Zavirene PC napriek nainstalovanemu ESSET NOD 32

[stkuko]

Dobry den,
chcem Vas poprosit o pomoc, PC svagrinej sa zacalo chovat divne, symptomy, ktore som spozoroval su tieto:
-blokuje pristup na gmail.com z akehokolvek prehliadaca (Firefox, IE8) a vyhodi ze server je nedostupny
-v adresati documents and settings ma kazdy user kopiu svojho adresara s priponou ‚JD‘ alebo JK, nepamatam si to presne -a x-ciferne cislo zatym, jeden ju tam mal dokonca dvakrat, napr taketo nieco 'Timko JK-1234567890', nemohla to teraz najst, ked som jej volal...
-je hooknuty ctrl+alt+del a nespusti sa okno, kde sa da vybrat napr. task manager...
-pri bootovani nejde zvolit prechod do nudzoveho rezimu a na klavesu F8 system nereaguje a WIN XP sa spustia vzdy normalne
-preskenovali sme ho Nodom a nasiel 2 zavirene subory, ale nic aktivne v pamati.
-blokuje Pandu online skener-podhodi jej, ze system nie je Win XP, alebo nema viac ako 256MB RAM, alebo aspon 150 MB volneho miesta na disku, resp. ze nie je povolene Active-X ci ktory fras to tam bol uvedeny ako posledny... Zda sa mi ze Pandu anti-rootkit tiez cez vikend neslo spustit, nepamatam si uz preco.
-instalacia Pandy antivirus sice zbehne, ale tvari sa to potom ako nenainstalovane a antivir zmizol nevedno kam... Vtipne:-)
-zhodil ESET NOD32 antivirus, ktory bol primarne ako antivir a teraz uz nenabehne pri startovani XP
-F-Secure online scan vyhodi nejaku hlasku-nepamatam si ju uz a nejde spustit skenovanie...
-symantec http://security.symantec.com/sscv6/WelcomePage.asp nasiel asi najviac veci na disku, ale nic beziace v pamati... Bohuzial vcera pri ukladani web stranky so zobrazenymi vysledkami sa stratili najdene infiltracie, takze ich nemam odlozene... Keby som bol vedel, ze to tak na hovno ulozi, dam pre istotu ctrl+c a skopirujem to rucne... Uzas...
-Onecare od MS nieco malo tiez vycistil na disku, ale boli to len „muchy“ ala trakcing cookies...

Zacalo sa to tym ze pozerala obrazky na nejakej stranke a kvoli zlym nastaveniam vo Firefoxe a pravam usera sa jej spustil automaticky obsah a zacasl stahovat a instalovat roznu haved:-(... Prosim o pomoc-co s tym dalej... Dakujem moc.

Vystup z hijackera pripajam priamo do temy, nakolko priponu log ani txt neslo pripojit k prispevku (mimochodom ake su povolene pripony?):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:43, on 31. 1. 2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Programy\acad.exe
C:\DOCUME~1\Jarka\LOCALS~1\Temp\AdskCleanup.0001
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\boostspeed.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Jarka\LOCALS~1\Temp\Rar$EX00.140\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\AVG\AVG10\avgcmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... /startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... nkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25458
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 65.98.95.68 www.google.com
O1 - Hosts: 65.98.95.68 google.com
O1 - Hosts: 65.98.95.68 google.com.au
O1 - Hosts: 65.98.95.68 www.google.com.au
O1 - Hosts: 65.98.95.68 google.be
O1 - Hosts: 65.98.95.68 www.google.be
O1 - Hosts: 65.98.95.68 google.com.br
O1 - Hosts: 65.98.95.68 www.google.com.br
O1 - Hosts: 65.98.95.68 google.ca
O1 - Hosts: 65.98.95.68 www.google.ca
O1 - Hosts: 65.98.95.68 google.ch
O1 - Hosts: 65.98.95.68 www.google.ch
O1 - Hosts: 65.98.95.68 google.de
O1 - Hosts: 65.98.95.68 www.google.de
O1 - Hosts: 65.98.95.68 google.dk
O1 - Hosts: 65.98.95.68 www.google.dk
O1 - Hosts: 65.98.95.68 google.fr
O1 - Hosts: 65.98.95.68 google.ie
O1 - Hosts: 65.98.95.68 www.google.ie
O1 - Hosts: 65.98.95.68 google.it
O1 - Hosts: 65.98.95.68 www.google.it
O1 - Hosts: 65.98.95.68 google.co.jp
O1 - Hosts: 65.98.95.68 www.google.co.jp
O1 - Hosts: 65.98.95.68 google.nl
O1 - Hosts: 65.98.95.68 www.google.nl
O1 - Hosts: 65.98.95.68 google.no
O1 - Hosts: 65.98.95.68 www.google.no
O1 - Hosts: 65.98.95.68 google.co.nz
O1 - Hosts: 65.98.95.68 www.google.co.nz
O1 - Hosts: 65.98.95.68 google.pl
O1 - Hosts: 65.98.95.68 www.google.pl
O1 - Hosts: 65.98.95.68 google.se
O1 - Hosts: 65.98.95.68 www.google.se
O1 - Hosts: 65.98.95.68 google.co.uk
O1 - Hosts: 65.98.95.68 www.google.co.uk
O1 - Hosts: 65.98.95.68 google.co.za
O1 - Hosts: 65.98.95.68 www.google.co.za
O1 - Hosts: 65.98.95.68 www.google-analytics.com
O1 - Hosts: 65.98.95.68 www.bing.com
O1 - Hosts: 65.98.95.68 search.yahoo.com
O1 - Hosts: 65.98.95.68 www.search.yahoo.com
O1 - Hosts: 65.98.95.68 uk.search.yahoo.com
O1 - Hosts: 65.98.95.68 ca.search.yahoo.com
O1 - Hosts: 65.98.95.68 de.search.yahoo.com
O1 - Hosts: 65.98.95.68 fr.search.yahoo.com
O1 - Hosts: 65.98.95.68 au.search.yahoo.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Akcelerátor spuštení AutoCADu.lnk
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - http://tbedits.smileycentral.com/one-to ... 2010122406
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.pandasecurity.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6886.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2793939671
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://port.s-itsolutions.sk/SNX/CSHELL/extender.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.188\McCHSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SmileyCentral Service (SmileyCentral_1vService) - SmileyCentral - C:\PROGRA~1\SMILEY~2\bar\1.bin\1vbarsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 18587 bytes

------------------------------------------------------------------------------
Aspon cast z malwarebytes:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verzia databázy: 5646

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31. 1. 2011 11:32:26
vysledok kontroly

Typ kontroly: Úplná kontrola (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Objektov kontrolovaných: 582168
Uplynutý čas: 1 hod, 38 min, 35 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 871
Infikované registračné hodnoty: 35
Infikované položky registračných dát: 7
Infikované priečinky: 116
Infikované súbory: 447

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)
...
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashBug.exe (Security.Hijack) -> No action taken.
...
Infikované registračné hodnoty:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Worm.Palevo) -> Value: Shell -> No action taken.
...
HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=2263&q={searchTerms}) Good: (http://www.google.com/search?q={searchT ... {startPage}) -> No action taken.
...
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\0 (Security.Hijack) -> Value: 0 -> No action taken.

Nasiel este Adware.ShopperReports, Adware.HotBar, Malware.Trace, Adware.ClickPotato, Hijack.SearchPage, Adware.Seekmo, Adware.QueryExplorer, Adware.DoubleD, Rogue.PersonalInternetSecurity a Adware.DoubleD.Gen to by malo byt vsetko z rodiny Adware:-)

[JaRon]

ahoj,
1. fixni v HJT vsetky polozky O1 - Hosts
2. nechaj vymazat najdene polozky v MBAM
3. restart a vloz log RSIT

[stkuko]

Urobim to, ale skor nez cez vikend sa k tomu PC znovu nedostanem... Zatial dakujem.
Este som tam nasiel "fake" antivir "personal internet security 2011"...

[stkuko]

Takze sa mi podarilo zmanezovat spustenie RSIT na tom PC po precisteni a prikladam log.txt (mailovy antivir mi vyhlasil ze info.txt obsahuje Trojan.Qhost.LXE, ten netreba?):
Logfile of random's system information tool 1.08 (written by random/random)
Run by Jarka at 2011-02-02 16:10:50
Microsoft Windows XP Professional Service Pack 3
System drive C: has 68 GB (18%) free of 377 GB
Total RAM: 2046 MB (62% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for Timko.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-839522115-343818398-725345543-1003.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-839522115-343818398-725345543-1004.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-839522115-343818398-725345543-1006.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-343818398-725345543-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-343818398-725345543-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-343818398-725345543-1006.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Akcelerátor spuštení AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"DisallowRun"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth"
"C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe"="C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe:*:Enabled:SSL Network Extender Service"
"C:\hry\Flatout 2\FlatOut2\FlatOut2.exe"="C:\hry\Flatout 2\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\AVG\AVG10\avgdiagex.exe"="C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:Diagnostika AVG 2011"
"C:\Program Files\AVG\AVG10\avgnsx.exe"="C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Inštalátor produktu AVG"
"C:\Program Files\AVG\AVG10\avgam.exe"="C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:AVG Alert Manager"
"C:\Program Files\AVG\AVG10\avgemcx.exe"="C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Obecná kontrola pošty"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe"="C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe:*:Enabled:SSL Network Extender Service"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe

======File associations======

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2011-02-02 16:07:38 ----D---- C:\Program Files\trend micro
2011-02-02 16:07:37 ----D---- C:\rsit
2011-02-02 13:04:54 ----A---- C:\WINDOWS\system32\muweb.dll
2011-01-31 17:21:30 ----D---- C:\Documents and Settings\Jarka\Application Data\WinRAR
2011-01-31 17:21:21 ----D---- C:\Program Files\WinRAR
2011-01-31 13:06:51 ----HD---- C:\$AVG
2011-01-31 12:30:35 ----D---- C:\Documents and Settings\Jarka\Application Data\AVG
2011-01-31 12:24:33 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2011-01-31 12:06:58 ----D---- C:\Documents and Settings\Jarka\Application Data\AVG10
2011-01-31 12:02:22 ----HD---- C:\Documents and Settings\All Users\Application Data\Common Files
2011-01-31 12:02:12 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2011-01-31 12:00:54 ----D---- C:\WINDOWS\system32\drivers\AVG
2011-01-31 12:00:54 ----D---- C:\Documents and Settings\All Users\Application Data\AVG10
2011-01-31 11:59:56 ----D---- C:\Program Files\AVG
2011-01-31 11:50:02 ----D---- C:\Documents and Settings\All Users\Application Data\MFAData
2011-01-31 09:52:05 ----D---- C:\Documents and Settings\Jarka\Application Data\Malwarebytes
2011-01-31 09:52:03 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-01-31 09:52:02 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-01-31 09:52:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-01-31 09:52:00 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-01-30 16:55:16 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
2011-01-30 16:55:08 ----D---- C:\Program Files\McAfee Security Scan
2011-01-30 16:55:02 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2011-01-30 16:54:42 ----D---- C:\Program Files\Windows Live Safety Center
2011-01-30 16:46:13 ----D---- C:\Documents and Settings\All Users\Application Data\F-Secure
2011-01-30 16:12:28 ----D---- C:\WINDOWS\BDOSCAN8
2011-01-28 21:18:30 ----A---- C:\Program Files\vlc-1.1.6-win32.exe
2011-01-22 15:12:22 ----D---- C:\Program Files\Bonjour
2011-01-22 15:04:44 ----D---- C:\Program Files\QuickTime
2011-01-22 14:58:36 ----SHD---- C:\Documents and Settings\All Users\Application Data\PIZSUVTSLS
2011-01-22 14:58:07 ----SHD---- C:\Documents and Settings\All Users\Application Data\b6db5a

======List of files/folders modified in the last 1 months======

2011-02-02 16:07:38 ----RD---- C:\Program Files
2011-02-02 16:07:30 ----D---- C:\WINDOWS\Prefetch
2011-02-02 15:56:02 ----D---- C:\WINDOWS\Temp
2011-02-02 15:56:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-02-02 15:21:29 ----D---- C:\WINDOWS
2011-02-02 15:21:28 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-02 13:32:22 ----SD---- C:\WINDOWS\Tasks
2011-02-02 13:04:54 ----D---- C:\WINDOWS\system32
2011-02-01 19:03:28 ----A---- C:\WINDOWS\WINCMD.INI
2011-02-01 19:00:16 ----D---- C:\Documents and Settings\Jarka\Application Data\vlc
2011-02-01 18:57:46 ----D---- C:\Documents and Settings\Jarka\Application Data\dvdcss
2011-02-01 18:41:06 ----SHD---- C:\WINDOWS\Installer
2011-02-01 18:39:55 ----D---- C:\Programy
2011-02-01 18:39:55 ----D---- C:\Program Files\Common Files\Autodesk Shared
2011-02-01 18:39:55 ----D---- C:\Program Files\AnswerWorks 4.0
2011-02-01 18:39:54 ----RSD---- C:\WINDOWS\Fonts
2011-02-01 18:39:51 ----D---- C:\Program Files\Common Files\DESIGNER
2011-02-01 18:39:24 ----D---- C:\WINDOWS\Help
2011-02-01 17:26:04 ----D---- C:\hudba
2011-02-01 16:17:50 ----D---- C:\WINDOWS\system32\drivers\etc
2011-02-01 16:10:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-02-01 15:13:42 ----A---- C:\WINDOWS\NeroDigital.ini
2011-01-31 20:12:57 ----D---- C:\DANKA
2011-01-31 12:01:49 ----D---- C:\WINDOWS\system32\drivers
2011-01-31 12:01:48 ----HD---- C:\WINDOWS\inf
2011-01-31 12:00:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-01-31 11:59:48 ----D---- C:\WINDOWS\WinSxS
2011-01-31 11:33:48 ----HD---- C:\Documents and Settings\All Users\Application Data\{F444439B-B473-48E8-8DE5-4CB929C79A9F}
2011-01-31 09:58:32 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2011-01-30 16:54:26 ----D---- C:\instal
2011-01-30 16:52:17 ----RASH---- C:\boot.ini
2011-01-30 16:49:46 ----A---- C:\WINDOWS\win.ini
2011-01-28 21:17:48 ----D---- C:\filmy
2011-01-24 10:18:59 ----D---- C:\WINDOWS\network diagnostic
2011-01-22 19:55:49 ----A---- C:\WINDOWS\imsins.BAK
2011-01-22 14:59:26 ----D---- C:\Program Files\Mozilla Firefox
2011-01-20 15:36:01 ----D---- C:\Program Files\Common Files
2011-01-20 15:34:30 ----HD---- C:\Program Files\InstallShield Installation Information
2011-01-20 15:34:11 ----D---- C:\Documents and Settings\Jarka\Application Data\DisplayTune
2011-01-12 15:58:45 ----A---- C:\WINDOWS\system32\MRT.exe
2011-01-12 12:16:32 ----HD---- C:\WINDOWS\$hf_mig$
2011-01-10 19:32:58 ----D---- C:\WINDOWS\Minidump
2011-01-06 11:28:31 ----D---- C:\JARka

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-06-10 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-10-17 715248]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2010-12-08 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2010-09-07 34384]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2010-11-12 299984]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-07-12 30432]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
R3 KMWDFILTER;HIDUASDesc; C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-28 7655872]
R3 PAC207;i-Look 111; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-06-29 611584]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-11-22 105088]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VNA;Check Point Virtual Network Adapter; C:\WINDOWS\system32\DRIVERS\vna.sys [2009-11-02 129304]
S3 a80p4k4i;a80p4k4i; C:\WINDOWS\system32\drivers\a80p4k4i.sys []
S3 asu7muy0;asu7muy0; C:\WINDOWS\system32\drivers\asu7muy0.sys []
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-07-12 30432]
S3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-03 123472]
S3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-03 30288]
S3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2010-08-03 26192]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-11-01 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-11-01 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-11-01 21568]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avgfws;AVG Firewall; C:\Program Files\AVG\AVG10\avgfws.exe [2010-11-22 3226632]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 cpextender;Check Point SSL Network Extender; C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe [2009-11-02 353672]
R2 ES lite Service;ES lite Service for program management.; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [2008-07-17 80392]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-28 135664]
S2 SmileyCentral_1vService;SmileyCentral Service; C:\PROGRA~1\SMILEY~2\bar\1.bin\1vbarsvc.exe [2010-12-24 28766]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-10-17 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-17 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.0.188\McCHSvc.exe [2010-10-05 237008]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-11-25 517448]
S4 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-01-06 6128720]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
S4 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576]
S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-10-23 382248]
S4 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]

-----------------EOF-----------------

Co s tym dalej?

[JaRon]

vypada to celkom dobre
doporucujem vycistit s CCleanerom a preventivne prescanovat s AVPTool

[stkuko]

Ono to len vyzera naoko OK, ale v pamati je stale nieco aktivne-nejde ctrl+alt+del a spustenie task managera, pristup na gmail.com stale nefunguje v IE8 a FF,
O1 hosts sa stale obnovuju+zostali tam minimalne tito, niektory z nich je chraneny podla vsetkeho rootkitom (antivir ani anti-malware nic nenajde v pamati) a su hooknute systemove dll-ky (kamos z VS mal hooknuty ovladac k cd-romke a unho to bol prakticky ten isty rogue, len sa inak volal-nie Personal Internet Security 2011) :
Security.Hijack,
Rogue.PersonalInternetSecurity=Personal internet security 2011 a
Trojan.Qhost.LXE

Malwarebytes vycistil len disk, ani predtym ani teraz totiz nic podozrive v pamati nenasiel a pritom to tam 100% bolo, prislo to niekedy medzi 20.-22.1.2011:
Infikované služby pamäte: 0
Infikované moduly pamäte: 0

Ten rogue Personal internet security je velmi podobny 'My Security Engine'-vid http://support.kaspersky.com/viruses/ro ... =208282432
aj podla klucov v registri, aj podla zoznamu v hosts... Rozmyslam, ze si porovnam MD5 hashe vo WIN\system a WIN\system32 s podobnou instalaciou EN WIN XP SP3 s rovnakymi updatmi... Okrem specifickych ovladacov ku grafike by zvysok mal sediet. Z cisteho systemu uz ich mam vypocitane, vdaka mrkvosoftu aspon za exac, ktory to robi po adresaroch a pre zvoleny typ suboru a netreba sa srat s kazym suborom zvlast... Mate niekto skusenosti s tym, ako prevalit dll-ky, prip. ine subory v systeme? Kontroluju sa na nieco, resp. si ich WIN moze odniekial znova obnovit? Aby mi to zas nepreplacol zavirenou verziou naspat, ked ich pracne narvem na disk po nabootovani z CD... Kazdopadne sa k tomu dostanem az v piatok vecer, skor nie, tak skusim odvirit a skontrolovat system subory, hlavne treba nabootovat z cisteho CD a nie z toho OS na disku, ktory ma zasiahnute samotne jadro...

BTW co je toto zac?
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"

Este pripajam ten druhy vypis-list.txt,v ktorom mailovy server s antivirom nasiel trojana LXE:
info.txt logfile of random's system information tool 1.08 2011-02-02 16:07:40

======Uninstall list======

@BIOS Ver.2.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}\setup.exe" -l0x9 -removeonly
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}
Acrobat.com-->msiexec /qb /x {6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Acrobat.com-->MsiExec.exe /I{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Reader 9.4.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
Apple Application Support-->MsiExec.exe /I{EE6097DD-05F4-4178-9719-D3170BF098E8}
Apple Mobile Device Support-->MsiExec.exe /I{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
AutoCAD 2006 - Ceský-->MsiExec.exe /I{5783F2D7-4001-0405-0002-0060B0CE6BBA}
AutoCAD 2008 - Ceský SP1-->Msiexec.exe /uninstall {1C500B62-B044-4216-8011-604640F4F925} /package {5783F2D7-6001-0405-0002-0060B0CE6BBA} /qb
AutoCAD 2008 - Ceský-->C:\Program Files\AutoCAD 2008\Setup\Setup.exe /P {5783F2D7-6001-0405-0002-0060B0CE6BBA} /M ACAD
AutoCAD Architecture 2008 - Ceský SP1-->Msiexec.exe /uninstall {D5BBBBAA-1588-40FC-98D6-9F9210AF82D6} /package {5783F2D7-6004-0405-0002-0060B0CE6BBA} /qb
AutoCAD Architecture 2008 - Ceský-->C:\Program Files\AutoCAD Architecture 2008\Setup\Setup.exe /P {5783F2D7-6004-0405-0002-0060B0CE6BBA} /M ACAD
AutoCAD LT 2002-->MsiExec.exe /I{5783F2D7-0109-0405-0000-0060B0CE6BBA}
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
AVG 2011-->"C:\Program Files\AVG\AVG10\avgmfapx.exe" /AppMode=SETUP /Uninstall
AVG 2011-->MsiExec.exe /I{A276502A-8979-44FB-8090-90CF72F22ABC}
AVG 2011-->MsiExec.exe /I{F4C68898-EBA5-46A9-82B3-2D30426086BF}
AVG PC Tuneup 2011-->"C:\Program Files\AVG\AVG PC Tuneup 2011\unins000.exe"
Bonjour-->MsiExec.exe /X{8A253629-0511-4854-8B4E-46E57E66005C}
Browser Configuration Utility-->"C:\Program Files\InstallShield Installation Information\{E8AEA11B-E60A-455E-B008-E4E763604612}\setup.exe" -runfromtemp -l0x0009 -removeonly
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Corel MediaOne-->MsiExec.exe /I{A062A15F-9CAC-4B88-98DF-87628A0BD721}
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
DivX Setup-->C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
DMIView B06.1227.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EE1008C-11A1-4F4F-8DB7-27573924DE78}\setup.exe" -l0x9 -removeonly
EasySaver B8.0729.1 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07300F01-89CA-4CF8-92BD-2A605EB83C95}\setup.exe" -l0x9 -removeonly
free-downloads.net Toolbar-->C:\PROGRA~1\FREE-D~1.NET\UNWISE.EXE C:\PROGRA~1\FREE-D~1.NET\INSTALL.LOG
General Runtime Files for Nemetschek Allplan 2008-->MsiExec.exe /I{5E5E66D9-68DF-4818-A883-8787DC52EB7A}
Google Earth-->MsiExec.exe /X{4286E640-B5FB-11DF-AC4B-005056C00008}
Google Chrome-->"C:\Program Files\Google\Chrome\Application\8.0.552.237\Installer\setup.exe" --uninstall --system-level
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_4079369A224CB572.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\DOCUME~1\Jarka\LOCALS~1\Temp\Rar$EX00.140\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
hp deskjet 845c series (Remove only)-->C:\Program Files\hp deskjet 845c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB002 -vproduct=845c -huninstall
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart All-In-One Driver Software 10.0 Rel .2-->C:\Program Files\HP\Digital Imaging\{20B30DC1-E423-4939-B51D-05C58B0F9BBB}\setup\hpzscr01.exe -datfile hposcr21.dat -onestop
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Check Point Deployment Shell-->MsiExec.exe /X{af1d6ec3-19fd-4010-8f0a-f40cb73e4862}
Check Point SSL Network Extender Components Shell-->MsiExec.exe /X{905eb1d9-8674-4384-884c-4e26e3127b76}
Check Point SSL Network Extender Service-->MsiExec.exe /X{bd2dc9de-a525-48b8-8b62-f96efd6d81eb}
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
i-Look 111-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{9B0A1878-5E40-499D-911A-3AF784BB7F69}
i-Look 111-->C:\Program Files\InstallShield Installation Information\{72651B0D-1313-4F03-96B7-47A04E2F24E1}\setup.exe -runfromtemp -l0x001b -removeonly
iTunes-->MsiExec.exe /I{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mb Software ArCon-->C:\WINDOWS\IsUn0405.exe -fC:\ArCon\Uninst.isu
McAfee Security Scan Plus-->"C:\Program Files\McAfee Security Scan\uninstall.exe"
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack - CSY-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - CSY\install.exe
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft .NET Framework 4 Extended-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Live Add-in 1.5-->MsiExec.exe /I{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110405-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
Nemetschek Allplan 2008-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A88EFF90-6DA0-4468-85D4-62543AD92A83}\setup.exe" -l0x5
Nemetschek SoftLock 2006-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7262D0C8-41CC-4F75-8383-A6C7C61D7FC6}\setup.exe" -l0x5
Nero 8-->MsiExec.exe /X{76308844-456A-4D76-99CA-511F0DED1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton Security Scan-->C:\Program Files\Norton Security Scan\Engine\2.7.3.34\InstWrap.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
OCR Software by I.R.I.S. 10.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}
RealPlayer-->C:\Program Files\Real\RealPlayer\Update\r1puninst.exe RealNetworks|RealPlayer|12.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
Sada Compatibility Pack pro systém Office 2007-->MsiExec.exe /X{90120000-0020-0405-0000-0000000FF1CE}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7A2C18A1-D2A2-3177-82F1-5FE9CC08ECB0} /parameterfolder Extended
Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2416400)-->"C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SmileyCentral-->rundll32 C:\PROGRA~1\SMILEY~2\bar\1.bin\1vBar.dll,O
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB2362765)-->"C:\WINDOWS\ie8updates\KB2362765-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB2447568)-->"C:\WINDOWS\ie8updates\KB2447568-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980302)-->"C:\WINDOWS\ie8updates\KB980302-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB982632)-->"C:\WINDOWS\ie8updates\KB982632-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB982664)-->"C:\WINDOWS\ie8updates\KB982664-IE8\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VLC media player 1.0.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Volo View Express-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Volo View Express\DeIsL1.isu"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Family Safety-->MsiExec.exe /X{139E303E-1050-497F-98B1-9AE87B15C463}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
yBook-->"C:\Documents and Settings\Jarka\My Documents\yBook\unins000.exe"

=====HijackThis Backups=====

O1 - Hosts: 65.98.95.68 www.google.com [2011-02-01]
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com [2011-02-01]
O1 - Hosts: 65.98.95.68 www.google.com.au [2011-02-01]
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com [2011-02-01]
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com [2011-02-01]
O1 - Hosts: 65.98.95.68 google.be [2011-02-01]
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com [2011-02-01]
O1 - Hosts: 65.98.95.68 google.ca [2011-02-01]
O1 - Hosts: 65.98.95.68 google.de [2011-02-01]
O1 - Hosts: 65.98.95.68 google.com.au [2011-02-01]
O1 - Hosts: 65.98.95.68 google.dk [2011-02-01]
O1 - Hosts: 65.98.95.68 google.com [2011-02-01]
O1 - Hosts: 74.125.45.100 urs.microsoft.com [2011-02-01]
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com [2011-02-01]
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com [2011-02-01]
O1 - Hosts: 65.98.95.68 www.google.de [2011-02-01]
O1 - Hosts: 65.98.95.68 www.google.com.br [2011-02-01]
O1 - Hosts: 74.125.45.100 secure-plus-payments.com [2011-02-01]
O1 - Hosts: 65.98.95.68 www.google.ch [2011-02-01]
O1 - Hosts: 65.98.95.68 google.com.br [2011-02-01]
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com [2011-02-01]
O1 - Hosts: 65.98.95.68 www.google.dk [2011-02-01]
O1 - Hosts: 65.98.95.68 google.ch [2011-02-01]
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com [2011-02-01]
O1 - Hosts: 65.98.95.68 www.google.ca [2011-02-01]
O1 - Hosts: 65.98.95.68 www.google.be [2011-02-01]
O1 - Hosts: 74.125.45.100 www.getavplusnow.com [2011-02-01]
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com [2011-02-01]
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com [2011-02-01]
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com [2011-02-01]
O1 - Hosts: 65.98.95.68 google.co.jp [2011-02-01]
O1 - Hosts: 65.98.95.68 www.google.no [2011-02-01]
O1 - Hosts: 65.98.95.68 www.google.it [2011-02-01]
O1 - Hosts: 65.98.95.68 www.google.ie [2011-02-01]
O1 - Hosts: 65.98.95.68 google.it [2011-02-01]
O1 - Hosts: 65.98.95.68 www.google.nl [2011-02-01]
O1 - Hosts: 65.98.95.68 google.fr [2011-02-01]
O1 - Hosts: 65.98.95.68 www.google.co.jp [2011-02-01]
O1 - Hosts: 65.98.95.68 www.google.co.nz [2011-02-01]
O1 - Hosts: 65.98.95.68 google.no [2011-02-01]
O1 - Hosts: 65.98.95.68 google.ie [2011-02-01]
O1 - Hosts: 65.98.95.68 google.co.nz [2011-02-01]
O1 - Hosts: 65.98.95.68 google.se [2011-02-01]
O1 - Hosts: 65.98.95.68 google.pl [2011-02-01]
O1 - Hosts: 65.98.95.68 www.google.pl [2011-02-01]
O1 - Hosts: 65.98.95.68 google.nl [2011-02-01]
O1 - Hosts: 65.98.95.68 uk.search.yahoo.com [2011-02-01]
O1 - Hosts: 65.98.95.68 google.co.uk [2011-02-01]
O1 - Hosts: 65.98.95.68 www.google.co.uk [2011-02-01]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-01]
O23 - Service: SmileyCentral Service (SmileyCentral_1vService) - SmileyCentral - C:\PROGRA~1\SMILEY~2\bar\1.bin\1vbarsvc.exe [2011-02-01]
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2011-02-01]
O1 - Hosts: 65.98.95.68 au.search.yahoo.com [2011-02-01]
O4 - Global Startup: Akcelerátor spuštení AutoCADu.lnk [2011-02-01]
O1 - Hosts: 65.98.95.68 www.search.yahoo.com [2011-02-01]
O1 - Hosts: 65.98.95.68 www.google.co.za [2011-02-01]
O1 - Hosts: 65.98.95.68 www.google-analytics.com [2011-02-01]
O1 - Hosts: 65.98.95.68 search.yahoo.com [2011-02-01]
O1 - Hosts: 65.98.95.68 www.bing.com [2011-02-01]
O1 - Hosts: 65.98.95.68 www.google.se [2011-02-01]
O1 - Hosts: 65.98.95.68 de.search.yahoo.com [2011-02-01]
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-01]
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe [2011-02-01]
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-01]
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [2011-02-01]
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2011-02-01]
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe [2011-02-01]
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe [2011-02-01]
O1 - Hosts: 65.98.95.68 google.co.za [2011-02-01]
O1 - Hosts: 74.125.45.100 4-open-davinci.com [2011-02-01]
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [2011-02-01]
O1 - Hosts: 65.98.95.68 ca.search.yahoo.com [2011-02-01]
O1 - Hosts: 65.98.95.68 fr.search.yahoo.com [2011-02-01]
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.188\McCHSvc.exe [2011-02-01]
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe [2011-02-01]

======Hosts File====== <-vsetky pridal VIRUS

74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
74.125.45.100 www.getavplusnow.com
74.125.45.100 safebrowsing-cache.google.com
74.125.45.100 urs.microsoft.com

======Security center information======

AV: AVG Internet Security 2011
AV: Personal Internet Security 2011<-100% VIRUS
FW: Personal Internet Security 2011<-100% VIRUS
FW: AVG Firewall

======System event log======

Computer Name: JK-CFC0108EE97D
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 21113
Source Name: Service Control Manager
Time Written: 20110112164518.000000+060
Event Type: error
User:

Computer Name: JK-CFC0108EE97D
Event Code: 1002
Message: The IP address lease 192.168.1.2 for the Network Card with network address 001FD069D188 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 21112
Source Name: Dhcp
Time Written: 20110112164415.000000+060
Event Type: error
User:

Computer Name: JK-CFC0108EE97D
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001FD069D188. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 21107
Source Name: Dhcp
Time Written: 20110112164404.000000+060
Event Type: warning
User:

Computer Name: JK-CFC0108EE97D
Event Code: 7000
Message: The Pml Driver HPZ12 service failed to start due to the following error:
The service did not start due to a logon failure.


Record Number: 21106
Source Name: Service Control Manager
Time Written: 20110112164351.000000+060
Event Type: error
User:

Computer Name: JK-CFC0108EE97D
Event Code: 7038
Message: The Pml Driver HPZ12 service was unable to log on as NT AUTHORITY\LocalService with the currently configured
password due to the following error:
Access is denied.


To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Record Number: 21105
Source Name: Service Control Manager
Time Written: 20110112164351.000000+060
Event Type: error
User:

=====Application event log=====

Computer Name: JK-CFC0108EE97D
Event Code: 1517
Message: Windows saved user JK-CFC0108EE97D\Jarka registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 16618
Source Name: Userenv
Time Written: 20101203093156.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: JK-CFC0108EE97D
Event Code: 1002
Message: Hanging application ICQ.exe, version 6.5.0.2026, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 16613
Source Name: Application Hang
Time Written: 20101203093136.000000+060
Event Type: error
User:

Computer Name: JK-CFC0108EE97D
Event Code: 1517
Message: Windows saved user JK-CFC0108EE97D\All registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 16601
Source Name: Userenv
Time Written: 20101203011148.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: JK-CFC0108EE97D
Event Code: 1517
Message: Windows saved user JK-CFC0108EE97D\Timko registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 16599
Source Name: Userenv
Time Written: 20101203011037.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: JK-CFC0108EE97D
Event Code: 1517
Message: Windows saved user JK-CFC0108EE97D\All registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 16581
Source Name: Userenv
Time Written: 20101202014434.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\WINDOWS\system32\WindowsPowerShell\v1.0;C:\Program Files\Common Files\Autodesk Shared\;C:\WINDOWS\system32\WindowsPowerShell\v1.0;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"asl.log"=Destination=file;OnFirstLog=command,environment
"PSModulePath"=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

[JaRon]

1. zedituj subor hosts iba na jeden riadok:
127.0.0.1 localhost
2.Presun ComboFix
na plochu (ak tam este nie je)

otvor si Poznamkovy blok - notepad

do neho zkopiruj skript z nasledujiceho okna:

Kód: Vybrat vše

Folder::
C:\PROGRA~1\SMILEY~2

uloz vytvoreny textovy soubor ako CFScript.txt na plochu

po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:



po aplikacii by mal vzniknut dalsi log, ten vloz sem

[stkuko]

Takze je tu problem-je zakazany write pristup k hosts, aj hijackThis vyhodil, ze nie je pristupny pre editovanie... Tu je log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:11:43, on 4. 2. 2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\WINDOWS\system32\cmd.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\trend micro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 65.98.95.68 www.google.com
O1 - Hosts: 65.98.95.68 google.com
O1 - Hosts: 65.98.95.68 google.com.au
O1 - Hosts: 65.98.95.68 www.google.com.au
O1 - Hosts: 65.98.95.68 google.be
O1 - Hosts: 65.98.95.68 www.google.be
O1 - Hosts: 65.98.95.68 google.com.br
O1 - Hosts: 65.98.95.68 www.google.com.br
O1 - Hosts: 65.98.95.68 google.ca
O1 - Hosts: 65.98.95.68 www.google.ca
O1 - Hosts: 65.98.95.68 google.ch
O1 - Hosts: 65.98.95.68 www.google.ch
O1 - Hosts: 65.98.95.68 google.de
O1 - Hosts: 65.98.95.68 www.google.de
O1 - Hosts: 65.98.95.68 google.dk
O1 - Hosts: 65.98.95.68 www.google.dk
O1 - Hosts: 65.98.95.68 google.fr
O1 - Hosts: 65.98.95.68 google.ie
O1 - Hosts: 65.98.95.68 www.google.ie
O1 - Hosts: 65.98.95.68 google.it
O1 - Hosts: 65.98.95.68 www.google.it
O1 - Hosts: 65.98.95.68 google.co.jp
O1 - Hosts: 65.98.95.68 www.google.co.jp
O1 - Hosts: 65.98.95.68 google.nl
O1 - Hosts: 65.98.95.68 www.google.nl
O1 - Hosts: 65.98.95.68 google.no
O1 - Hosts: 65.98.95.68 www.google.no
O1 - Hosts: 65.98.95.68 google.co.nz
O1 - Hosts: 65.98.95.68 www.google.co.nz
O1 - Hosts: 65.98.95.68 google.pl
O1 - Hosts: 65.98.95.68 www.google.pl
O1 - Hosts: 65.98.95.68 google.se
O1 - Hosts: 65.98.95.68 www.google.se
O1 - Hosts: 65.98.95.68 google.co.uk
O1 - Hosts: 65.98.95.68 www.google.co.uk
O1 - Hosts: 65.98.95.68 google.co.za
O1 - Hosts: 65.98.95.68 www.google.co.za
O1 - Hosts: 65.98.95.68 www.google-analytics.com
O1 - Hosts: 65.98.95.68 www.bing.com
O1 - Hosts: 65.98.95.68 search.yahoo.com
O1 - Hosts: 65.98.95.68 www.search.yahoo.com
O1 - Hosts: 65.98.95.68 uk.search.yahoo.com
O1 - Hosts: 65.98.95.68 ca.search.yahoo.com
O1 - Hosts: 65.98.95.68 de.search.yahoo.com
O1 - Hosts: 65.98.95.68 fr.search.yahoo.com
O1 - Hosts: 65.98.95.68 au.search.yahoo.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-21-839522115-343818398-725345543-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Danka')
O4 - HKUS\S-1-5-21-839522115-343818398-725345543-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (User 'Danka')
O4 - HKUS\S-1-5-21-839522115-343818398-725345543-1004\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Danka')
O4 - HKUS\S-1-5-21-839522115-343818398-725345543-1004\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex (User 'Danka')
O4 - Global Startup: Akcelerátor spuštení AutoCADu.lnk
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.188\McCHSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmileyCentral Service (SmileyCentral_1vService) - SmileyCentral - C:\PROGRA~1\SMILEY~2\bar\1.bin\1vbarsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7232 bytes

Zatial pocitam md5 a robim si zoznam suborov vo windows adresari... Personal internet security 2011 vyzera ze je konecne prec... Zatial idem vytriet veci od Apple, Firefoxu a ine nepotrebnosti...

[stkuko]

Po precisteni a odinstalovani niektoreho SW som spustil aspon Combofix, kedze zeditovat a prevalit hosts mi neslo... Pripajam z neho log, je to uz OK? Hosts prevalil tiez na spravny obsah... Skusim to este raz restartnut, ako to bude vyzerat-ci sa nieco nezmeni...
ComboFix 11-01-31.02 - Jarka . 02. 2011 0:18.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1595 [GMT 1:00]
Running from: c:\documents and settings\Jarka\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jarka\Desktop\CFScript.txt.txt
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All\Local Settings\Temporary Internet Files\_tm10D7.tmp
c:\documents and settings\All\Local Settings\Temporary Internet Files\_tm1A09.tmp
c:\documents and settings\All\Local Settings\Temporary Internet Files\_tm4816.tmp
c:\documents and settings\All\Local Settings\Temporary Internet Files\_tm51.tmp
c:\documents and settings\All\Local Settings\Temporary Internet Files\_tmE08.tmp
c:\documents and settings\Danka\Local Settings\Temporary Internet Files\_tm199B.tmp
c:\documents and settings\Danka\Local Settings\Temporary Internet Files\_tm57.tmp
c:\documents and settings\Danka\Local Settings\Temporary Internet Files\_tm907.tmp
c:\documents and settings\Danka\Local Settings\Temporary Internet Files\_tmFC4.tmp
c:\progra~1\SMILEY~2
c:\progra~1\SMILEY~2\bar\1.bin\1vbar.dll
c:\progra~1\SMILEY~2\bar\1.bin\1vbarsvc.exe
c:\progra~1\SMILEY~2\bar\1.bin\1vdatact.dll
c:\progra~1\SMILEY~2\bar\1.bin\1vdyn.dll
c:\progra~1\SMILEY~2\bar\1.bin\1vfeedmg.dll
c:\progra~1\SMILEY~2\bar\1.bin\1vhighin.exe
c:\progra~1\SMILEY~2\bar\1.bin\1vhtml.dll
c:\progra~1\SMILEY~2\bar\1.bin\1vhtmlmu.dll
c:\progra~1\SMILEY~2\bar\1.bin\1vhttpct.dll
c:\progra~1\SMILEY~2\bar\1.bin\1vidle.dll
c:\progra~1\SMILEY~2\bar\1.bin\1vimpipe.exe
c:\progra~1\SMILEY~2\bar\1.bin\1vmedint.exe
c:\progra~1\SMILEY~2\bar\1.bin\1vmlbtn.dll
c:\progra~1\SMILEY~2\bar\1.bin\1vmsg.dll
c:\progra~1\SMILEY~2\bar\1.bin\1vradio.dll
c:\progra~1\SMILEY~2\bar\1.bin\1vregfft.dll
c:\progra~1\SMILEY~2\bar\1.bin\1vscript.dll
c:\progra~1\SMILEY~2\bar\1.bin\1vskin.dll
c:\progra~1\SMILEY~2\bar\1.bin\1vskplay.exe
c:\progra~1\SMILEY~2\bar\1.bin\CHROME.MANIFEST
c:\progra~1\SMILEY~2\bar\1.bin\chrome\1vffxtbr.jar
c:\progra~1\SMILEY~2\bar\1.bin\INSTALL.RDF
c:\progra~1\SMILEY~2\bar\1.bin\LOGO.BMP
c:\progra~1\SMILEY~2\bar\1.bin\NP1vStub.dll
c:\progra~1\SMILEY~2\bar\Cache\00059448
c:\progra~1\SMILEY~2\bar\Cache\00736EC8.bmp
c:\progra~1\SMILEY~2\bar\Cache\00736F83.bmp
c:\progra~1\SMILEY~2\bar\Cache\00737000.bmp
c:\progra~1\SMILEY~2\bar\Cache\0073706D.bmp
c:\progra~1\SMILEY~2\bar\Cache\007370CB.bmp
c:\progra~1\SMILEY~2\bar\Cache\00737148.bmp
c:\progra~1\SMILEY~2\bar\Cache\007371D5.bin
c:\progra~1\SMILEY~2\bar\Cache\files.ini
c:\progra~1\SMILEY~2\bar\History\search3
c:\progra~1\SMILEY~2\bar\Message\COMMON.T8S
c:\progra~1\SMILEY~2\bar\Settings\prevcfg2.htm
c:\progra~1\SMILEY~2\bar\Settings\s_pid.dat
c:\program files\ICQ6.5\ICQLRun.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SmileyCentral_1vService
-------\Legacy_SmileyCentral_1vService
-------\Service_SmileyCentral_1vService
-------\Service_SmileyCentral_1vService


((((((((((((((((((((((((( Files Created from 2011-01-04 to 2011-02-04 )))))))))))))))))))))))))))))))
.

2011-02-04 21:21 . 2011-02-04 21:21 -------- d-----w- c:\documents and settings\Jarka\DoctorWeb
2011-02-04 20:50 . 2011-02-04 20:50 -------- d-----w- c:\documents and settings\Jarka\Local Settings\Application Data\Threat Expert
2011-02-04 20:39 . 2011-02-04 20:39 -------- d-----w- c:\program files\SanityCheck
2011-02-04 20:39 . 2010-08-23 16:07 27192 ----a-w- c:\windows\system32\drivers\rspSanity32.sys
2011-02-04 18:05 . 2011-02-04 18:05 388096 ----a-r- c:\documents and settings\Jarka\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-04 17:42 . 2011-02-04 17:42 -------- d-----w- c:\documents and settings\Danka.JK-CFC0108EE97D\Local Settings\Application Data\AVG Security Toolbar
2011-02-02 15:07 . 2011-02-04 18:05 -------- d-----w- c:\program files\trend micro
2011-02-02 15:07 . 2011-02-02 15:07 -------- d-----w- C:\rsit
2011-02-02 12:04 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-01-31 17:32 . 2011-01-31 17:32 -------- d-----w- c:\documents and settings\All.JK-CFC0108EE97D\Local Settings\Application Data\AVG Security Toolbar
2011-01-31 17:31 . 2011-01-31 17:31 -------- d-----w- c:\documents and settings\All.JK-CFC0108EE97D\Application Data\AVG10
2011-01-31 12:06 . 2011-01-31 12:06 -------- d-----w- C:\$AVG
2011-01-31 11:24 . 2011-02-04 23:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-01-31 11:06 . 2011-01-31 11:06 -------- d-----w- c:\documents and settings\Jarka\Application Data\AVG10
2011-01-31 11:02 . 2011-01-31 11:02 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-01-31 11:00 . 2011-02-04 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-01-31 10:59 . 2011-02-04 23:11 -------- d-----w- c:\program files\AVG
2011-01-31 10:50 . 2011-01-31 11:00 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-01-31 08:52 . 2011-01-31 08:52 -------- d-----w- c:\documents and settings\Jarka\Application Data\Malwarebytes
2011-01-31 08:52 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-31 08:52 . 2011-01-31 08:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-31 08:52 . 2011-01-31 08:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-31 08:52 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-30 15:56 . 2011-01-30 15:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2011-01-30 15:55 . 2011-01-30 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-01-30 15:55 . 2011-01-30 15:55 -------- d-----w- c:\program files\McAfee Security Scan
2011-01-30 15:55 . 2011-01-30 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-01-30 15:54 . 2011-01-30 16:19 -------- d-----w- c:\program files\Windows Live Safety Center
2011-01-30 15:46 . 2011-01-30 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2011-01-30 15:12 . 2011-01-30 15:28 -------- d-----w- c:\windows\BDOSCAN8
2011-01-28 20:18 . 2011-01-28 20:19 20268251 ----a-w- c:\program files\vlc-1.1.6-win32.exe
2011-01-22 13:58 . 2011-01-22 13:58 -------- d-sh--w- c:\documents and settings\All Users\Application Data\PIZSUVTSLS
2011-01-22 13:58 . 2011-01-22 21:57 -------- d-sh--w- c:\documents and settings\All Users\Application Data\b6db5a
2011-01-15 11:50 . 2011-01-15 11:50 -------- d-----w- c:\documents and settings\All.JK-CFC0108EE97D\Application Data\DAEMON Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-04 23:24 . 2009-10-17 15:32 16608 ----a-w- c:\windows\gdrv.sys
2010-12-27 10:08 . 2009-10-17 18:14 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-27 10:08 . 2007-10-19 18:37 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2009-10-17 15:08 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2006-02-28 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Akceler tor spusten¡ AutoCADu.lnk - [N/A]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\CheckPoint\\SSL Network Extender\\slimsvc.exe"=
"c:\\hry\\Flatout 2\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17. 10. 2009 19:36 715248]
R2 cpextender;Check Point SSL Network Extender;c:\program files\CheckPoint\SSL Network Extender\slimsvc.exe [2. 11. 2009 18:43 353672]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [17. 10. 2009 16:33 80392]
R3 PAC207;i-Look 111;c:\windows\system32\drivers\PFC027.SYS [29. 6. 2007 15:32 611584]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [12. 9. 2006 18:14 129304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 12:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28. 2. 2010 17:31 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.188\McCHSvc.exe [5. 10. 2010 3:27 237008]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [4. 2. 2011 21:39 27192]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28. 2. 2006 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 12:16 753504]
S4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [17. 10. 2009 19:19 222968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WINRM REG_MULTI_SZ WINRM
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\docume~1\Jarka\LOCALS~1\Temp\Rar$EX00.140\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-05 00:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(868)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Completion time: 2011-02-05 00:26:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-04 23:26

Pre-Run: 81 662 894 080 bytes free
Post-Run: 88 367 099 904 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional"=optin /fastdetect

- - End Of File - - 6B373D7AED5CCA96AABB5CCDC751316B

[JaRon]

vypada to OK

[stkuko]

Dakujem velmi pekne za pomoc... Chcem sa este spytat, aky free antivirak s dobrym anti-adware rozsirenim (a rezidentnou kontrolou) by si mi poradil tam dat?
Celkom sa mi pozdava Avira Antivir, AVG mam pocit, ze dost spomalovalo, z Esetu tam bol iba NOD bez smart security, co bolo mozno pricinou zavirenia...
Co sa tyka anti-malware scannerov, zda sa mi ze Dr. Web Cureit bol o nieco lepsi nez Malwarebytes, ohladom tejto oblasti mas ake skusenosti?
Prip. aky free firewall tam dat? Je nejaky lepsi free soft antivir+anti-adware+firewall v jednom, z jednoduchou odinstalaciou, keby sa neosvedcil?
Dakujem za rady.

[JaRon]

rado sa stalo
1. z AV doporucujem Aviru
2. FW >> ZoneAlarm
3. co sa tyka ostatnych smejdov postaci obcasny scan s MBAM
4. CureIT je AV, MBAM je skor antiSpy >> cize ich nejde zrovnavat, kazdy hlada ine
5. ak by si sa rozhodol pre balicek vsad na overene znacky Kaspersky a Norton >> sekcia AV