Prosim o kontrolu, Avira hlasi vir

Zpráva

mika666 · #16 Příspěvek od **mika666** » 18 pro 2010 21:48

v nouzovem rezimu

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: PC

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 708 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0,00 mb

========== FILES ==========
File\Folder c:\documents and settings\PC\Nabídka Start\Programy\Po spuštění\*.exe not found.
File move failed. c:\windows\system32\drivers\oumzbfqe.sys scheduled to be moved on reboot.
c:\windows\Hello Kitty.scr moved successfully.
File\Folder c:\documents and settings\PC\Data aplikací\*.exe not found.
File move failed. c:\windows\system32\lepydeha.exe scheduled to be moved on reboot.
C:\HDTV.exe moved successfully.
File\Folder c:\documents and settings\PC\MMGJGSPDAM.exe not found.
File\Folder c:\documents and settings\PC\GGASDPVVAS.exe not found.
File move failed. c:\windows\system32\davy.exe scheduled to be moved on reboot.
File move failed. c:\windows\system32\tilorehoot.exe scheduled to be moved on reboot.
File\Folder c:\documents and settings\PC\SPMSPVSAVS.exe not found.
File\Folder c:\documents and settings\PC\MSVSAVDAVD.exe not found.
File\Folder c:\documents and settings\PC\VSPVSAVDAG.exe not found.
File\Folder c:\documents and settings\PC\VJGDJGMJGM.exe not found.
File move failed. c:\windows\system32\wejovood.exe scheduled to be moved on reboot.
File\Folder c:\documents and settings\PC\SPVSPVSAVD.exe not found.
File\Folder c:\documents and settings\PC\GDJGDAVDAV.exe not found.
File move failed. c:\windows\system32\jokypakouh.exe scheduled to be moved on reboot.
File\Folder c:\Documents and Settings\PC\Local Settings\temp not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\c:\\Documents and Settings\\PC\\Data aplikací\\lsass.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Local Security Authentication Server not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\JP595IR86O not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\bfwdrv deleted successfully.
========== SERVICES/DRIVERS ==========
Service oumzbfqe stopped successfully!
Service oumzbfqe deleted successfully!

OTL by OldTimer - Version 3.2.17.3 log created on 12182010_212756

#17 Příspěvek od **Caroprd111** » 18 pro 2010 22:12

Poprosím o nový log z RSIT.

mika666 · #18 Příspěvek od **mika666** » 18 pro 2010 22:21

Logfile of random's system information tool 1.08 (written by random/random)
Run by PC at 2010-12-18 22:20:16
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 20 GB (49%) free of 40 GB
Total RAM: 502 MB (49% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-12-05 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-12-05 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - Acer eDataSecurity Management - C:\WINDOWS\system32\ToolBand.dll [2005-10-19 94208]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-10-27 1049912]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-12-05 297648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2010-05-05 111928]
"UVS11 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [2007-03-03 341488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-08-28 39408]
"Local Security Authentication Server"=C:\Documents and Settings\PC\Data aplikací\lsass.exe []
"JP595IR86O"=C:\DOCUME~1\PC\LOCALS~1\Temp\Ow4.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
C:\Program Files\Atheros\ACU.exe [2005-01-31 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADMTray.exe]
C:\Acer\Empowering Technology\admtray.exe [2005-10-24 2462208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-12-21 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe [2005-11-11 1236992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2005-10-19 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-11-28 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-11-28 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-11-28 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\PROGRA~1\LAUNCH~1\LManager.exe [2005-11-24 589824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2005-12-19 15797248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2007-12-07 21686568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^PC^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE [2005-10-15 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FLEXnet Licensing Service"=3
"wuauserv"=2
"wscsvc"=2

C:\Documents and Settings\PC\Nabídka Start\Programy\Po spuštění
Notification de cadeaux MSN.lnk - C:\Documents and Settings\PC\Data aplikací\Microsoft\Notification de cadeaux MSN\lsnfier.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\oumzbfqe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\oumzbfqe]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Guest\Data aplikací\ICQ\Application\ICQ7.0\ICQ.exe"="C:\Documents and Settings\Guest\Data aplikací\ICQ\Application\ICQ7.0\ICQ.exe:*:Disabled:ICQ"
"C:\Documents and Settings\Guest\Local Settings\Data aplikací\Skype\Phone\Skype.exe"="C:\Documents and Settings\Guest\Local Settings\Data aplikací\Skype\Phone\Skype.exe:*:Disabled:Skype "
"C:\Documents and Settings\Guest\Data aplikací\ICQ\Application\ICQ7.1\ICQ.exe"="C:\Documents and Settings\Guest\Data aplikací\ICQ\Application\ICQ7.1\ICQ.exe:*:Disabled:ICQ"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\All Users\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe"="C:\Documents and Settings\All Users\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe:*:Enabled:SweetIM Installer"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Documents and Settings\PC\Data aplikací\lsass.exe"="C:\Documents and Settings\PC\Data aplikací\lsass.exe:*:Enabled:Local Security Authentication Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-12-18 20:44:01 ----RASHD---- C:\Autorun.inf
2010-12-18 20:43:56 ----SHD---- C:\RECYCLER
2010-12-18 20:31:28 ----A---- C:\UsbFix.txt
2010-12-18 20:31:05 ----D---- C:\UsbFix
2010-12-18 13:06:42 ----D---- C:\WINDOWS\temp
2010-12-18 13:05:07 ----A---- C:\ComboFix.txt
2010-12-17 23:25:49 ----A---- C:\Boot.bak
2010-12-17 23:25:43 ----RASHD---- C:\cmdcons
2010-12-17 22:34:04 ----A---- C:\WINDOWS\zip.exe
2010-12-17 22:34:04 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-12-17 22:34:04 ----A---- C:\WINDOWS\SWSC.exe
2010-12-17 22:34:04 ----A---- C:\WINDOWS\SWREG.exe
2010-12-17 22:34:04 ----A---- C:\WINDOWS\sed.exe
2010-12-17 22:34:04 ----A---- C:\WINDOWS\PEV.exe
2010-12-17 22:34:04 ----A---- C:\WINDOWS\NIRCMD.exe
2010-12-17 22:34:04 ----A---- C:\WINDOWS\MBR.exe
2010-12-17 22:34:04 ----A---- C:\WINDOWS\grep.exe
2010-12-17 22:33:59 ----D---- C:\WINDOWS\ERDNT
2010-12-17 22:32:46 ----D---- C:\Qoobox
2010-12-17 21:43:48 ----D---- C:\_OTL
2010-12-17 19:18:19 ----D---- C:\Program Files\trend micro
2010-12-17 19:18:18 ----D---- C:\rsit
2010-12-17 19:12:27 ----D---- C:\WINDOWS\CSC
2010-12-17 16:45:22 ----A---- C:\WINDOWS\ntbtlog.txt
2010-12-12 18:25:24 ----A---- C:\WINDOWS\system32\wejovood.exe
2010-12-12 08:58:16 ----RA---- C:\Documents and Settings\PC\Data aplikací\MlDE06imkg.txt
2010-12-12 08:58:14 ----A---- C:\WINDOWS\system32\jokypakouh.exe
2010-12-10 21:21:34 ----RA---- C:\Documents and Settings\PC\Data aplikací\KgHbLk68N1.txt
2010-12-10 21:11:56 ----D---- C:\Documents and Settings\PC\Data aplikací\ICQ
2010-12-10 21:11:21 ----D---- C:\Program Files\ICQ7.0
2010-12-09 22:09:15 ----A---- C:\WINDOWS\system32\davy.exe
2010-12-08 15:08:01 ----RA---- C:\Documents and Settings\PC\Data aplikací\idgGK7ljd7.txt
2010-12-08 15:07:55 ----A---- C:\WINDOWS\system32\tilorehoot.exe
2010-11-24 12:46:01 ----D---- C:\Program Files\csWord
2010-11-22 14:20:05 ----RA---- C:\Documents and Settings\PC\Data aplikací\BG0Ai.txt
2010-11-21 07:10:01 ----A---- C:\WINDOWS\system32\drivers\oumzbfqe.sys
2010-11-21 00:03:52 ----A---- C:\WINDOWS\system32\lepydeha.exe
2010-11-20 23:54:30 ----RSH---- C:\Documents and Settings\PC\Data aplikací\juzjf.exe
2010-11-20 23:11:16 ----D---- C:\Program Files\ConduitEngine

======List of files/folders modified in the last 1 months======

2010-12-18 21:53:37 ----D---- C:\WINDOWS\system32
2010-12-18 21:53:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-18 21:51:10 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-18 21:51:03 ----AD---- C:\WINDOWS
2010-12-18 13:06:43 ----D---- C:\WINDOWS\system32\drivers
2010-12-18 13:01:46 ----A---- C:\WINDOWS\system.ini
2010-12-18 13:01:22 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-18 12:59:22 ----D---- C:\WINDOWS\system32\config
2010-12-18 12:57:05 ----RD---- C:\Program Files
2010-12-18 12:55:15 ----D---- C:\WINDOWS\AppPatch
2010-12-18 12:55:12 ----D---- C:\Program Files\Common Files
2010-12-17 23:25:49 ----RASH---- C:\boot.ini
2010-12-17 21:45:05 ----SD---- C:\WINDOWS\Tasks
2010-12-17 19:11:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-17 16:46:04 ----D---- C:\Documents and Settings
2010-12-15 22:25:18 ----D---- C:\Documents and Settings\PC\Data aplikací\OpenOffice.org2
2010-12-14 06:44:03 ----D---- C:\Program Files\ICQ6Toolbar
2010-12-13 15:11:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-12-12 10:54:15 ----D---- C:\Program Files\Mozilla Firefox
2010-12-09 22:54:52 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-12-05 12:46:41 ----D---- C:\Documents and Settings\PC\Data aplikací\Audacity
2010-11-28 18:43:59 ----SHD---- C:\WINDOWS\Installer
2010-11-28 18:43:33 ----D---- C:\Config.Msi
2010-11-28 18:43:15 ----D---- C:\Program Files\PC Connectivity Solution
2010-11-28 15:21:16 ----D---- C:\Program Files\Hry.cz
2010-11-23 18:42:59 ----D---- C:\Program Files\Burn4Free
2010-11-22 15:08:59 ----D---- C:\Program Files\SM
2010-11-22 15:08:58 ----D---- C:\Program Files\NCH
2010-11-20 23:14:26 ----D---- C:\Documents and Settings\PC\Data aplikací\HPAppData
2010-11-20 23:08:31 ----D---- C:\WINDOWS\Prefetch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 39936]
R1 OsaFsLoc;OsaFsLoc; \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-08-14 21275]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-03-24 56816]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-10-31 45312]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2005-11-17 60928]
R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2005-11-17 37888]
R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2005-11-17 74624]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-19 4127232]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-18 67584]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-18 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-18 20480]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S2 oumzbfqe;oumzbfqe; C:\WINDOWS\system32\drivers\oumzbfqe.sys [2010-11-21 82944]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-18 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 NdisFilt;OSA NdisFilter Protocol; C:\WINDOWS\System32\Drivers\NdisFilt.sys [2005-09-13 4392]
S3 NETMNT;Acer NetMonitor Protocol; C:\WINDOWS\system32\DRIVERS\NETMNT.sys [2005-05-02 9600]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-18 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2004-12-27 36864]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 AWService;AdminWorks Agent X6; C:\Acer\Empowering Technology\admServ.exe [2005-10-24 1314816]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2007-03-03 67056]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-11-11 18944]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-28 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe -d -f C:\Program Files\WinPcap\rpcapd.ini []
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-08-12 306432]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-14 654848]

-----------------EOF-----------------

#19 Příspěvek od **Caroprd111** » 18 pro 2010 22:46

Stáhněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

Podle návodu v odkazu nainstalujte, poté dejte úplný sken.
Nic nemažte MBAM má občas falešné detekce a mohl by smazat např. systémové soubory.
Log vložte sem.

mika666 · #20 Příspěvek od **mika666** » 19 pro 2010 10:17

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 5214

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

19.12.2010 10:12:44
mbam-log-2010-12-19 (10-12-37).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 222224
Uplynulý čas: 46 minut, 52 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 8
Infikované hodnoty v registru: 1
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 72

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> No action taken.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\2.bin\f3htmlmu.dll.vir (PUP.FunWebProducts) -> No action taken.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\2.bin\m3plugin.dll.vir (Adware.MyWebSearch) -> No action taken.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\2.bin\mwsbar.dll.vir (Adware.MyWebSearch) -> No action taken.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\2.bin\mwsoemon.exe.vir (Adware.MyWebSearch) -> No action taken.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\2.bin\mwsoestb.dll.vir (Adware.MyWebSearch) -> No action taken.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\2.bin\mwssrcas.dll.vir (Adware.MyWebSearch) -> No action taken.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\2.bin\npmywebs.dll.vir (Adware.MyWebSearch) -> No action taken.
c:\Qoobox\quarantine\C\WINDOWS\system32\f3pssavr.scr.vir (Adware.MyWebSearch) -> No action taken.
c:\system volume information\_restore{de2b2449-0b94-40b9-8748-277219fceeda}\RP240\A0043895.exe (Worm.Palevo) -> No action taken.
c:\system volume information\_restore{de2b2449-0b94-40b9-8748-277219fceeda}\RP240\A0043916.DLL (PUP.FunWebProducts) -> No action taken.
c:\system volume information\_restore{de2b2449-0b94-40b9-8748-277219fceeda}\RP240\A0043917.DLL (Adware.MyWebSearch) -> No action taken.
c:\system volume information\_restore{de2b2449-0b94-40b9-8748-277219fceeda}\RP240\A0043918.DLL (Adware.MyWebSearch) -> No action taken.
c:\system volume information\_restore{de2b2449-0b94-40b9-8748-277219fceeda}\RP240\A0043919.EXE (Adware.MyWebSearch) -> No action taken.
c:\system volume information\_restore{de2b2449-0b94-40b9-8748-277219fceeda}\RP240\A0043920.DLL (Adware.MyWebSearch) -> No action taken.
c:\system volume information\_restore{de2b2449-0b94-40b9-8748-277219fceeda}\RP240\A0043921.DLL (Adware.MyWebSearch) -> No action taken.
c:\system volume information\_restore{de2b2449-0b94-40b9-8748-277219fceeda}\RP240\A0043922.DLL (Adware.MyWebSearch) -> No action taken.
c:\system volume information\_restore{de2b2449-0b94-40b9-8748-277219fceeda}\RP240\A0043934.scr (Adware.MyWebSearch) -> No action taken.
c:\system volume information\_restore{de2b2449-0b94-40b9-8748-277219fceeda}\RP240\A0044033.exe (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{de2b2449-0b94-40b9-8748-277219fceeda}\RP240\A0044034.exe (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{de2b2449-0b94-40b9-8748-277219fceeda}\RP240\A0044035.exe (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{de2b2449-0b94-40b9-8748-277219fceeda}\RP240\A0044036.exe (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{de2b2449-0b94-40b9-8748-277219fceeda}\RP240\A0044037.exe (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{de2b2449-0b94-40b9-8748-277219fceeda}\RP240\A0044038.exe (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{de2b2449-0b94-40b9-8748-277219fceeda}\RP240\A0044039.exe (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{de2b2449-0b94-40b9-8748-277219fceeda}\RP240\A0044040.exe (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{de2b2449-0b94-40b9-8748-277219fceeda}\RP240\A0044042.exe (Worm.Autorun) -> No action taken.
c:\system volume information\_restore{de2b2449-0b94-40b9-8748-277219fceeda}\RP240\A0044043.exe (Trojan.Refroso) -> No action taken.
c:\system volume information\_restore{de2b2449-0b94-40b9-8748-277219fceeda}\RP240\A0044044.exe (Trojan.Refroso) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\F3CJPEG.DLL (PUP.FunWebProducts) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\F3DTACTL.DLL (PUP.FunWebProducts) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\F3HISTSW.DLL (PUP.FunWebProducts) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\F3HTMLMU.DLL (PUP.FunWebProducts) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\F3HTTPCT.DLL (PUP.FunWebProducts) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\F3IMSTUB.DLL (PUP.FunWebProducts) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\F3POPSWT.DLL (PUP.FunWebProducts) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\F3REGHK.DLL (Adware.MyWebSearch) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\F3REPROX.DLL (PUP.FunWebProducts) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\F3RESTUB.DLL (PUP.FunWebProducts) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\F3SCRCTR.DLL (PUP.FunWebProducts) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\M3MSG.DLL (Adware.MyWebSearch) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\MWSSVC.EXE (Adware.MyWebSearch) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_program files\mywebsearch\bar\3.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> No action taken.
c:\_OTL\movedfiles\12172010_214348\c_windows\system32\boohoulo.exe (Trojan.Downloader) -> No action taken.
c:\_OTL\movedfiles\12182010_212756\C_\HDTV.exe (Worm.Palevo) -> No action taken.
d:\Software\windows_xp original keygen\RockXP4.exe (Spyware.Passwords) -> No action taken.
d:\Software\windows_xp original keygen\keygens\XPKEY.EXE (Trojan.Downloader) -> No action taken.
c:\documents and settings\PC\data aplikací\BG0Ai.txt (Malware.Trace) -> No action taken.
c:\documents and settings\all users\data aplikací\common.data (Malware.Trace) -> No action taken.
c:\documents and settings\PC\data aplikací\juzjf.exe (Worm.Palevo) -> No action taken.
c:\documents and settings\PC\secupdat.dat (Worm.Autorun) -> No action taken.

#21 Příspěvek od **Caroprd111** » 19 pro 2010 10:52

Vše, co našel MBAM, smažte a restartujte PC.

Dejte nový log z RSIT.

mika666 · #22 Příspěvek od **mika666** » 19 pro 2010 11:52

Logfile of random's system information tool 1.08 (written by random/random)
Run by PC at 2010-12-19 11:50:26
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 20 GB (49%) free of 40 GB
Total RAM: 502 MB (48% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-12-05 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-12-05 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - Acer eDataSecurity Management - C:\WINDOWS\system32\ToolBand.dll [2005-10-19 94208]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-10-27 1049912]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-12-05 297648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2010-05-05 111928]
"UVS11 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [2007-03-03 341488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-08-28 39408]
"Local Security Authentication Server"=C:\Documents and Settings\PC\Data aplikací\lsass.exe []
"JP595IR86O"=C:\DOCUME~1\PC\LOCALS~1\Temp\Ow4.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
C:\Program Files\Atheros\ACU.exe [2005-01-31 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADMTray.exe]
C:\Acer\Empowering Technology\admtray.exe [2005-10-24 2462208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-12-21 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe [2005-11-11 1236992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2005-10-19 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-11-28 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-11-28 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-11-28 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\PROGRA~1\LAUNCH~1\LManager.exe [2005-11-24 589824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2005-12-19 15797248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2007-12-07 21686568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^PC^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE [2005-10-15 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FLEXnet Licensing Service"=3
"wuauserv"=2
"wscsvc"=2

C:\Documents and Settings\PC\Nabídka Start\Programy\Po spuštění
Notification de cadeaux MSN.lnk - C:\Documents and Settings\PC\Data aplikací\Microsoft\Notification de cadeaux MSN\lsnfier.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\oumzbfqe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\oumzbfqe]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Guest\Data aplikací\ICQ\Application\ICQ7.0\ICQ.exe"="C:\Documents and Settings\Guest\Data aplikací\ICQ\Application\ICQ7.0\ICQ.exe:*:Disabled:ICQ"
"C:\Documents and Settings\Guest\Local Settings\Data aplikací\Skype\Phone\Skype.exe"="C:\Documents and Settings\Guest\Local Settings\Data aplikací\Skype\Phone\Skype.exe:*:Disabled:Skype "
"C:\Documents and Settings\Guest\Data aplikací\ICQ\Application\ICQ7.1\ICQ.exe"="C:\Documents and Settings\Guest\Data aplikací\ICQ\Application\ICQ7.1\ICQ.exe:*:Disabled:ICQ"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\All Users\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe"="C:\Documents and Settings\All Users\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe:*:Enabled:SweetIM Installer"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Documents and Settings\PC\Data aplikací\lsass.exe"="C:\Documents and Settings\PC\Data aplikací\lsass.exe:*:Enabled:Local Security Authentication Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-12-18 23:37:10 ----D---- C:\Documents and Settings\PC\Data aplikací\Malwarebytes
2010-12-18 23:37:02 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-12-18 23:37:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-12-18 23:36:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-18 23:36:58 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-12-18 20:44:01 ----RASHD---- C:\Autorun.inf
2010-12-18 20:43:56 ----SHD---- C:\RECYCLER
2010-12-18 20:31:28 ----A---- C:\UsbFix.txt
2010-12-18 20:31:05 ----D---- C:\UsbFix
2010-12-18 13:06:42 ----D---- C:\WINDOWS\temp
2010-12-18 13:05:07 ----A---- C:\ComboFix.txt
2010-12-17 23:25:49 ----A---- C:\Boot.bak
2010-12-17 23:25:43 ----RASHD---- C:\cmdcons
2010-12-17 22:34:04 ----A---- C:\WINDOWS\zip.exe
2010-12-17 22:34:04 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-12-17 22:34:04 ----A---- C:\WINDOWS\SWSC.exe
2010-12-17 22:34:04 ----A---- C:\WINDOWS\SWREG.exe
2010-12-17 22:34:04 ----A---- C:\WINDOWS\sed.exe
2010-12-17 22:34:04 ----A---- C:\WINDOWS\PEV.exe
2010-12-17 22:34:04 ----A---- C:\WINDOWS\NIRCMD.exe
2010-12-17 22:34:04 ----A---- C:\WINDOWS\MBR.exe
2010-12-17 22:34:04 ----A---- C:\WINDOWS\grep.exe
2010-12-17 22:33:59 ----D---- C:\WINDOWS\ERDNT
2010-12-17 22:32:46 ----D---- C:\Qoobox
2010-12-17 21:43:48 ----D---- C:\_OTL
2010-12-17 19:18:19 ----D---- C:\Program Files\trend micro
2010-12-17 19:18:18 ----D---- C:\rsit
2010-12-17 19:12:27 ----D---- C:\WINDOWS\CSC
2010-12-17 16:45:22 ----A---- C:\WINDOWS\ntbtlog.txt
2010-12-12 18:25:24 ----A---- C:\WINDOWS\system32\wejovood.exe
2010-12-12 08:58:16 ----RA---- C:\Documents and Settings\PC\Data aplikací\MlDE06imkg.txt
2010-12-12 08:58:14 ----A---- C:\WINDOWS\system32\jokypakouh.exe
2010-12-10 21:21:34 ----RA---- C:\Documents and Settings\PC\Data aplikací\KgHbLk68N1.txt
2010-12-10 21:11:56 ----D---- C:\Documents and Settings\PC\Data aplikací\ICQ
2010-12-10 21:11:21 ----D---- C:\Program Files\ICQ7.0
2010-12-09 22:09:15 ----A---- C:\WINDOWS\system32\davy.exe
2010-12-08 15:08:01 ----RA---- C:\Documents and Settings\PC\Data aplikací\idgGK7ljd7.txt
2010-12-08 15:07:55 ----A---- C:\WINDOWS\system32\tilorehoot.exe
2010-11-24 12:46:01 ----D---- C:\Program Files\csWord
2010-11-21 07:10:01 ----A---- C:\WINDOWS\system32\drivers\oumzbfqe.sys
2010-11-21 00:03:52 ----A---- C:\WINDOWS\system32\lepydeha.exe
2010-11-20 23:11:16 ----D---- C:\Program Files\ConduitEngine

======List of files/folders modified in the last 1 months======

2010-12-19 11:49:30 ----D---- C:\WINDOWS\system32
2010-12-19 11:49:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-19 11:48:28 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-19 11:48:25 ----AD---- C:\WINDOWS
2010-12-19 11:46:22 ----D---- C:\WINDOWS\system32\drivers
2010-12-18 23:36:58 ----RD---- C:\Program Files
2010-12-18 13:01:46 ----A---- C:\WINDOWS\system.ini
2010-12-18 13:01:22 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-18 12:59:22 ----D---- C:\WINDOWS\system32\config
2010-12-18 12:55:15 ----D---- C:\WINDOWS\AppPatch
2010-12-18 12:55:12 ----D---- C:\Program Files\Common Files
2010-12-17 23:25:49 ----RASH---- C:\boot.ini
2010-12-17 21:45:05 ----SD---- C:\WINDOWS\Tasks
2010-12-17 19:11:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-17 16:46:04 ----D---- C:\Documents and Settings
2010-12-15 22:25:18 ----D---- C:\Documents and Settings\PC\Data aplikací\OpenOffice.org2
2010-12-14 06:44:03 ----D---- C:\Program Files\ICQ6Toolbar
2010-12-13 15:11:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-12-12 10:54:15 ----D---- C:\Program Files\Mozilla Firefox
2010-12-09 22:54:52 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-12-05 12:46:41 ----D---- C:\Documents and Settings\PC\Data aplikací\Audacity
2010-11-28 18:43:59 ----SHD---- C:\WINDOWS\Installer
2010-11-28 18:43:33 ----D---- C:\Config.Msi
2010-11-28 18:43:15 ----D---- C:\Program Files\PC Connectivity Solution
2010-11-28 15:21:16 ----D---- C:\Program Files\Hry.cz
2010-11-23 18:42:59 ----D---- C:\Program Files\Burn4Free
2010-11-22 15:08:59 ----D---- C:\Program Files\SM
2010-11-22 15:08:58 ----D---- C:\Program Files\NCH
2010-11-20 23:14:26 ----D---- C:\Documents and Settings\PC\Data aplikací\HPAppData
2010-11-20 23:08:31 ----D---- C:\WINDOWS\Prefetch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 39936]
R1 OsaFsLoc;OsaFsLoc; \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-08-14 21275]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-03-24 56816]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-10-31 45312]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2005-11-17 60928]
R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2005-11-17 37888]
R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2005-11-17 74624]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-19 4127232]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-18 67584]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-18 20480]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S2 oumzbfqe;oumzbfqe; C:\WINDOWS\system32\drivers\oumzbfqe.sys [2010-11-21 82944]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-18 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 NdisFilt;OSA NdisFilter Protocol; C:\WINDOWS\System32\Drivers\NdisFilt.sys [2005-09-13 4392]
S3 NETMNT;Acer NetMonitor Protocol; C:\WINDOWS\system32\DRIVERS\NETMNT.sys [2005-05-02 9600]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-18 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-18 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2004-12-27 36864]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 AWService;AdminWorks Agent X6; C:\Acer\Empowering Technology\admServ.exe [2005-10-24 1314816]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2007-03-03 67056]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-11-11 18944]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-28 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe -d -f C:\Program Files\WinPcap\rpcapd.ini []
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-08-12 306432]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-14 654848]

-----------------EOF-----------------

#23 Příspěvek od **Caroprd111** » 19 pro 2010 11:56

Pokud nemáte, přesuňte Combofix na plochu

Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Local Security Authentication Server"=-
"JP595IR86O"=-

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\PC\Data aplikací\lsass.exe"=-

File::
C:\WINDOWS\system32\wejovood.exe
C:\Documents and Settings\PC\Data aplikací\MlDE06imkg.txt
C:\WINDOWS\system32\jokypakouh.exe
C:\Documents and Settings\PC\Data aplikací\KgHbLk68N1.txt
C:\WINDOWS\system32\davy.exe
C:\Documents and Settings\PC\Data aplikací\idgGK7ljd7.txt
C:\WINDOWS\system32\tilorehoot.exe
C:\WINDOWS\system32\drivers\oumzbfqe.sys
C:\WINDOWS\system32\lepydeha.exe

Driver::
oumzbfqe

Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

mika666 · #24 Příspěvek od **mika666** » 19 pro 2010 13:23

ComboFix 10-12-16.05 - Administrator 19.12.2010 12:39:42.4.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.502.366 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\documents and settings\PC\Data aplikací\idgGK7ljd7.txt"
"c:\documents and settings\PC\Data aplikací\KgHbLk68N1.txt"
"c:\documents and settings\PC\Data aplikací\MlDE06imkg.txt"
"c:\windows\system32\davy.exe"
"c:\windows\system32\drivers\oumzbfqe.sys"
"c:\windows\system32\jokypakouh.exe"
"c:\windows\system32\lepydeha.exe"
"c:\windows\system32\tilorehoot.exe"
"c:\windows\system32\wejovood.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\davy.exe
c:\windows\system32\drivers\oumzbfqe.sys
c:\windows\system32\jokypakouh.exe
c:\windows\system32\lepydeha.exe
c:\windows\system32\tilorehoot.exe
c:\windows\system32\wejovood.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OUMZBFQE
-------\Service_oumzbfqe

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-19 do 2010-12-19 )))))))))))))))))))))))))))))))
.

2010-12-18 22:37 . 2010-12-18 22:37 -------- d-----w- c:\documents and settings\PC\Data aplikací\Malwarebytes
2010-12-18 22:37 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-18 22:37 . 2010-12-18 22:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-18 22:36 . 2010-12-19 08:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-18 22:36 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-18 19:31 . 2010-12-18 19:44 -------- d-----w- C:\UsbFix
2010-12-17 20:43 . 2010-12-17 20:43 -------- d-----w- C:\_OTL
2010-12-17 18:18 . 2010-12-17 18:18 -------- d-----w- c:\program files\trend micro
2010-12-17 18:18 . 2010-12-17 18:18 -------- d-----w- C:\rsit
2010-12-17 15:46 . 2010-12-17 15:46 -------- d-----w- c:\documents and settings\Administrator
2010-12-10 20:11 . 2010-12-18 12:12 -------- d-----w- c:\documents and settings\PC\Data aplikací\ICQ
2010-12-10 20:11 . 2010-12-12 09:37 -------- d-----w- c:\program files\ICQ7.0
2010-12-02 13:10 . 2004-08-18 12:00 25600 ----a-w- c:\documents and settings\LocalService\Data aplikací\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-11-25 16:09 . 2010-11-25 16:09 -------- d-----w- c:\documents and settings\PC\Local Settings\Data aplikací\Crazy_Boomerang_Software
2010-11-24 11:46 . 2010-11-24 11:46 -------- d-----w- c:\program files\csWord
2010-11-20 22:11 . 2010-11-20 22:11 -------- d-----w- c:\documents and settings\PC\Local Settings\Data aplikací\ConduitEngine
2010-11-20 22:11 . 2010-11-22 14:08 -------- d-----w- c:\program files\ConduitEngine

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-18 19:44 . 2010-12-18 19:44 347132 ----a-w- C:\UsbFix_Upload_Me_NOTEBOOK.zip
.

((((((((((((((((((((((((((((( SnapShot@2010-12-18_12.01.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-18 12:00 . 2010-12-18 11:50 59890 c:\windows\system32\perfc009.dat
+ 2004-08-18 12:00 . 2010-12-19 11:39 59890 c:\windows\system32\perfc009.dat
- 2004-08-18 12:00 . 2010-12-18 11:50 70416 c:\windows\system32\perfc005.dat
+ 2004-08-18 12:00 . 2010-12-19 11:39 70416 c:\windows\system32\perfc005.dat
+ 2004-08-18 12:00 . 2010-12-19 11:39 395842 c:\windows\system32\perfh009.dat
- 2004-08-18 12:00 . 2010-12-18 11:50 395842 c:\windows\system32\perfh009.dat
+ 2004-08-18 12:00 . 2010-12-19 11:39 393758 c:\windows\system32\perfh005.dat
- 2004-08-18 12:00 . 2010-12-18 11:50 393758 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-06-13 138552]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-28 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-05-05 111928]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\Guest\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2005-10-15 61440]

c:\documents and settings\PC\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Notification de cadeaux MSN.lnk - c:\documents and settings\PC\Data aplikacˇ\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2010-6-5 135680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKLM\~\startupfolder\C:^Documents and Settings^PC^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\PC\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
2005-01-31 06:05 253952 ----a-w- c:\program files\Atheros\ACU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADMTray.exe]
2005-10-24 14:45 2462208 ----a-w- c:\acer\Empowering Technology\admtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 11:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-12-21 07:02 53248 ------w- c:\program files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-11-11 18:40 1236992 ----a-w- c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-18 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2005-10-19 07:30 69632 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-11-28 05:52 77824 ----a-r- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-11-28 05:55 118784 ----a-r- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-11-28 05:55 98304 ----a-r- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2005-11-24 04:45 589824 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-12-19 06:52 15797248 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-12-07 14:08 21686568 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FLEXnet Licensing Service"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Guest\\Data aplikací\\ICQ\\Application\\ICQ7.0\\ICQ.exe"=
"c:\\Documents and Settings\\Guest\\Local Settings\\Data aplikací\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Guest\\Data aplikací\\ICQ\\Application\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\SweetIM\\Messenger\\update\\sweetimsetup.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14.8.2009 8:33 108289]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28.8.2010 8:29 135664]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [23.10.2009 16:51 36608]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [23.10.2009 16:51 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [23.10.2009 16:51 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [23.10.2009 16:51 121856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
uxtuneup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a430c5c-e334-11df-a4b5-0016d4dc7ee9}]
\Shell\AutoRun\command - F:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e12c50f1-bb3a-11de-a2b4-0016d4dc7ee9}]
\Shell\AutoRun\command - F:\innyzo.exe
\Shell\explore\Command - F:\innyzo.exe
\Shell\open\Command - F:\innyzo.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-12-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 11:31]

2010-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-28 07:29]

2010-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-28 07:29]
.
.
------- Doplňkový sken -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {{755B05A7-0770-4185-B5F6-E75A2CA527E2} - {755B05A7-0770-4185-B5F6-E75A2CA527E2} - c:\program files\SM\SubsHelper.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\hptpujhs.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-19 12:51
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1952)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\acs.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\documents and settings\PC\Data aplikací\Microsoft\Notification de cadeaux MSN\lsnfier.exe
c:\windows\system32\wscntfy.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2010-12-19 12:53:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-19 11:53
ComboFix2.txt 2010-12-18 12:05

Před spuštěním: Volných bajtů: 20 564 160 512
Po spuštění: Volných bajtů: 20 507 222 016

- - End Of File - - 4C27CD65C134CEFBFAE4134BDD2ED4C3

#25 Příspěvek od **Caroprd111** » 19 pro 2010 19:23

Ještě prosím znovu aplikujte UsbFix.

mika666 · #26 Příspěvek od **mika666** » 19 pro 2010 19:44

############################## | UsbFix 7.014 | [Deletion]

User: PC (Administrator) # NOTEBOOK [ ]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 19:36:57 | 19/12/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Celeron(R) M CPU 440 @ 1.86GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 6.0.2900.2180

Windows Firewall: Enabled
Antivirus: AntiVir Desktop 9.0.1.32 [Enabled | (!) Outdated]
RAM -> 502 Mb
C:\ (%systemdrive%) -> Fixed drive # 39 Gb (19 Mb free - 49%) [] # NTFS
D:\ -> Fixed drive # 35 Gb (26 Mb free - 72%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 2 Gb (2 Mb free - 92%) [] # FAT
G:\ -> Removable drive # 244 Mb (85 Mb free - 35%) [KINGSTON] # FAT
H:\ -> Removable drive # 2 Gb (2 Mb free - 91%) [VLAĎKA] # FAT

################## | Files # Infected Folders |

################## | Registry |

Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{0a430c5c-e334-11df-a4b5-0016d4dc7ee9}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{e12c50f1-bb3a-11de-a2b4-0016d4dc7ee9}

################## | Listing |

[13/08/2009 - 18:44:19 | D ] C:\Acer
[26/07/2009 - 07:21:23 | A | 0] C:\AUTOEXEC.BAT
[18/12/2010 - 20:44:01 | RAD ] C:\Autorun.inf
[13/09/2009 - 21:12:35 | A | 389] C:\Boot.bak
[17/12/2010 - 23:25:49 | RASH | 506] C:\boot.ini
[18/08/2004 - 13:00:00 | RASH | 4952] C:\Bootfont.bin
[17/12/2010 - 23:25:49 | RASHD ] C:\cmdcons
[03/08/2004 - 23:00:04 | RASH | 261312] C:\cmldr
[19/12/2010 - 12:53:36 | A | 14544] C:\ComboFix.txt
[28/11/2010 - 18:43:33 | D ] C:\Config.Msi
[26/07/2009 - 07:21:23 | A | 0] C:\CONFIG.SYS
[17/12/2010 - 16:46:04 | D ] C:\Documents and Settings
[26/07/2009 - 07:21:23 | RASH | 0] C:\IO.SYS
[13/08/2009 - 19:20:57 | A | 6] C:\ISACER.ID
[26/07/2009 - 07:21:23 | RASH | 0] C:\MSDOS.SYS
[13/08/2009 - 18:55:10 | RD ] C:\MSOCache
[18/08/2004 - 13:00:00 | RASH | 47564] C:\NTDETECT.COM
[18/08/2004 - 13:00:00 | RASH | 250048] C:\ntldr
[19/12/2010 - 12:49:21 | ASH | 792723456] C:\pagefile.sys
[18/12/2010 - 23:36:58 | RD ] C:\Program Files
[19/12/2010 - 12:53:39 | D ] C:\Qoobox
[19/12/2010 - 19:38:43 | SHD ] C:\RECYCLER
[17/12/2010 - 19:18:21 | D ] C:\rsit
[13/09/2009 - 20:47:45 | SHD ] C:\System Volume Information
[16/08/2010 - 11:45:56 | D ] C:\temp
[19/12/2010 - 19:38:43 | D ] C:\UsbFix
[19/12/2010 - 19:38:47 | A | 1237] C:\UsbFix.txt
[18/12/2010 - 20:44:02 | A | 347132] C:\UsbFix_Upload_Me_NOTEBOOK.zip
[19/12/2010 - 12:53:38 | AD ] C:\WINDOWS
[17/12/2010 - 21:43:48 | D ] C:\_OTL
[18/12/2010 - 20:44:01 | RAD ] D:\Autorun.inf
[04/02/2010 - 18:27:31 | RD ] D:\DVD
[03/10/2010 - 14:55:34 | RD ] D:\games
[11/02/2010 - 19:25:47 | RD ] D:\Hudba
[19/12/2010 - 19:38:43 | SHD ] D:\RECYCLER
[14/08/2009 - 09:01:12 | RD ] D:\Software
[26/07/2009 - 17:16:32 | SHD ] D:\System Volume Information
[12/08/2010 - 20:56:06 | A | 131593] F:\josh_groban--broken_vow noty.pdf
[11/08/2010 - 19:29:18 | D ] F:\pro broňka
[07/06/2010 - 23:15:48 | A | 20767750] F:\Celine_Dion_-_Let_s_Talk_About_Love.pdf
[13/08/2010 - 08:40:34 | A | 158431] F:\josh_groban__alejate.pdf
[15/08/2010 - 17:57:38 | A | 310784] F:\i will love again.doc
[17/08/2010 - 10:25:40 | A | 93696] F:\texty lara,celine,josh....doc
[17/08/2010 - 19:56:40 | A | 618494] F:\To love you more (C-e-l-i-n-e D-i-o-n).pdf
[17/08/2010 - 19:41:30 | A | 338539] F:\Broken vow (L-a-r-a- F-a-b-i-a-n - J-o-s-h G-r-o-b-a-n).pdf
[17/08/2010 - 19:49:56 | A | 180083] F:\Je me souviens (Lara Fabian).pdf
[02/05/2010 - 13:06:54 | A | 400962] F:\Il ne manquait que toi (Lara F-a-b-i-a-n).pdf
[18/08/2010 - 08:56:50 | A | 20480] F:\lara je me souviens.doc
[23/08/2010 - 09:25:42 | A | 1145344] F:\where is the love 82.doc
[07/06/2010 - 22:55:06 | A | 197902] F:\30 - I will always love you.pdf
[12/08/2010 - 20:56:26 | A | 326387] F:\Memory (Epica).pdf
[12/08/2010 - 20:55:18 | A | 726202] F:\1250_Lara_Fabian-Je_t_aime.pdf
[02/04/2010 - 16:39:14 | A | 231026] F:\gloria_gaynor--i_will_survive noty.pdf
[01/09/2010 - 12:20:48 | A | 141918] F:\josh_groban__to_where_you_are.pdf
[31/08/2010 - 14:04:22 | A | 5993984] F:\when i need you.doc
[12/08/2010 - 20:56:44 | A | 545038] F:\I surrender - Celine Dion.pdf
[02/04/2010 - 16:31:26 | A | 565193] F:\bonnie_tyler--holding_out_for_an_hero noty.pdf
[07/06/2010 - 22:54:28 | A | 2170521] F:\fame.pdf
[01/09/2010 - 16:19:40 | A | 84392] F:\eric_carmen--all_by_myself.pdf
[01/09/2010 - 16:19:48 | A | 257177] F:\celine_dion--all_by_myself.pdf
[02/09/2010 - 23:22:54 | A | 508416] F:\kníška.doc
[06/09/2010 - 11:03:54 | D ] F:\tisk
[03/10/2010 - 12:28:58 | D ] F:\škola
[26/11/2010 - 17:30:04 | D ] F:\pro mamku
[18/12/2010 - 20:44:02 | RASHD ] F:\Autorun.inf
[19/10/2007 - 07:53:14 | D ] G:\letáčky
[19/10/2007 - 07:54:40 | D ] G:\kroužky
[15/01/2008 - 12:07:08 | D ] G:\dotace ZK
[10/01/2008 - 13:10:14 | D ] G:\akce
[18/12/2010 - 20:44:02 | RASHD ] G:\Autorun.inf
[04/11/2008 - 12:24:38 | D ] G:\OP
[05/12/2010 - 12:49:48 | A | 26404732] G:\alenka++.wav
[26/11/2008 - 18:23:52 | D ] G:\TOUR
[16/08/2007 - 16:19:42 | ASH | 583168] G:\ehthumbs.db
[15/12/2010 - 14:19:00 | D ] G:\finále aerobic tour - foto
[14/03/2008 - 09:39:48 | D ] G:\Vlaďka
[15/01/2008 - 05:58:48 | RSHD ] G:\Recycled
[10/10/2007 - 08:59:42 | RD ] G:\Obrázky
[19/10/2007 - 07:52:30 | D ] G:\dokumenty
[17/11/2010 - 16:56:30 | D ] H:\stmívání
[17/12/2010 - 18:15:36 | A | 3993691] H:\ComboFix.exe
[17/12/2010 - 18:13:30 | A | 339991] H:\RSIT.exe
[10/11/2010 - 20:47:48 | D ] H:\velikonoce
[17/11/2010 - 16:58:04 | D ] H:\Alenka v říši divů
[11/12/2010 - 23:32:28 | A | 15667] H:\finále výsl..odt
[18/12/2010 - 22:20:42 | A | 20192] H:\log3.txt
[07/12/2010 - 13:08:08 | D ] H:\fotky AE jedn. OP
[17/12/2010 - 18:54:18 | A | 52150856] H:\setup_av_free.exe
[17/12/2010 - 18:16:14 | A | 7622112] H:\mbam-setup-1.50.0.0.exe
[17/12/2010 - 19:41:42 | A | 62] H:\keyDDM.txt
[17/12/2010 - 19:45:54 | A | 575488] H:\OTL.exe
[17/12/2010 - 19:47:58 | A | 1533] H:\script.txt
[17/12/2010 - 20:55:50 | A | 99294] H:\OTL.Txt
[17/12/2010 - 20:56:04 | A | 56664] H:\Extras.Txt
[17/12/2010 - 21:41:04 | A | 14784] H:\script2.txt
[19/12/2010 - 12:19:30 | A | 2758] H:\BOOTEX.LOG
[22/02/2010 - 14:16:38 | SH | 2697] H:\AlbumArtSmall.jpg
[22/02/2010 - 14:16:38 | SH | 8361] H:\Folder.jpg
[17/12/2010 - 22:14:54 | A | 57784] H:\12172010_214348.log
[17/12/2010 - 23:14:58 | A | 4628200] H:\WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[18/12/2010 - 13:05:40 | A | 24251] H:\log2.txt
[18/12/2010 - 20:26:48 | A | 1258] H:\script3.txt
[19/12/2010 - 11:51:06 | A | 20422] H:\log4.txt
[18/12/2010 - 20:27:40 | A | 1224471] H:\UsbFix.exe
[18/12/2010 - 20:44:02 | RASHD ] H:\Autorun.inf
[18/12/2010 - 20:44:36 | A | 8803] H:\UsbFix.txt
[12/12/2010 - 08:59:52 | D ] H:\tabulky finále
[18/12/2010 - 21:28:02 | A | 6994] H:\12182010_212756.log
[19/12/2010 - 10:12:46 | A | 10895] H:\mbam-log-2010-12-19 (10-12-37).txt
[19/12/2010 - 12:25:02 | A | 755] H:\CFScript.txt
[19/12/2010 - 13:21:54 | A | 14544] H:\log5.txt

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
F:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
G:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
H:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_NOTEBOOK.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.

################## | E.O.F |

#27 Příspěvek od **Caroprd111** » 19 pro 2010 20:27

Jak se chová PC

mika666 · #28 Příspěvek od **mika666** » 19 pro 2010 20:39

Avira mlci, zda se to byt OK

#29 Příspěvek od **Caroprd111** » 19 pro 2010 20:41

Znovu spusťte USBFix a klikněte na tlačítko Uninstall

Obrázek

Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter

Obrázek

Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
Po použití program vymažte. Pozor, antiviry ho mohou falešně označit za vir.

Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe

Spusťte.
Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

Spusťte.
Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

Nainstalujte.

Záložka Čistič
Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

Záložka Registry
Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít

Doinstalujte SP3 http://www.viry.cz/forum/viewtopic.php?f=46&t=86100

Obrázek

V logu nevidím firewall, doinstalujte

Přehled: http://www.viry.cz/forum/viewtopic.php?f=41&t=6523

Obrázek

Dejte nový log z rSIT.

mika666 · #30 Příspěvek od **mika666** » 19 pro 2010 22:08

USBFix, ComboFix, T-Cleaner, TFC, OTC, Ccleaner, Sygate Firewall hotovo.

Zatim neni sp3, nejde nainstalovat (asi problem s produkt key) a internet funguje jen v IE, ve Firefoxu a Chrome nejde?!

Logfile of random's system information tool 1.08 (written by random/random)
Run by PC at 2010-12-19 22:07:38
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 20 GB (49%) free of 40 GB
Total RAM: 502 MB (48% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-12-05 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-12-05 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - Acer eDataSecurity Management - C:\WINDOWS\system32\ToolBand.dll [2005-10-19 94208]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-10-27 1049912]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-12-05 297648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"UVS11 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [2007-03-03 341488]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2004-02-24 2372760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-08-28 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
C:\Program Files\Atheros\ACU.exe [2005-01-31 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADMTray.exe]
C:\Acer\Empowering Technology\admtray.exe [2005-10-24 2462208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-12-21 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe [2005-11-11 1236992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2005-10-19 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-11-28 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-11-28 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-11-28 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\PROGRA~1\LAUNCH~1\LManager.exe [2005-11-24 589824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2005-12-19 15797248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2007-12-07 21686568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\SweetIM\Messenger\SweetIM.exe [2010-05-05 111928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^PC^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE [2005-10-15 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FLEXnet Licensing Service"=3
"wuauserv"=2
"wscsvc"=2

C:\Documents and Settings\PC\Nabídka Start\Programy\Po spuštění
Notification de cadeaux MSN.lnk - C:\Documents and Settings\PC\Data aplikací\Microsoft\Notification de cadeaux MSN\lsnfier.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Guest\Data aplikací\ICQ\Application\ICQ7.0\ICQ.exe"="C:\Documents and Settings\Guest\Data aplikací\ICQ\Application\ICQ7.0\ICQ.exe:*:Disabled:ICQ"
"C:\Documents and Settings\Guest\Local Settings\Data aplikací\Skype\Phone\Skype.exe"="C:\Documents and Settings\Guest\Local Settings\Data aplikací\Skype\Phone\Skype.exe:*:Disabled:Skype "
"C:\Documents and Settings\Guest\Data aplikací\ICQ\Application\ICQ7.1\ICQ.exe"="C:\Documents and Settings\Guest\Data aplikací\ICQ\Application\ICQ7.1\ICQ.exe:*:Disabled:ICQ"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\All Users\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe"="C:\Documents and Settings\All Users\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe:*:Enabled:SweetIM Installer"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-12-19 22:01:40 ----D---- C:\Program Files\trend micro
2010-12-19 22:01:39 ----D---- C:\rsit
2010-12-19 21:56:36 ----A---- C:\WINDOWS\system32\drivers\wg3n.sys
2010-12-19 21:56:36 ----A---- C:\WINDOWS\system32\drivers\Teefer.sys
2010-12-19 21:56:35 ----A---- C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2010-12-19 21:56:30 ----A---- C:\WINDOWS\system32\SSSensor.dll
2010-12-19 21:56:27 ----D---- C:\Program Files\Sygate
2010-12-19 21:33:50 ----D---- C:\Program Files\Sunbelt Software
2010-12-19 21:25:58 ----A---- C:\WINDOWS\system32\~GLH0058.TMP
2010-12-19 21:25:57 ----A---- C:\WINDOWS\system32\~GLH0056.TMP
2010-12-19 21:25:26 ----N---- C:\WINDOWS\system32\vswmi.dll
2010-12-19 21:25:25 ----D---- C:\WINDOWS\system32\ZoneLabs
2010-12-19 21:25:25 ----A---- C:\WINDOWS\system32\vsxml.dll
2010-12-19 21:25:24 ----N---- C:\WINDOWS\system32\vsdatant.sys
2010-12-19 21:25:24 ----A---- C:\WINDOWS\system32\vspubapi.dll
2010-12-19 21:24:30 ----N---- C:\WINDOWS\system32\vsutil.dll
2010-12-19 21:24:30 ----N---- C:\WINDOWS\system32\vsinit.dll
2010-12-19 21:24:30 ----N---- C:\WINDOWS\system32\vsdata.dll
2010-12-19 21:22:17 ----HDC---- C:\WINDOWS\$NtUninstallKB943232$
2010-12-19 21:21:59 ----D---- C:\Program Files\Zone Labs
2010-12-19 21:21:37 ----D---- C:\WINDOWS\Internet Logs
2010-12-19 21:14:24 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-12-19 21:08:45 ----D---- C:\Program Files\CCleaner
2010-12-19 19:38:47 ----RASHD---- C:\Autorun.inf
2010-12-19 19:38:43 ----SHD---- C:\RECYCLER
2010-12-19 12:53:38 ----D---- C:\WINDOWS\temp
2010-12-18 23:37:10 ----D---- C:\Documents and Settings\PC\Data aplikací\Malwarebytes
2010-12-18 23:37:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-12-17 23:25:49 ----A---- C:\Boot.bak
2010-12-17 23:25:43 ----RASHD---- C:\cmdcons
2010-12-17 19:12:27 ----D---- C:\WINDOWS\CSC
2010-12-12 08:58:16 ----RA---- C:\Documents and Settings\PC\Data aplikací\MlDE06imkg.txt
2010-12-10 21:21:34 ----RA---- C:\Documents and Settings\PC\Data aplikací\KgHbLk68N1.txt
2010-12-10 21:11:56 ----D---- C:\Documents and Settings\PC\Data aplikací\ICQ
2010-12-10 21:11:21 ----D---- C:\Program Files\ICQ7.0
2010-12-08 15:08:01 ----RA---- C:\Documents and Settings\PC\Data aplikací\idgGK7ljd7.txt
2010-11-24 12:46:01 ----D---- C:\Program Files\csWord
2010-11-20 23:11:16 ----D---- C:\Program Files\ConduitEngine

======List of files/folders modified in the last 1 months======

2010-12-19 22:05:39 ----AD---- C:\WINDOWS
2010-12-19 22:03:49 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-19 22:02:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-19 22:02:12 ----D---- C:\WINDOWS\system32
2010-12-19 22:02:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-19 22:01:44 ----D---- C:\WINDOWS\Prefetch
2010-12-19 22:01:40 ----RD---- C:\Program Files
2010-12-19 21:56:37 ----SHD---- C:\WINDOWS\Installer
2010-12-19 21:56:36 ----D---- C:\WINDOWS\system32\drivers
2010-12-19 21:56:30 ----D---- C:\Config.Msi
2010-12-19 21:56:10 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-12-19 21:49:20 ----HD---- C:\WINDOWS\inf
2010-12-19 21:22:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-19 21:14:24 ----D---- C:\WINDOWS\Debug
2010-12-19 21:08:09 ----SHD---- C:\System Volume Information
2010-12-19 21:08:09 ----D---- C:\WINDOWS\system32\Restore
2010-12-19 21:00:46 ----D---- C:\WINDOWS\Minidump
2010-12-19 12:50:48 ----A---- C:\WINDOWS\system.ini
2010-12-19 12:50:33 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-19 12:48:08 ----D---- C:\WINDOWS\system32\config
2010-12-19 12:44:20 ----D---- C:\WINDOWS\AppPatch
2010-12-19 12:44:17 ----D---- C:\Program Files\Common Files
2010-12-19 11:46:22 ----D---- C:\WINDOWS\ehome
2010-12-17 23:25:49 ----RASH---- C:\boot.ini
2010-12-17 21:45:05 ----SD---- C:\WINDOWS\Tasks
2010-12-17 16:46:04 ----D---- C:\Documents and Settings
2010-12-15 22:25:18 ----D---- C:\Documents and Settings\PC\Data aplikací\OpenOffice.org2
2010-12-14 06:44:03 ----D---- C:\Program Files\ICQ6Toolbar
2010-12-13 15:11:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-12-12 10:54:15 ----D---- C:\Program Files\Mozilla Firefox
2010-12-05 12:46:41 ----D---- C:\Documents and Settings\PC\Data aplikací\Audacity
2010-11-28 18:43:15 ----D---- C:\Program Files\PC Connectivity Solution
2010-11-28 15:21:16 ----D---- C:\Program Files\Hry.cz
2010-11-23 18:42:59 ----D---- C:\Program Files\Burn4Free
2010-11-22 15:08:59 ----D---- C:\Program Files\SM
2010-11-22 15:08:58 ----D---- C:\Program Files\NCH
2010-11-20 23:14:26 ----D---- C:\Documents and Settings\PC\Data aplikací\HPAppData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Teefer;Teefer for NT; C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys [2004-02-02 55891]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 39936]
R1 OsaFsLoc;OsaFsLoc; \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-08-14 21275]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-03-24 56816]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
R2 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-02-02 11914]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-10-31 45312]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2005-11-17 60928]
R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2005-11-17 37888]
R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2005-11-17 74624]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-19 4127232]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-18 67584]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-18 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-18 20480]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-18 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 NdisFilt;OSA NdisFilter Protocol; C:\WINDOWS\System32\Drivers\NdisFilt.sys [2005-09-13 4392]
S3 NETMNT;Acer NetMonitor Protocol; C:\WINDOWS\system32\DRIVERS\NETMNT.sys [2005-05-02 9600]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-18 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2004-12-27 36864]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 AWService;AdminWorks Agent X6; C:\Acer\Empowering Technology\admServ.exe [2005-10-24 1314816]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R2 SmcService;Sygate Personal Firewall; C:\Program Files\Sygate\SPF\smc.exe [2004-02-24 2372760]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2007-03-03 67056]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2010-11-16 2435592]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-11-11 18944]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-28 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe -d -f C:\Program Files\WinPcap\rpcapd.ini []
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-08-12 306432]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-14 654848]

-----------------EOF-----------------

VIRY.CZ

Prosim o kontrolu, Avira hlasi vir

Re: Prosim o kontrolu, Avira hlasi vir

Re: Prosim o kontrolu, Avira hlasi vir

Re: Prosim o kontrolu, Avira hlasi vir

Re: Prosim o kontrolu, Avira hlasi vir

Re: Prosim o kontrolu, Avira hlasi vir

Re: Prosim o kontrolu, Avira hlasi vir

Re: Prosim o kontrolu, Avira hlasi vir

Re: Prosim o kontrolu, Avira hlasi vir

Re: Prosim o kontrolu, Avira hlasi vir

Re: Prosim o kontrolu, Avira hlasi vir

Re: Prosim o kontrolu, Avira hlasi vir

Re: Prosim o kontrolu, Avira hlasi vir

Re: Prosim o kontrolu, Avira hlasi vir

Re: Prosim o kontrolu, Avira hlasi vir

Re: Prosim o kontrolu, Avira hlasi vir