RemoveIT-nevim si rady

[Andrewus]

Dobry den, píšu sem prvně a nejsem žádný expert, takže omluvte "kvalitu" mého příspěvku.

Nechal jsem si projet PC free verzi programu RemoveIT, našel několik "virů" klikl jsem na tlačítko FIX 9 z 12ti to opravilo, zbytek ne, s tím, že se je mám pokusit odstranit manuálně, jedná se o

Sys32.idletrac C:\WINDOWS\system32\cl31cl3.dll
Sys32.cl31cl3 C:\WINDOWS\system32\idletrac.dll
Sys32.wsfwds.dll C:\WINDOWS\system32\wsfwds.dll


Jedná se určitě o viry? Popř. jak se dají odstranit?

[Roli]

Zdravím, začni tím že použiješ Rsit z mého podpisu a dáš mi sem z něj log.txt

kouknu se na to co se s tím dá dělat.

[Andrewus]

Logfile of random's system information tool 1.08 (written by random/random)
Run by Andrew at 2011-02-11 19:33:37
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 81 GB (34%) free of 238 GB
Total RAM: 2047 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:34:28, on 11.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\System Control Manager\edd.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\Andrew\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrew\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrew\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrew\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrew\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrew\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrew\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Andrew\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Andrew.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {95289393-33EA-4F8D-B952-483415B9C955} - (no file)
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Andrew\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Konfigurační služba Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 11132 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-ONDRA-Andrew.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-706699826-1644491937-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-706699826-1644491937-1006UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-20 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-20 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-20 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-06-29 89541]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"ACU"=C:\Program Files\Atheros\ACU.exe [2007-05-03 376921]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"MGSysCtrl"=C:\Program Files\System Control Manager\MGSysCtrl.exe [2007-10-19 180224]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"NBKeyScan"=C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe [2008-02-21 1647912]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-20 136600]
"MemoryCardManager"=C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe [2004-02-02 139264]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"Adobe_ID0ENQBO"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2008-08-15 378224]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2008-08-08 524288]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-02-26 2140880]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-11-30 500208]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"Google Update"=C:\Documents and Settings\Andrew\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-11-28 135664]
"AdobeBridge"= []
"Steam"=C:\Program Files\Steam\steam.exe [2010-11-17 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-05-15 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NeverwinterNights\NWN\nwmain.exe"="C:\Program Files\NeverwinterNights\NWN\nwmain.exe:*:Enabled:Neverwinter Nights"
"C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe"="C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Documents and Settings\Andrew\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\Andrew\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Steam\SteamApps\andrew_cze\day of defeat source\hl2.exe"="C:\Program Files\Steam\SteamApps\andrew_cze\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Steam\steamapps\andrew_cze\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\andrew_cze\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2011-02-11 19:33:39 ----D---- C:\Program Files\trend micro
2011-02-11 19:33:37 ----D---- C:\rsit
2011-02-11 17:40:55 ----SHD---- C:\Config.Msi
2011-02-11 17:36:39 ----D---- C:\Program Files\Enigma Software Group
2011-02-11 17:36:15 ----D---- C:\WINDOWS\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-02-11 14:22:22 ----D---- C:\WINDOWS\LastGood
2011-02-10 01:22:42 ----DC---- C:\WINDOWS\$NtUninstallKB2478971$
2011-02-10 01:22:36 ----DC---- C:\WINDOWS\$NtUninstallKB2485376$
2011-02-10 01:22:28 ----DC---- C:\WINDOWS\$NtUninstallKB2479628$
2011-02-10 01:22:18 ----DC---- C:\WINDOWS\$NtUninstallKB2483185$
2011-02-10 01:19:05 ----DC---- C:\WINDOWS\$NtUninstallKB2476687$
2011-02-10 01:18:54 ----DC---- C:\WINDOWS\$NtUninstallKB2482017$
2011-02-10 01:18:48 ----DC---- C:\WINDOWS\$NtUninstallKB2478960$
2011-02-10 01:18:37 ----DC---- C:\WINDOWS\$NtUninstallKB2393802$
2011-02-08 17:51:29 ----D---- C:\Program Files\Rockstar Games
2011-02-05 09:17:51 ----D---- C:\Program Files\NWN2Czech
2011-02-03 00:32:26 ----A---- C:\WINDOWS\system32\SNWValid.dll
2011-02-03 00:32:26 ----A---- C:\WINDOWS\system32\SierraNW.dll
2011-02-03 00:32:25 ----D---- C:\SIERRA
2011-02-03 00:32:25 ----D---- C:\Program Files\Sierra On-Line
2011-02-03 00:32:01 ----A---- C:\WINDOWS\SIERRA.INI
2011-01-23 19:24:24 ----D---- C:\Documents and Settings\Andrew\Data aplikací\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-01-23 19:24:24 ----D---- C:\Documents and Settings\Andrew\Data aplikací\Adobe Mini Bridge CS5
2011-01-18 21:10:00 ----D---- C:\Program Files\Mplayer
2011-01-18 21:08:08 ----D---- C:\Program Files\Quake III Arena
2011-01-18 21:07:34 ----A---- C:\WINDOWS\QIII.INI
2011-01-13 21:03:53 ----D---- C:\videooutput
2011-01-13 21:03:46 ----D---- C:\Program Files\Smallvideosoft
2011-01-13 20:46:11 ----D---- C:\Program Files\Free YouTube Downloader
2011-01-13 03:26:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2011-01-13 02:56:10 ----D---- C:\Program Files\Leawo

======List of files/folders modified in the last 1 months======

2011-02-11 19:33:54 ----D---- C:\WINDOWS\Temp
2011-02-11 19:33:39 ----RD---- C:\Program Files
2011-02-11 19:33:35 ----D---- C:\WINDOWS\Prefetch
2011-02-11 18:23:50 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-11 18:21:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-02-11 18:21:51 ----D---- C:\WINDOWS\system32
2011-02-11 18:15:05 ----A---- C:\WINDOWS\avisplitter.ini
2011-02-11 17:40:59 ----SHD---- C:\WINDOWS\Installer
2011-02-11 17:40:59 ----SD---- C:\Documents and Settings\Andrew\Data aplikací\Microsoft
2011-02-11 17:40:40 ----SD---- C:\WINDOWS\Tasks
2011-02-11 17:40:31 ----D---- C:\WINDOWS
2011-02-11 17:36:12 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-02-11 17:04:22 ----D---- C:\WINDOWS\system
2011-02-11 16:45:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-02-11 16:45:29 ----D---- C:\WINDOWS\Minidump
2011-02-11 14:24:01 ----HD---- C:\WINDOWS\inf
2011-02-11 14:22:26 ----D---- C:\Program Files\Steam
2011-02-11 14:21:55 ----D---- C:\WINDOWS\system32\CatRoot
2011-02-11 14:17:50 ----D---- C:\WINDOWS\system32\config
2011-02-11 14:17:20 ----D---- C:\WINDOWS\system32\wbem
2011-02-11 14:17:20 ----D---- C:\WINDOWS\Registration
2011-02-11 14:16:56 ----D---- C:\Documents and Settings\Andrew\Data aplikací\Mozilla
2011-02-11 14:15:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-02-11 14:15:33 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-02-10 22:27:49 ----D---- C:\WINDOWS\Debug
2011-02-10 01:18:04 ----HD---- C:\WINDOWS\$hf_mig$
2011-02-08 17:51:28 ----HD---- C:\Program Files\InstallShield Installation Information
2011-02-07 21:45:43 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2011-02-05 01:27:59 ----D---- C:\WINDOWS\system32\DirectX
2011-02-05 01:27:57 ----RSD---- C:\WINDOWS\assembly
2011-02-04 15:07:14 ----D---- C:\Documents and Settings\Andrew\Data aplikací\vlc
2011-02-04 13:17:05 ----RSD---- C:\WINDOWS\Fonts
2011-01-26 23:13:50 ----A---- C:\WINDOWS\wincmd.ini
2011-01-18 21:12:42 ----D---- C:\Program Files\Mozilla Firefox
2011-01-14 22:18:37 ----D---- C:\NWN
2011-01-13 20:46:59 ----D---- C:\Program Files\Common Files
2011-01-13 03:26:48 ----A---- C:\WINDOWS\system32\MRT.exe
2011-01-13 02:57:40 ----D---- C:\Documents and Settings\Andrew\Data aplikací\Leawo

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 O2MDRDR;O2MDRDR; C:\WINDOWS\system32\DRIVERS\o2media.sys [2007-04-03 39680]
R0 O2SDRDR;O2SDRDR; C:\WINDOWS\system32\DRIVERS\o2sd.sys [2007-04-02 35712]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-02-06 44608]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2006-07-10 27032]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2007-01-12 82296]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-09-30 717296]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 Amfilter;Compatible Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2007-04-19 8704]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-02-26 114984]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-02-26 55232]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-02-26 139192]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-02-26 134488]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-06-29 1160320]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-02 546976]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-05-16 2158592]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-02-26 32584]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 MGHwCtrl;MGHwCtrl; \??\C:\WINDOWS\system32\drivers\MGHwCtrl.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtHDMI.sys [2007-02-05 3624128]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-05-31 96896]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 57024]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\WINDOWS\System32\drivers\sfdrv01a.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys []
S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
S2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys []
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Amps2prt;Compatible PS/2 Port Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2007-04-19 14336]
S3 Amusbprt;Compatible HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2007-04-19 14336]
S3 aucy2u6l;aucy2u6l; C:\WINDOWS\system32\drivers\aucy2u6l.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 Cam5603D;BisonCam, NB Pro; C:\WINDOWS\System32\Drivers\BisonCam.sys [2007-08-20 783272]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Ovladač třídy skeneru standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\Andrew\LOCALS~1\Temp\EMM51.tmp []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
S3 HidBth;Miniport Bluetooth HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25600]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-07-09 52096]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 uafilter;uafilter; C:\WINDOWS\System32\DRIVERS\uafilter.sys []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Konfigurační služba Atheros; C:\WINDOWS\system32\acs.exe [2007-05-03 364629]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-05-15 479232]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-02-26 810120]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-20 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NishService;SCM Driver Daemon; C:\Program Files\System Control Manager\edd.exe [2006-03-22 40960]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-11-12 71096]
R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Oz128 Driver\o2flash.exe [2007-02-12 65536]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-11-20 75136]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-08 135664]
S2 PCLEPCI;PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [2005-02-09 14165]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-02-26 33560]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-02 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-11 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-02-21 800040]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Roli]

Tohle fixni v HJT :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {95289393-33EA-4F8D-B952-483415B9C955} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Andrew\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

HJT najdeš zde :

C:\Program Files\trend micro\Andrew.exe

Fix znamená že spustíš HJT

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :

NBService - Nero AG

NMIndexingService - Nero AG

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.


Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !!!

[Andrewus]

NBService - Nero AG

NMIndexingService - Nero AG

NBService - Nero AG

tahle už byla zastavená, tak jsem dal jen zakázat, u druhé jsem i zastavoval a tady je log, mnohokrát děkuji za pomoc

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Verze databáze: 5742

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

11.2.2011 21:15:24
mbam-log-2011-02-11 (21-15-18).txt

Typ kontroly: Rychlý test
Testované objekty: 184144
Uplynulý čas: 5 minut, 33 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 2
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 1
Infikované složky: 1
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CLASSES_ROOT\CLSID\{E7467507-DD40-4123-BE49-7B7DF5DB80C6} (Trojan.Clicker) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E1500AC-87A5-416B-A211-82E848649DA9} (Trojan.Clicker) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Infikované složky:
c:\program files\Seekeen (Trojan.Agent) -> No action taken.

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)§

Ještě dotaz, jak nejlépe předejít podobné situaci? Je nějaké řešení krom - nemít internet? Antivirák mám.

[Andrewus]

Haló, haló. Já se těch trojáku co tu na mě skáčou bojím:

[Roli]

Měj trpělivost nejsem tu celý den.

Jak předejít zavirování ?

No nestahovat hlouposti, nelézt na nebezpečné stránky, neklikat na nesmysli a hlavně myslet, protože antivir není všemocný.

Jinak to co Mbam našel nech smazat.


Nyní použijeme větší kalibr tak že pozorně číst, protože tenhle softík chyby netoleruje.

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[Andrewus]

díky moc, tady to je

ComboFix 11-02-12.01 - Andrew 12.02.2011 23:47:09.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1359 [GMT 1:00]
Spuštěný z: c:\documents and settings\Andrew\Plocha\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\recycled\Recycled
c:\windows\system32\3gpvideoconvertera.dat
c:\windows\system32\3gpvideoconverterb.dat
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-12 do 2011-02-12 )))))))))))))))))))))))))))))))
.

2011-02-11 20:02 . 2011-02-11 20:02 -------- d-----w- c:\documents and settings\Andrew\Data aplikací\Malwarebytes
2011-02-11 20:02 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-11 20:02 . 2011-02-11 20:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-02-11 20:02 . 2011-02-11 20:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-11 20:02 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-11 18:33 . 2011-02-11 19:52 -------- d-----w- c:\program files\trend micro
2011-02-11 18:33 . 2011-02-11 18:34 -------- d-----w- C:\rsit
2011-02-11 16:36 . 2011-02-11 16:36 -------- d-----w- c:\program files\Enigma Software Group
2011-02-11 16:36 . 2011-02-11 16:40 -------- d-----w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-02-11 13:17 . 2011-02-11 13:17 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-08 16:51 . 2011-02-08 16:51 -------- d-----w- c:\program files\Rockstar Games
2011-02-05 08:17 . 2011-02-05 16:59 -------- d-----w- c:\program files\NWN2Czech
2011-02-02 23:32 . 1998-10-30 22:21 231936 ----a-w- c:\windows\system32\SNWValid.dll
2011-02-02 23:32 . 1998-10-30 22:21 1022976 ----a-w- c:\windows\system32\SierraNW.dll
2011-02-02 23:32 . 2011-02-02 23:33 -------- d-----w- C:\SIERRA
2011-02-02 23:32 . 2011-02-02 23:32 -------- d-----w- c:\program files\Sierra On-Line
2011-01-23 18:24 . 2011-01-23 18:24 -------- d-----w- c:\documents and settings\Andrew\Data aplikací\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-01-23 18:24 . 2011-01-23 18:24 -------- d-----w- c:\documents and settings\Andrew\Data aplikací\Adobe Mini Bridge CS5
2011-01-18 20:10 . 2011-01-18 20:10 -------- d-----w- c:\program files\Mplayer
2011-01-18 20:08 . 2011-02-11 16:40 -------- d-----w- c:\program files\Quake III Arena

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-07 20:45 . 2010-09-08 21:31 234392 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-02-07 20:45 . 2002-02-16 17:01 234392 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-07 20:28 . 2002-02-16 17:03 138904 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-20 22:13 . 2008-04-14 12:00 370176 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2008-04-14 12:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2008-04-14 08:06 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2008-04-14 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-11-20 14:18 . 2002-02-16 17:01 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-11-18 18:15 . 2008-09-23 07:05 81920 ----a-w- c:\windows\system32\isign32.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2010-11-17 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 89541]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ACU"="c:\program files\Atheros\ACU.exe" [2007-05-03 376921]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2007-10-19 180224]
"MemoryCardManager"="c:\program files\Lexmark\Lexmark Precision Photo\MemCard.exe" [2004-02-02 139264]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-02-26 2140880]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UVS11 Preload"=c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\Andrew\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\andrew_cze\\counter-strike source\\hl2.exe"=

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [23.9.2008 10:18 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [23.9.2008 10:18 35712]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.9.2008 8:51 717296]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [26.2.2010 5:41 114984]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [26.2.2010 5:41 810120]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [23.9.2008 10:56 9088]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys --> c:\windows\system32\drivers\sfdrv01a.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8.3.2010 16:31 135664]
S2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [23.9.2008 10:56 40960]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.8.2008 5:46 284016]
S3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [19.4.2007 14:45 14336]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Andrew\LOCALS~1\Temp\EMM51.tmp --> c:\docume~1\Andrew\LOCALS~1\Temp\EMM51.tmp [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 uafilter;uafilter;c:\windows\system32\DRIVERS\uafilter.sys --> c:\windows\system32\DRIVERS\uafilter.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11.1.2011 22:06 11520]
.
Obsah adresáře 'Naplánované úlohy'

2011-02-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-ONDRA-Andrew.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-11-30 13:23]

2011-02-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 15:31]

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 15:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.garena.com/portal/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Andrew\Data aplikací\Mozilla\Firefox\Profiles\i00rlgws.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-AdobeBridge - (no file)
AddRemove-Heroes of Might and Magic® III - c:\program files\3DO\Heroes3\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-12 23:52
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Andrew\LOCALS~1\Temp\EMM51.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1935655697-706699826-1644491937-1006\Software\SecuROM\License information*]
"datasecu"=hex:e2,b7,8a,19,6b,cf,08,1c,af,67,91,ea,8a,d6,00,de,d8,e8,ff,7b,d4,
75,2c,26,61,a5,30,38,16,7b,b8,59,37,6f,c0,77,8e,dc,0d,2a,d9,94,0d,d4,d5,fa,\
"rkeysecu"=hex:6c,86,55,c0,6a,5d,9e,bf,20,62,5d,59,0f,a1,be,18

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@DACL=(02 0010)
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Data aplikací\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000405
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{3B2ABF54-299A-46E4-B4C5-A8879DF6EE72}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.2.35.3"
"UniqueId"="000E12F74BC99A5C"
"ScannerBuild"=dword:000019ff
"ScannerVersionId"=dword:00001320
"ScannerVersion"="Locked/open ESET for status."
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1540)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-02-12 23:55:07
ComboFix-quarantined-files.txt 2011-02-12 22:55

Před spuštěním: Volných bajtů: 103 486 775 296
Po spuštění: Volných bajtů: 110 040 436 736

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer /TUTag=EQZEI5

- - End Of File - - 4E4743BEB2B2AB336E7320B8365CB556

[Roli]

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\cl31cl3.dll  
C:\WINDOWS\system32\idletrac.dll

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[Andrewus]

ComboFix 11-02-12.01 - Andrew 13.02.2011 17:26:04.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1436 [GMT 1:00]
Spuštěný z: c:\documents and settings\Andrew\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Andrew\Plocha\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

FILE ::
"c:\windows\system32\cl31cl3.dll"
"c:\windows\system32\idletrac.dll"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\windows\system32\cl31cl3.dll
c:\windows\system32\idletrac.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-13 do 2011-02-13 )))))))))))))))))))))))))))))))
.

2011-02-11 20:02 . 2011-02-11 20:02 -------- d-----w- c:\documents and settings\Andrew\Data aplikací\Malwarebytes
2011-02-11 20:02 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-11 20:02 . 2011-02-11 20:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-02-11 20:02 . 2011-02-11 20:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-11 20:02 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-11 18:33 . 2011-02-11 19:52 -------- d-----w- c:\program files\trend micro
2011-02-11 18:33 . 2011-02-11 18:34 -------- d-----w- C:\rsit
2011-02-11 16:36 . 2011-02-11 16:36 -------- d-----w- c:\program files\Enigma Software Group
2011-02-11 16:36 . 2011-02-11 16:40 -------- d-----w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-02-11 13:17 . 2011-02-11 13:17 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-08 16:51 . 2011-02-08 16:51 -------- d-----w- c:\program files\Rockstar Games
2011-02-05 08:17 . 2011-02-05 16:59 -------- d-----w- c:\program files\NWN2Czech
2011-02-02 23:32 . 1998-10-30 22:21 231936 ----a-w- c:\windows\system32\SNWValid.dll
2011-02-02 23:32 . 1998-10-30 22:21 1022976 ----a-w- c:\windows\system32\SierraNW.dll
2011-02-02 23:32 . 2011-02-02 23:33 -------- d-----w- C:\SIERRA
2011-02-02 23:32 . 2011-02-02 23:32 -------- d-----w- c:\program files\Sierra On-Line
2011-01-23 18:24 . 2011-01-23 18:24 -------- d-----w- c:\documents and settings\Andrew\Data aplikací\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-01-23 18:24 . 2011-01-23 18:24 -------- d-----w- c:\documents and settings\Andrew\Data aplikací\Adobe Mini Bridge CS5
2011-01-18 20:10 . 2011-01-18 20:10 -------- d-----w- c:\program files\Mplayer
2011-01-18 20:08 . 2011-02-11 16:40 -------- d-----w- c:\program files\Quake III Arena

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-07 20:45 . 2010-09-08 21:31 234392 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-02-07 20:45 . 2002-02-16 17:01 234392 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-07 20:28 . 2002-02-16 17:03 138904 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-01-21 14:44 . 2008-04-14 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2008-04-14 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 22:14 . 2008-04-14 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 22:14 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-12-20 22:14 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 22:13 . 2008-04-14 12:00 370176 ----a-w- c:\windows\system32\html.iec
2010-12-20 17:25 . 2008-04-14 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-09 15:15 . 2008-04-14 12:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2008-04-14 08:06 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2008-04-14 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-20 14:18 . 2002-02-16 17:01 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-11-18 18:15 . 2008-09-23 07:05 81920 ----a-w- c:\windows\system32\isign32.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-02-12_22.52.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-13 12:03 . 2011-02-13 12:03 16384 c:\windows\Temp\Perflib_Perfdata_3bc.dat
- 2009-03-12 01:42 . 2010-07-05 13:13 18296 c:\windows\system32\spmsg.dll
+ 2009-03-12 01:42 . 2010-02-22 14:20 18296 c:\windows\system32\spmsg.dll
+ 2008-04-14 12:00 . 2010-12-20 22:14 81920 c:\windows\system32\dllcache\ieencode.dll
- 2008-04-14 12:00 . 2010-11-05 05:02 81920 c:\windows\system32\dllcache\ieencode.dll
- 2008-04-14 12:00 . 2009-12-14 07:10 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2008-04-14 12:00 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2008-04-14 12:00 . 2010-11-05 05:02 627200 c:\windows\system32\urlmon.dll
+ 2008-04-14 12:00 . 2010-12-20 22:14 627200 c:\windows\system32\urlmon.dll
- 2008-04-14 12:00 . 2010-11-05 05:02 532480 c:\windows\system32\mstime.dll
+ 2008-04-14 12:00 . 2010-12-20 22:14 532480 c:\windows\system32\mstime.dll
+ 2008-04-14 12:00 . 2010-12-20 22:14 449024 c:\windows\system32\mshtmled.dll
- 2008-04-14 12:00 . 2010-11-05 05:02 449024 c:\windows\system32\mshtmled.dll
- 2008-04-14 12:00 . 2010-11-05 05:02 251904 c:\windows\system32\iepeers.dll
+ 2008-04-14 12:00 . 2010-12-20 22:14 251904 c:\windows\system32\iepeers.dll
- 2008-04-14 12:00 . 2010-11-05 05:02 668160 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-14 12:00 . 2010-12-20 22:14 668160 c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 12:00 . 2010-11-05 05:02 627200 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 12:00 . 2010-12-20 22:14 627200 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 12:00 . 2011-01-21 14:44 440320 c:\windows\system32\dllcache\shimgvw.dll
+ 2008-04-14 12:00 . 2010-12-20 22:14 532480 c:\windows\system32\dllcache\mstime.dll
- 2008-04-14 12:00 . 2010-11-05 05:02 532480 c:\windows\system32\dllcache\mstime.dll
- 2008-04-14 12:00 . 2010-11-05 05:02 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-04-14 12:00 . 2010-12-20 22:14 449024 c:\windows\system32\dllcache\mshtmled.dll
- 2008-04-14 12:00 . 2009-06-25 08:27 729088 c:\windows\system32\dllcache\lsasrv.dll
+ 2008-04-14 12:00 . 2010-12-20 17:25 729088 c:\windows\system32\dllcache\lsasrv.dll
+ 2008-04-14 12:00 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
- 2008-04-14 12:00 . 2009-06-25 08:27 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2008-04-14 12:00 . 2010-12-20 22:14 251904 c:\windows\system32\dllcache\iepeers.dll
- 2008-04-14 12:00 . 2010-11-05 05:02 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2008-04-14 12:00 . 2011-01-07 14:09 290048 c:\windows\system32\dllcache\atmfd.dll
- 2008-04-14 12:00 . 2010-10-28 13:09 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2008-04-14 12:00 . 2011-01-21 14:44 8466432 c:\windows\system32\shell32.dll
- 2008-04-14 12:00 . 2010-07-27 06:30 8466432 c:\windows\system32\shell32.dll
- 2008-04-14 12:00 . 2010-11-05 05:02 1510912 c:\windows\system32\shdocvw.dll
+ 2008-04-14 12:00 . 2010-12-20 22:14 1510912 c:\windows\system32\shdocvw.dll
+ 2008-04-14 12:00 . 2010-12-20 22:14 3099136 c:\windows\system32\mshtml.dll
- 2008-09-23 14:35 . 2011-02-11 13:19 3953280 c:\windows\system32\FNTCACHE.DAT
+ 2008-09-23 14:35 . 2011-02-13 12:03 3953280 c:\windows\system32\FNTCACHE.DAT
+ 2008-04-14 12:00 . 2010-12-31 14:04 1854976 c:\windows\system32\dllcache\win32k.sys
+ 2008-04-14 12:00 . 2011-01-21 14:44 8466432 c:\windows\system32\dllcache\shell32.dll
- 2008-04-14 12:00 . 2010-07-27 06:30 8466432 c:\windows\system32\dllcache\shell32.dll
- 2008-04-14 12:00 . 2010-11-05 05:02 1510912 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-04-14 12:00 . 2010-12-20 22:14 1510912 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-04-14 12:00 . 2010-12-20 22:14 3099136 c:\windows\system32\dllcache\mshtml.dll
+ 2008-04-14 12:00 . 2010-12-20 22:14 1025024 c:\windows\system32\dllcache\browseui.dll
- 2008-04-14 12:00 . 2010-11-05 05:02 1025024 c:\windows\system32\dllcache\browseui.dll
- 2008-04-14 12:00 . 2010-11-05 05:02 1025024 c:\windows\system32\browseui.dll
+ 2008-04-14 12:00 . 2010-12-20 22:14 1025024 c:\windows\system32\browseui.dll
+ 2008-09-23 09:42 . 2011-02-13 11:34 37443528 c:\windows\system32\MRT.exe
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2010-11-17 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 89541]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ACU"="c:\program files\Atheros\ACU.exe" [2007-05-03 376921]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2007-10-19 180224]
"MemoryCardManager"="c:\program files\Lexmark\Lexmark Precision Photo\MemCard.exe" [2004-02-02 139264]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-02-26 2140880]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UVS11 Preload"=c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\Andrew\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\andrew_cze\\counter-strike source\\hl2.exe"=

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [23.9.2008 10:18 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [23.9.2008 10:18 35712]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.9.2008 8:51 717296]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [26.2.2010 5:41 114984]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [26.2.2010 5:41 810120]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [23.9.2008 10:56 9088]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys --> c:\windows\system32\drivers\sfdrv01a.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8.3.2010 16:31 135664]
S2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [23.9.2008 10:56 40960]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.8.2008 5:46 284016]
S3 Amps2prt;Compatible PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [19.4.2007 14:45 14336]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Andrew\LOCALS~1\Temp\EMM51.tmp --> c:\docume~1\Andrew\LOCALS~1\Temp\EMM51.tmp [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 uafilter;uafilter;c:\windows\system32\DRIVERS\uafilter.sys --> c:\windows\system32\DRIVERS\uafilter.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11.1.2011 22:06 11520]
.
Obsah adresáře 'Naplánované úlohy'

2011-02-13 c:\windows\Tasks\AdobeAAMUpdater-1.0-ONDRA-Andrew.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-11-30 13:23]

2011-02-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2011-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 15:31]

2011-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 15:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.garena.com/portal/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Andrew\Data aplikací\Mozilla\Firefox\Profiles\i00rlgws.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-13 17:36
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Andrew\LOCALS~1\Temp\EMM51.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1935655697-706699826-1644491937-1006\Software\SecuROM\License information*]
"datasecu"=hex:e2,b7,8a,19,6b,cf,08,1c,af,67,91,ea,8a,d6,00,de,d8,e8,ff,7b,d4,
75,2c,26,61,a5,30,38,16,7b,b8,59,37,6f,c0,77,8e,dc,0d,2a,d9,94,0d,d4,d5,fa,\
"rkeysecu"=hex:6c,86,55,c0,6a,5d,9e,bf,20,62,5d,59,0f,a1,be,18

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@DACL=(02 0010)
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Data aplikací\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000405
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{3B2ABF54-299A-46E4-B4C5-A8879DF6EE72}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.2.35.3"
"UniqueId"="000E12F74BC99A5C"
"ScannerBuild"=dword:000019ff
"ScannerVersionId"=dword:00001320
"ScannerVersion"="Locked/open ESET for status."
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1540)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3068)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2011-02-13 17:44:43
ComboFix-quarantined-files.txt 2011-02-13 16:44
ComboFix2.txt 2011-02-12 22:55

Před spuštěním: Volných bajtů: 109 692 235 776
Po spuštění: Volných bajtů: 109 661 659 136

- - End Of File - - C4A3DD63DA291F57E3BA439E62376A48

[Roli]

I když by to mělo patřit k wifi tak tohle :

C:\WINDOWS\system32\wsfwds.dll

otestuj na VIRUSTOTAL

(po načtení stránky klikni na tlačítko Procházet, najdi cestu k výše zmíněnému souboru a klikni na tlačítko Odeslat soubor

trvá to okolo deseti minut pak mi sem zkopíruj link, to je ten řádek nahoře v prohlížeči)

Pokud ti to napíše že soubor již byl testován nech otestovat znovu.

[Andrewus]

Ten soubor už v počítači nemám?! Nenašel jsem ho tam. (ale wi-fi mi funguje)

[Roli]

Ani když na VIRUSTOTAL místo Procházet cestu rovnou nakopíruješ ?

C:\WINDOWS\system32\wsfwds.dll

[Andrewus]

Ani když na VIRUSTOTAL místo Procházet cestu rovnou nakopíruješ ?

C:\WINDOWS\system32\wsfwds.dll

nevidím způsob jak by to šlo nakopírovat, kam. :/ je tam jenom :plocha není tam (adresa)

[Roli]

Tak nic neřeš to ono už to nejde.

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Pak spusť skener Cure It podle TOHOTO návodu

po skončení skenu chci sem výsledky.

(Upozornění je úchylně pomalý a je zapotřebí ho sledovat občas se na něco ptá)