\windows\HideWin.exe
2010-08-17 14:11 . 2010-09-15 10:54 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-26 09:27 . 2010-09-17 03:31 238184 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-05-04 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-05-04 47672]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-01-22 02:19 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-02 1083520]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-07-26 238184]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-18 12872]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-05-13 691696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-18 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-29 67656]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2008-10-31 270888]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-07-16 35088]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\DRIVERS\CRFILTER.sys [2008-04-07 6656]
S3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\system32\DRIVERS\etDevice.sys [2007-09-06 474624]
S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\DRIVERS\etFilter.sys [2008-02-05 206464]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\DRIVERS\etScan.sys [2008-01-31 6528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-11-20 13:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-10-23 c:\windows\Tasks\Norton Security Scan for Šalis.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-10-22 08:06]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
FF - ProfilePath - c:\users\Šalis\AppData\Roaming\Mozilla\Firefox\Profiles\6r04et7x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-NB Probe - (no file)
MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-23 20:42
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-10-23 20:46:30
ComboFix-quarantined-files.txt 2010-10-23 18:46

Před spuštěním: Volných bajtů: 47 734 677 504
Po spuštění: Volných bajtů: 47 665 176 576

- - End Of File - - 5640BF4FB33202B9A793CF700711A6BE
Přikádám aktualní RSIT

salis331 · #2 Příspěvek od **salis331** » 24 říj 2010 11:04

Je tam toho hromada,co?

Logfile of random's system information tool 1.08 (written by random/random)
Run by Šalis at 2010-10-24 11:52:32
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 45 GB (29%) free of 153 GB
Total RAM: 3070 MB (67% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Norton Security Scan for Šalis.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2010-01-22 520192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"=C:\Program Files\ATK Hotkey\HcontrolUser.exe [2008-01-12 98304]
"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2008-01-24 7766016]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-08-17 102400]
"ASUS Screen Saver Protector"=C:\Windows\AsScrPro.exe [2009-05-04 3054136]
"ASUS Camera ScreenSaver"=C:\Windows\AsScrProlog.exe [2009-05-04 47672]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-08-12 6265376]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2010-01-22 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"BindDirectlyToPropertySetStorage"=0
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-10-24 11:52:33 ----D---- C:\Program Files\trend micro
2010-10-23 20:49:28 ----SHD---- C:\$RECYCLE.BIN
2010-10-23 20:47:28 ----A---- C:\combofix,log.txt
2010-10-23 20:46:37 ----D---- C:\Windows\temp
2010-10-23 20:46:33 ----A---- C:\ComboFix.txt
2010-10-23 19:59:17 ----A---- C:\Windows\NIRCMD.exe
2010-10-23 19:59:17 ----A---- C:\Windows\MBR.exe
2010-10-23 19:59:16 ----A---- C:\Windows\zip.exe
2010-10-23 19:59:16 ----A---- C:\Windows\SWSC.exe
2010-10-23 19:59:16 ----A---- C:\Windows\SWREG.exe
2010-10-23 19:59:16 ----A---- C:\Windows\sed.exe
2010-10-23 19:59:16 ----A---- C:\Windows\PEV.exe
2010-10-23 19:59:16 ----A---- C:\Windows\grep.exe
2010-10-23 19:57:22 ----D---- C:\ComboFix
2010-10-23 19:57:02 ----D---- C:\Qoobox
2010-10-23 19:56:40 ----A---- C:\Windows\SWXCACLS.exe
2010-10-22 03:39:15 ----D---- C:\Windows\system32\drivers\NSS
2010-10-22 03:39:15 ----D---- C:\ProgramData\Symantec
2010-10-22 03:39:15 ----D---- C:\ProgramData\Norton
2010-10-22 03:39:15 ----D---- C:\Program Files\Norton Security Scan
2010-10-22 03:39:14 ----D---- C:\ProgramData\NortonInstaller
2010-10-22 03:39:14 ----D---- C:\Program Files\NortonInstaller
2010-10-21 20:29:46 ----AD---- C:\Windows\rundll16.exe
2010-10-21 20:29:46 ----AD---- C:\Windows\logo1_.exe
2010-10-20 20:36:09 ----A---- C:\log.txt
2010-10-20 12:40:46 ----AD---- C:\Windows\VDLL.DLL
2010-10-20 12:40:46 ----AD---- C:\Windows\system32\runouce.exe
2010-10-20 12:40:46 ----AD---- C:\Windows\RUNDL132.EXE
2010-10-20 12:40:46 ----AD---- C:\Windows\logo_1.exe
2010-10-20 12:31:56 ----A---- C:\Windows\system32\msvcr80.dll
2010-10-20 12:31:55 ----A---- C:\Windows\system32\msvcp80.dll
2010-10-20 12:31:54 ----A---- C:\Windows\system32\eEmpty.exe
2010-10-20 12:31:50 ----D---- C:\Program Files\Common Files\MicroWorld
2010-10-20 12:31:47 ----D---- C:\ProgramData\MicroWorld
2010-10-20 02:46:47 ----D---- C:\Windows\cs
2010-10-20 02:46:28 ----A---- C:\Windows\system32\drivers\fssfltr.sys
2010-10-20 02:40:49 ----A---- C:\Windows\system32\webservices.dll
2010-10-20 02:36:50 ----D---- C:\rsit
2010-10-20 01:37:43 ----RAD---- C:\autorun.inf
2010-10-19 16:16:22 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2010-10-19 16:16:21 ----A---- C:\Windows\system32\ff_vfw.dll
2010-10-19 16:16:20 ----A---- C:\Windows\system32\pthreadGC2.dll
2010-10-19 16:16:19 ----D---- C:\Program Files\ffdshow
2010-10-17 07:10:28 ----D---- C:\Program Files\Common Files\Adobe
2010-10-17 05:12:13 ----D---- C:\Program Files\WinPcap
2010-10-15 18:46:16 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-15 18:46:15 ----A---- C:\Windows\system32\netevent.dll
2010-10-15 18:46:15 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-15 18:46:15 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-15 18:46:15 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-15 18:45:56 ----A---- C:\Windows\system32\ole32.dll
2010-10-15 18:45:52 ----A---- C:\Windows\system32\mshtml.dll
2010-10-15 18:45:52 ----A---- C:\Windows\system32\ieframe.dll
2010-10-15 18:45:51 ----A---- C:\Windows\system32\wininet.dll
2010-10-15 18:45:51 ----A---- C:\Windows\system32\urlmon.dll
2010-10-15 18:45:51 ----A---- C:\Windows\system32\mshtmled.dll
2010-10-15 18:45:51 ----A---- C:\Windows\system32\msfeeds.dll
2010-10-15 18:45:51 ----A---- C:\Windows\system32\licmgr10.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\occache.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\mstime.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\msfeedssync.exe
2010-10-15 18:45:50 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\jsproxy.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\ieUnatt.exe
2010-10-15 18:45:50 ----A---- C:\Windows\system32\ieui.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\iesysprep.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\iesetup.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\iertutil.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\iernonce.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\iepeers.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\iedkcs32.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\ie4uinit.exe
2010-10-15 18:45:49 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-15 18:45:49 ----A---- C:\Windows\system32\mfc40.dll
2010-10-15 18:45:48 ----A---- C:\Windows\system32\schannel.dll
2010-10-15 18:45:45 ----A---- C:\Windows\system32\t2embed.dll
2010-10-15 18:45:32 ----A---- C:\Windows\system32\wmp.dll
2010-10-15 18:45:31 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-15 18:43:35 ----A---- C:\Windows\system32\comctl32.dll
2010-10-15 18:43:32 ----A---- C:\Windows\system32\win32k.sys
2010-10-15 18:43:31 ----A---- C:\Windows\system32\msshsq.dll
2010-10-15 18:43:29 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-09 16:33:00 ----A---- C:\Windows\system32\tzres.dll
2010-10-03 20:20:39 ----D---- C:\Program Files\Lavalys

======List of files/folders modified in the last 1 months======

2010-10-24 11:52:33 ----RD---- C:\Program Files
2010-10-24 02:15:32 ----D---- C:\Windows
2010-10-23 21:11:16 ----SHD---- C:\System Volume Information
2010-10-23 20:42:46 ----A---- C:\Windows\system.ini
2010-10-23 20:42:25 ----D---- C:\Windows\system32\drivers\etc
2010-10-23 20:41:46 ----D---- C:\ProgramData
2010-10-23 20:29:57 ----D---- C:\Windows\system32\drivers
2010-10-23 20:29:57 ----D---- C:\Windows\System32
2010-10-23 20:29:57 ----D---- C:\Windows\AppPatch
2010-10-23 20:29:56 ----D---- C:\Program Files\Common Files
2010-10-23 19:59:02 ----A---- C:\Windows\system32\acovcnt.exe
2010-10-23 19:58:57 ----D---- C:\Windows\ERDNT
2010-10-23 15:51:28 ----D---- C:\Windows\Prefetch
2010-10-23 12:58:39 ----D---- C:\Windows\inf
2010-10-23 12:58:39 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-10-23 02:34:57 ----D---- C:\Program Files\Mozilla Firefox
2010-10-22 12:06:42 ----D---- C:\Users\Šalis\AppData\Roaming\Skype
2010-10-22 03:39:18 ----D---- C:\Windows\Tasks
2010-10-22 03:39:18 ----D---- C:\Windows\system32\Tasks
2010-10-21 00:56:41 ----SHD---- C:\Windows\Installer
2010-10-21 00:19:05 ----D---- C:\Windows\system32\catroot2
2010-10-20 19:25:50 ----AD---- C:\ProgramData\Temp
2010-10-20 18:26:25 ----D---- C:\TRANSLAT
2010-10-20 16:34:30 ----A---- C:\Windows\ATKPF.ini
2010-10-20 12:55:31 ----D---- C:\Users\Šalis\AppData\Roaming\uTorrent
2010-10-20 12:27:40 ----D---- C:\Users\Šalis\AppData\Roaming\Download Manager
2010-10-20 07:01:06 ----D---- C:\Windows\Microsoft.NET
2010-10-20 07:00:01 ----RSD---- C:\Windows\assembly
2010-10-20 03:54:14 ----D---- C:\Windows\rescache
2010-10-20 02:46:29 ----DC---- C:\Windows\system32\DRVSTORE
2010-10-20 02:45:39 ----D---- C:\Program Files\Windows Live
2010-10-20 02:44:19 ----SD---- C:\ProgramData\Microsoft
2010-10-20 02:44:18 ----RSD---- C:\Windows\Fonts
2010-10-20 02:43:59 ----D---- C:\Program Files\Common Files\microsoft shared
2010-10-20 02:41:13 ----D---- C:\Windows\winsxs
2010-10-20 02:41:12 ----D---- C:\Windows\system32\cs-CZ
2010-10-20 02:41:09 ----D---- C:\Windows\system32\catroot
2010-10-20 01:46:00 ----D---- C:\ASUS.SYS
2010-10-19 11:41:44 ----N---- C:\Windows\system32\MpSigStub.exe
2010-10-17 10:21:36 ----D---- C:\Users\Šalis\AppData\Roaming\Media Player Classic
2010-10-17 10:01:13 ----D---- C:\ProgramData\NOS
2010-10-17 07:10:33 ----D---- C:\ProgramData\Adobe
2010-10-16 05:02:33 ----D---- C:\Windows\Debug
2010-10-16 04:57:55 ----D---- C:\ProgramData\NVIDIA
2010-10-15 18:57:51 ----D---- C:\Program Files\Windows Media Player
2010-10-15 18:57:50 ----D---- C:\Windows\system32\migration
2010-10-15 18:57:50 ----D---- C:\Program Files\Internet Explorer
2010-10-15 18:52:23 ----D---- C:\ProgramData\Microsoft Help
2010-10-15 18:47:05 ----A---- C:\Windows\system32\mrt.exe
2010-10-11 19:24:34 ----D---- C:\Windows\Minidump
2010-10-10 21:30:37 ----D---- C:\Users\Šalis\AppData\Roaming\BSplayer Pro
2010-10-10 14:20:26 ----D---- C:\Program Files\SUPERAntiSpyware
2010-10-10 03:13:18 ----D---- C:\Program Files\Microsoft Silverlight
2010-10-03 01:00:00 ----D---- C:\Windows\system32\LogFiles
2010-09-28 21:48:53 ----D---- C:\Windows\system32\WDI
2010-09-26 10:57:07 ----D---- C:\Windows\LiveKernelReports

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2008-07-21 145952]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-19 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-29 67656]
R1 SbFw;SbFw; C:\Windows\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\Windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-07-16 35088]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-05 1183744]
R3 CRFILTER;USB Mass Storage Filter; C:\Windows\system32\DRIVERS\CRFILTER.sys [2008-04-07 6656]
R3 DCamUSBET;USB2.0 1.3M UVC WebCam; C:\Windows\system32\DRIVERS\etDevice.sys [2007-09-06 474624]
R3 FiltUSBET;ET USB Device Lower Filter; C:\Windows\system32\DRIVERS\etFilter.sys [2008-02-05 206464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-08-12 2159384]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-07-08 1050656]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2010-06-22 105576]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-07-10 11008040]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-07-22 15872]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\Windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 ScanUSBET;ET USB Still Image Capture Device; C:\Windows\system32\DRIVERS\etScan.sys [2008-01-31 6528]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-08-17 190512]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 ac97intc;Služba instalace zvukového ovladače Intel(r) (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-02 108032]
S3 catchme;catchme; \??\C:\Users\ALIS~1\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-02 1083520]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2010-07-26 238184]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2010-02-19 12872]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-05-13 691696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-10-03 94208]
R2 FontCache;Mezipaměť písem Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-11-20 73728]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 129640]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2010-07-16 117264]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-04 156656]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S4 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]

-----------------EOF-----------------

salis331 · #3 Příspěvek od **salis331** » 24 říj 2010 11:11

Koukám HJT se neprovedl..přikládám.. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:22, on 24.10.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ATK Hotkey\HControlUser.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Šalis\Downloads\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 6153 bytes

salis331 · #4 Příspěvek od **salis331** » 24 říj 2010 11:33

No a AUTORUN.INF je na flashce dál..kdyz ji dám do dvd,je vidět..při scanu combofixem byla zasunuta v pc..Kdyby tam toho bylo moc,přeinstaluju to celé,vše mám zalohované ať to tady neblokuji..Díky za váš čas

Posílam podposu přes sazku..

#5 Příspěvek od **vyosek** » 24 říj 2010 22:40

Zdravim a pekny den preji

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
Spustte a kliknete na Deletion
Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

salis331 · #6 Příspěvek od **salis331** » 25 říj 2010 10:12

#7 Příspěvek od **vyosek** » 25 říj 2010 10:32

Flash disky by mely byt na vir autorun.inf ciste

USBFix vytvoril na vsech discich ochranou slozku autorun.inf - viz navod na USBFix funkce Vaccination
salis331 píše: ################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
I:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

Jsou s PC nejake problemy

salis331 · #8 Příspěvek od **salis331** » 25 říj 2010 21:13

Díky,tak tu složku jsem nepochopil,myslel jsem ze to je vir..Tak teď snad žadný problem není,snad krom režimu spanku..tomu se nechce naběhnout..Ještě se zeptam,Dr.web mi smazal Combofix z plochy,musím jej znovu stahout a odinstalovat?Díky

#9 Příspěvek od **vyosek** » 25 říj 2010 21:16

ComboFix pouzivejte jen na doporuceni radce

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Znovu spusťte Usbfix a zvolte možnost Uninstall.

T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

A po haveti by melo byt cisto...

salis331 · #10 Příspěvek od **salis331** » 26 říj 2010 17:57

Dobrý podvečer,tak jsem chvíli sledoval chod Pc..a našel jsem asi problém,ktery to všechno zpúsoboval,je to nejaky vir v Ms office,našel jsem slozky se soubory ktere přišli včera a dnes do pc,aniž bych měl outlook zapnuty,zřejmě díky aviře ktera nemá funkci kontroly pošty,složky nejdou odstranit,tak jsem alespon zkopíroval adresu umístění..našel jsem je v indexovanych místech,při poklepání jdou jen otevřít a to jsem neriskoval.Jedna ze složek či souborů je "Kiloword.jpg" ale je jich tam víc,když jsem do nich začal drbat schovaly se posílam tedy aspon co jsem zjistil,umístění v registrech a žřejmě umístění složky kterou jsem nenašel..Zatím děkuji.. Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\CrawlScopeManager\Windows\SystemIndex\DefaultRules\12]
"URL"="iehistory://{s-1-5-21-1118820279-2686567435-2704455506-1000}/"
"Include"=dword:00000001
"Suppress"=dword:00000000
"IncludeSubdirs"=dword:00000001
"Default"=dword:00000001
"Hierarchical"=dword:00000001
"Policy"=dword:00000000

toť registr..A kdyz jsem skopíroval adresu té složky,vyplivlo to na mě tohle.. search-ms:displayname=Přijato%20dne%20?5.?6.?2010&crumb=Přijato%3A(>%3D"4.6.2010%2022%3A00%3A00"%20<%3D"5.6.2010%2021%3A59%3A59")&crumb=location:mapi%3A%2F%2F{S-1-5-21-1118820279-2686567435-2704455506-1000} A na druhý pokus mi to zkopírovalo tohle.. search-ms:query=crumb Zdrojové kody ze starších mailů vypadaji normalně,zatímco z této pošty vypadají tak nějak..no nevím,jsou divné,mužu vložit jako text?

salis331 · #11 Příspěvek od **salis331** » 26 říj 2010 18:18

Přidávám ještě RSIT,jinak se mi v pc vytváří složka SCREEN,což by mohlo patřit k tomu.. Logfile of random's system information tool 1.08 (written by random/random)
Run by Šalis at 2010-10-26 19:06:40
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 36 GB (24%) free of 153 GB
Total RAM: 3070 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:06:47, on 26.10.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ATK Hotkey\HControlUser.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Šalis\Desktop\RSIT.exe
C:\Program Files\trend micro\Šalis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 5872 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton Security Scan for Šalis.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2010-01-22 520192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"=C:\Program Files\ATK Hotkey\HcontrolUser.exe [2008-01-12 98304]
"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2008-01-24 7766016]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-08-17 102400]
"ASUS Screen Saver Protector"=C:\Windows\AsScrPro.exe [2009-05-04 3054136]
"ASUS Camera ScreenSaver"=C:\Windows\AsScrProlog.exe [2009-05-04 47672]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-08-12 6265376]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2010-01-22 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-10-26 19:06:41 ----D---- C:\Program Files\trend micro
2010-10-26 19:06:40 ----D---- C:\rsit
2010-10-25 11:11:19 ----RASHD---- C:\Autorun.inf
2010-10-23 20:49:28 ----SHD---- C:\$RECYCLE.BIN
2010-10-23 20:46:37 ----D---- C:\Windows\temp
2010-10-22 03:39:15 ----D---- C:\Windows\system32\drivers\NSS
2010-10-22 03:39:15 ----D---- C:\ProgramData\Symantec
2010-10-22 03:39:15 ----D---- C:\ProgramData\Norton
2010-10-22 03:39:15 ----D---- C:\Program Files\Norton Security Scan
2010-10-22 03:39:14 ----D---- C:\ProgramData\NortonInstaller
2010-10-22 03:39:14 ----D---- C:\Program Files\NortonInstaller
2010-10-20 02:46:47 ----D---- C:\Windows\cs
2010-10-20 02:46:28 ----A---- C:\Windows\system32\drivers\fssfltr.sys
2010-10-20 02:40:49 ----A---- C:\Windows\system32\webservices.dll
2010-10-19 16:16:22 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2010-10-19 16:16:21 ----A---- C:\Windows\system32\ff_vfw.dll
2010-10-19 16:16:20 ----A---- C:\Windows\system32\pthreadGC2.dll
2010-10-19 16:16:19 ----D---- C:\Program Files\ffdshow
2010-10-17 07:10:28 ----D---- C:\Program Files\Common Files\Adobe
2010-10-17 05:12:13 ----D---- C:\Program Files\WinPcap
2010-10-15 18:46:16 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-15 18:46:15 ----A---- C:\Windows\system32\netevent.dll
2010-10-15 18:46:15 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-15 18:46:15 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-15 18:46:15 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-15 18:45:56 ----A---- C:\Windows\system32\ole32.dll
2010-10-15 18:45:52 ----A---- C:\Windows\system32\mshtml.dll
2010-10-15 18:45:52 ----A---- C:\Windows\system32\ieframe.dll
2010-10-15 18:45:51 ----A---- C:\Windows\system32\wininet.dll
2010-10-15 18:45:51 ----A---- C:\Windows\system32\urlmon.dll
2010-10-15 18:45:51 ----A---- C:\Windows\system32\mshtmled.dll
2010-10-15 18:45:51 ----A---- C:\Windows\system32\msfeeds.dll
2010-10-15 18:45:51 ----A---- C:\Windows\system32\licmgr10.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\occache.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\mstime.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\msfeedssync.exe
2010-10-15 18:45:50 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\jsproxy.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\ieUnatt.exe
2010-10-15 18:45:50 ----A---- C:\Windows\system32\ieui.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\iesysprep.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\iesetup.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\iertutil.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\iernonce.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\iepeers.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\iedkcs32.dll
2010-10-15 18:45:50 ----A---- C:\Windows\system32\ie4uinit.exe
2010-10-15 18:45:49 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-15 18:45:49 ----A---- C:\Windows\system32\mfc40.dll
2010-10-15 18:45:48 ----A---- C:\Windows\system32\schannel.dll
2010-10-15 18:45:45 ----A---- C:\Windows\system32\t2embed.dll
2010-10-15 18:45:32 ----A---- C:\Windows\system32\wmp.dll
2010-10-15 18:45:31 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-15 18:43:35 ----A---- C:\Windows\system32\comctl32.dll
2010-10-15 18:43:32 ----A---- C:\Windows\system32\win32k.sys
2010-10-15 18:43:31 ----A---- C:\Windows\system32\msshsq.dll
2010-10-15 18:43:29 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-09 16:33:00 ----A---- C:\Windows\system32\tzres.dll
2010-10-03 20:20:39 ----D---- C:\Program Files\Lavalys

======List of files/folders modified in the last 1 months======

2010-10-26 19:06:47 ----D---- C:\Windows\Prefetch
2010-10-26 19:06:41 ----RD---- C:\Program Files
2010-10-26 12:44:21 ----D---- C:\Windows
2010-10-26 09:40:54 ----D---- C:\Windows\system32\drivers
2010-10-26 03:27:48 ----D---- C:\Windows\System32
2010-10-26 03:27:48 ----D---- C:\ProgramData
2010-10-26 03:27:48 ----D---- C:\Program Files\Common Files
2010-10-25 13:07:24 ----A---- C:\Windows\system32\acovcnt.exe
2010-10-24 23:36:47 ----SHD---- C:\System Volume Information
2010-10-23 20:42:46 ----A---- C:\Windows\system.ini
2010-10-23 20:42:25 ----D---- C:\Windows\system32\drivers\etc
2010-10-23 20:29:57 ----D---- C:\Windows\AppPatch
2010-10-23 12:58:39 ----D---- C:\Windows\inf
2010-10-23 12:58:39 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-10-23 02:34:57 ----D---- C:\Program Files\Mozilla Firefox
2010-10-22 12:06:42 ----D---- C:\Users\Šalis\AppData\Roaming\Skype
2010-10-22 03:39:18 ----D---- C:\Windows\Tasks
2010-10-22 03:39:18 ----D---- C:\Windows\system32\Tasks
2010-10-21 00:56:41 ----SHD---- C:\Windows\Installer
2010-10-21 00:19:05 ----D---- C:\Windows\system32\catroot2
2010-10-20 19:25:50 ----AD---- C:\ProgramData\Temp
2010-10-20 18:26:25 ----D---- C:\TRANSLAT
2010-10-20 16:34:30 ----A---- C:\Windows\ATKPF.ini
2010-10-20 12:55:31 ----D---- C:\Users\Šalis\AppData\Roaming\uTorrent
2010-10-20 12:27:40 ----D---- C:\Users\Šalis\AppData\Roaming\Download Manager
2010-10-20 07:01:06 ----D---- C:\Windows\Microsoft.NET
2010-10-20 07:00:01 ----RSD---- C:\Windows\assembly
2010-10-20 03:54:14 ----D---- C:\Windows\rescache
2010-10-20 02:46:29 ----DC---- C:\Windows\system32\DRVSTORE
2010-10-20 02:45:39 ----D---- C:\Program Files\Windows Live
2010-10-20 02:44:19 ----SD---- C:\ProgramData\Microsoft
2010-10-20 02:44:18 ----RSD---- C:\Windows\Fonts
2010-10-20 02:43:59 ----D---- C:\Program Files\Common Files\microsoft shared
2010-10-20 02:41:13 ----D---- C:\Windows\winsxs
2010-10-20 02:41:12 ----D---- C:\Windows\system32\cs-CZ
2010-10-20 02:41:09 ----D---- C:\Windows\system32\catroot
2010-10-20 01:46:00 ----D---- C:\ASUS.SYS
2010-10-19 11:41:44 ----N---- C:\Windows\system32\MpSigStub.exe
2010-10-17 10:21:36 ----D---- C:\Users\Šalis\AppData\Roaming\Media Player Classic
2010-10-17 10:01:13 ----D---- C:\ProgramData\NOS
2010-10-17 07:10:33 ----D---- C:\ProgramData\Adobe
2010-10-16 05:02:33 ----D---- C:\Windows\Debug
2010-10-16 04:57:55 ----D---- C:\ProgramData\NVIDIA
2010-10-15 18:57:51 ----D---- C:\Program Files\Windows Media Player
2010-10-15 18:57:50 ----D---- C:\Windows\system32\migration
2010-10-15 18:57:50 ----D---- C:\Program Files\Internet Explorer
2010-10-15 18:52:23 ----D---- C:\ProgramData\Microsoft Help
2010-10-15 18:47:05 ----A---- C:\Windows\system32\mrt.exe
2010-10-11 19:24:34 ----D---- C:\Windows\Minidump
2010-10-10 21:30:37 ----D---- C:\Users\Šalis\AppData\Roaming\BSplayer Pro
2010-10-10 14:20:26 ----D---- C:\Program Files\SUPERAntiSpyware
2010-10-10 03:13:18 ----D---- C:\Program Files\Microsoft Silverlight
2010-10-03 01:00:00 ----D---- C:\Windows\system32\LogFiles
2010-09-28 21:48:53 ----D---- C:\Windows\system32\WDI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2008-07-21 145952]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-19 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-29 67656]
R1 SbFw;SbFw; C:\Windows\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\Windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-07-16 35088]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-05 1183744]
R3 CRFILTER;USB Mass Storage Filter; C:\Windows\system32\DRIVERS\CRFILTER.sys [2008-04-07 6656]
R3 DCamUSBET;USB2.0 1.3M UVC WebCam; C:\Windows\system32\DRIVERS\etDevice.sys [2007-09-06 474624]
R3 FiltUSBET;ET USB Device Lower Filter; C:\Windows\system32\DRIVERS\etFilter.sys [2008-02-05 206464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-08-12 2159384]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-07-08 1050656]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2010-06-22 105576]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-07-10 11008040]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-07-22 15872]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\Windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 ScanUSBET;ET USB Still Image Capture Device; C:\Windows\system32\DRIVERS\etScan.sys [2008-01-31 6528]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-08-17 190512]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 ac97intc;Služba instalace zvukového ovladače Intel(r) (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-02 108032]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-02 1083520]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2010-07-26 238184]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2010-02-19 12872]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-05-13 691696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-10-03 94208]
R2 FontCache;Mezipaměť písem Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-11-20 73728]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 129640]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2010-07-16 117264]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-04 156656]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S4 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]

-----------------EOF-----------------

#12 Příspěvek od **vyosek** » 27 říj 2010 00:26

Pokud pouzivate postovni klienty, tak je potreba AV s postovnim stitem - dejte si Avast, ten jej ma

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

Provedte aktualizaci - treti zalozka
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

salis331 · #13 Příspěvek od **salis331** » 27 říj 2010 11:29

Zdravím,MBAM jsem provaděl večer i rano,nic nenalezlo..Pro jistotu jsem odinstaloval office nebo během dneška přisli další zprávy aniž by byl zapnuty a vyčistil registry Wise reg.utility,chtel bych se ještě zeptat na soubor "lmhost.sam" vim že jsem se v tom už kdysi hrabal a vypadal jako "hosts" niní je přejmenovany na "hosts.old" a parametry -
# The following example illustrates all of these extensions:
#
# 102.54.94.97 rhino #PRE #DOM:networking #net group's DC
# 102.54.94.102 "appname \0x14" #special app server
# 102.54.94.123 popular #PRE #source server
# 102.54.94.117 localsrv #PRE #needed for the include
#
# #BEGIN_ALTERNATE
# #INCLUDE \\localsrv\public\lmhosts
# #INCLUDE \\rhino\public\lmhosts
# #END_ALTERNATE
#
# In the above example, the "appname" server contains a special
# character in its name, the "popular" and "localsrv" server names are
# preloaded, and the "rhino" server name is specified so it can be used
# to later #INCLUDE a centrally maintained lmhosts file if the "localsrv"
# system is unavailable.
#
# Note that the whole file is parsed including comments on each lookup,
# so keeping the number of comments to a minimum will improve performance.
# Therefore it is not advisable to simply add .. nezdá se mi to vůbec..jinak proběhl Ccleaner,Avira,Mbam a Superantispywere... Zatím moc děkuji..

salis331 · #14 Příspěvek od **salis331** » 27 říj 2010 13:59

Takže jsem sledoval a sledoval a Kerio mi hlásí,že že Mrkwosoft office se snaží připojit k síťi..I když je odinstalované přes you unistall..Takže buď tam ještě běhá nejaký bazilišek,nebo tam nekde zustal schovany ovladač,nebo je to jiná služba Win-live,mesenger..Jestli se s tím už někdo setkal..Zajímavý tohle.Přitom si tak dávam pozor..Většina souborů byla modifikována mezi 10-26. tohoto měsíce,vesměs se změnilo datum vytvoření většiny souborů..docela jsem ty složky prolezl a málokterá si zachovala datum instalace..Neuvědomil jsem si tu aviru..přitom stačilo tak málo..Bylo mi divné že si sám sobe posílam spam

Ješte přidam zdroj.kod z jednoho mailu co se mi podařilo nějakym zazrakem dostat a obnovit..Doufam že se to může a neuďělá to nejakou neplechu..Zatím díky..

salis331 · #15 Příspěvek od **salis331** » 27 říj 2010 14:05

Ještě mi Wise cleaner nedoporučil vymazat 3položky z registru jelikož k nim není přiřazený žadny program.. Vkládám.... Data: WLPG Detection
HKEY_CLASSES_ROOT\.wlpginstall\Default
Důvod: Bez informací o připojeném souboru (přípona není přiřazena)
lze odebrat, ale nedoporučujeme.
Data: WLPG Detection
HKEY_CLASSES_ROOT\.wlpginstall3\Default
Důvod: Bez informací o připojeném souboru (přípona není přiřazena)
lze odebrat, ale nedoporučujeme.
Data: wvFile
HKEY_CLASSES_ROOT\.wv\Default
Důvod: Bez informací o připojeném souboru (přípona není přiřazena)
lze odebrat, ale nedoporučujeme.

VIRY.CZ

Ahoj,prosím o kontrolu logu po Autorun.inf..A nejakou havěti

Ahoj,prosím o kontrolu logu po Autorun.inf..A nejakou havěti

Re: Ahoj,prosím o kontrolu logu po Autorun.inf..A nejakou ha

Re: Ahoj,prosím o kontrolu logu po Autorun.inf..A nejakou ha

Re: Ahoj,prosím o kontrolu logu po Autorun.inf..A nejakou ha

Re: Ahoj,prosím o kontrolu logu po Autorun.inf..A nejakou ha

Re: Ahoj,prosím o kontrolu logu po Autorun.inf..A nejakou ha

Re: Ahoj,prosím o kontrolu logu po Autorun.inf..A nejakou ha

Re: Ahoj,prosím o kontrolu logu po Autorun.inf..A nejakou ha

Re: Ahoj,prosím o kontrolu logu po Autorun.inf..A nejakou ha

Re: Ahoj,prosím o kontrolu logu po Autorun.inf..A nejakou ha

Re: Ahoj,prosím o kontrolu logu po Autorun.inf..A nejakou ha

Re: Ahoj,prosím o kontrolu logu po Autorun.inf..A nejakou ha

Re: Ahoj,prosím o kontrolu logu po Autorun.inf..A nejakou ha

Re: Ahoj,prosím o kontrolu logu po Autorun.inf..A nejakou ha

Re: Ahoj,prosím o kontrolu logu po Autorun.inf..A nejakou ha