VIRY.CZ

Hotovo, zde je log z ComboFixu:

ComboFix 10-05-17.03 - Jirka 19.05.2010 12:41:18.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.503.215 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1201 [VPS 080801-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jirka\Data aplikací\ACD Systems\ACDSee\ImageDB.ddf
c:\program files\INSTALL.LOG
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WIN32X


((((((((((((((((((((((((( Soubory vytvořené od 2010-04-19 do 2010-05-19 )))))))))))))))))))))))))))))))
.

2010-05-18 05:43 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-18 05:43 . 2010-05-18 05:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 05:43 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-17 10:34 . 2010-05-17 10:34 -------- d-----w- C:\_OTL
2010-05-11 15:10 . 2010-05-11 15:10 270821 ----a-w- C:\UsbFix_Upload_Me_NB.zip
2010-05-11 14:57 . 2010-05-11 15:10 -------- d-----w- C:\UsbFix
2010-05-10 13:04 . 2010-05-10 13:04 -------- d-----w- c:\program files\trend micro
2010-05-10 13:04 . 2010-05-10 13:04 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-19 10:41 . 2005-12-28 10:35 -------- d-----w- c:\program files\ESET
2010-05-17 10:34 . 2004-08-18 12:00 62336 ----a-w- c:\windows\system32\perfc005.dat
2010-05-17 10:34 . 2004-08-18 12:00 379806 ----a-w- c:\windows\system32\perfh005.dat
2009-04-01 14:56 . 2005-12-28 11:47 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-04-01 14:56 . 2005-12-28 11:47 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-04-01 14:56 . 2006-12-29 09:33 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-04-01 14:56 . 2006-12-29 09:33 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-04-01 14:56 . 2005-12-28 11:47 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2006-06-15 18:33 . 2008-04-19 20:11 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 16:43 . 2008-04-19 20:11 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 12:41 . 2008-04-19 20:11 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 11:10 . 2008-04-19 20:11 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 10:19 . 2008-04-19 20:10 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2006-04-10 16:35 . 2008-04-19 20:11 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 09:10 . 2008-04-19 20:10 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 09:42 . 2008-04-19 20:10 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 09:22 . 2008-04-19 20:10 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 09:21 . 2008-04-19 20:10 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-04-19 20:11 . 2008-04-19 20:11 75 --sh--r- c:\windows\CT4CET.bin
2006-05-03 09:06 . 2008-07-09 21:03 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2008-07-09 21:03 31232 --sh--r- c:\windows\system32\msfDX.dll
.

------- Sigcheck -------

[-] 2009-01-06 21:18 . 2B3A5FAB253C1619F16D3A36DC318DA5 . 69632 . . [------] . . c:\windows\system32\userinit.exe
[7] 2008-04-14 . 7DC1830F22E7D275B438127B68030239 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2004-08-18 . 836F7960362FF95C5D49E40B891F2CFC . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2010-01-03 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 77824]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-20 88358]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-03-09 949376]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-25 1397760]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-30 148888]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-05 155648]
"C0130Mon.exe"="c:\windows\C0130Mon.exe" [2006-10-03 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 79224]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-11 524288]
"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2008-08-07 495616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 10:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Scan2Pc.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Sscan2io.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3.6.2008 20:45 78416]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [9.3.2007 11:21 15424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.6.2008 20:45 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13.1.2010 18:08 246520]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [19.4.2008 22:08 31616]
S2 gupdate1ca3e994ca319da;Služba Google Update (gupdate1ca3e994ca319da);c:\program files\Google\Update\GoogleUpdate.exe [26.9.2009 13:05 133104]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\drivers\adusbmdm65.sys [17.3.2006 14:05 64896]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\drivers\adusbser65.sys [17.3.2006 14:05 64896]
S3 elSerial;elSerial Filter driver;c:\windows\system32\drivers\elSerial.sys [2.11.2005 19:34 10112]
S3 gtcdcmdm;GTRAN USB CDC Driver (PID 3196);c:\windows\system32\DRIVERS\gtusbmdm_gpc6400.sys --> c:\windows\system32\DRIVERS\gtusbmdm_gpc6400.sys [?]
S3 ubi_bus;Ubiquam CDMA2000 Composite Device driver (WDM);c:\windows\system32\drivers\ubi_bus.sys [2.11.2005 19:34 58352]
S3 ubi_mdfl;Ubiquam CDMA2000 Filter;c:\windows\system32\drivers\ubi_mdfl.sys [2.11.2005 19:34 8336]
S3 ubi_mdm;Ubiquam CDMA2000 Drivers;c:\windows\system32\drivers\ubi_mdm.sys [2.11.2005 19:34 93872]
S3 VC0130Afx;VC130 Audio FX;c:\windows\system32\drivers\C0130Afx.sys [19.4.2008 22:20 142656]
S3 VC0130Aud;VC0130 Audio;c:\windows\system32\drivers\C0130Aud.sys [19.4.2008 22:20 94976]
S3 VC0130Dev;Live! Cam Notebook Ultra;c:\windows\system32\drivers\C0130Vid.sys [19.4.2008 22:20 690656]
S3 VC0130Vfx;VC0130 Video FX;c:\windows\system32\drivers\C0130Vfx.sys [19.4.2008 22:20 6912]
S3 VmbInfce;VmbInfce;c:\windows\system32\drivers\vmbinfce.sys [4.1.2006 10:26 50816]
.
Obsah adresáře 'Naplánované úlohy'

2010-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-26 11:05]

2010-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-26 11:05]
.
.
------- Doplňkový sken -------
.
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\kux4kwx3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Lexicon 4.0 - c:\windows\LgUninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-19 12:52
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1032)
c:\windows\system32\IWPDGINA.DLL
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(3180)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Eset\nod32krn.exe
c:\program files\Intel\Wireless\Bin\OProtSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\SOUNDMAN.EXE
c:\windows\AGRSMMSG.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
.
**************************************************************************
.
Celkový čas: 2010-05-19 12:57:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-19 10:57

Před spuštěním: Volných bajtů: 17 702 100 992
Po spuštění: Volných bajtů: 17 593 536 512

- - End Of File - - 1D68F20D1856F590C292F9851A9C76DE

Caroprd111 píše: Vyberte si jeden antivirus, zbývající odinstalujte

Pokud nemáte, přesuňte Combofix na plochu

• Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

• Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
• Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
  
  
• Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

ComboFix 10-05-17.03 - Jirka 19.05.2010 16:13:16.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.503.115 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jirka\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1201 [VPS 080801-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

Nakažená kopie c:\windows\system32\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\userinit.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-19 do 2010-05-19 )))))))))))))))))))))))))))))))
.

2010-05-18 05:43 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-18 05:43 . 2010-05-18 05:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 05:43 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-17 10:34 . 2010-05-17 10:34 -------- d-----w- C:\_OTL
2010-05-11 15:10 . 2010-05-11 15:10 270821 ----a-w- C:\UsbFix_Upload_Me_NB.zip
2010-05-11 14:57 . 2010-05-11 15:10 -------- d-----w- C:\UsbFix
2010-05-10 13:04 . 2010-05-10 13:04 -------- d-----w- c:\program files\trend micro
2010-05-10 13:04 . 2010-05-10 13:04 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-19 10:41 . 2005-12-28 10:35 -------- d-----w- c:\program files\ESET
2010-05-17 10:34 . 2004-08-18 12:00 62336 ----a-w- c:\windows\system32\perfc005.dat
2010-05-17 10:34 . 2004-08-18 12:00 379806 ----a-w- c:\windows\system32\perfh005.dat
2009-04-01 14:56 . 2005-12-28 11:47 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-04-01 14:56 . 2005-12-28 11:47 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-04-01 14:56 . 2006-12-29 09:33 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-04-01 14:56 . 2006-12-29 09:33 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-04-01 14:56 . 2005-12-28 11:47 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2006-06-15 18:33 . 2008-04-19 20:11 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 16:43 . 2008-04-19 20:11 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 12:41 . 2008-04-19 20:11 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 11:10 . 2008-04-19 20:11 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 10:19 . 2008-04-19 20:10 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2006-04-10 16:35 . 2008-04-19 20:11 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 09:10 . 2008-04-19 20:10 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 09:42 . 2008-04-19 20:10 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 09:22 . 2008-04-19 20:10 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 09:21 . 2008-04-19 20:10 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-04-19 20:11 . 2008-04-19 20:11 75 --sh--r- c:\windows\CT4CET.bin
2006-05-03 09:06 . 2008-07-09 21:03 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2008-07-09 21:03 31232 --sh--r- c:\windows\system32\msfDX.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2010-01-03 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 77824]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-20 88358]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-03-09 949376]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-25 1397760]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-30 148888]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-05 155648]
"C0130Mon.exe"="c:\windows\C0130Mon.exe" [2006-10-03 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 79224]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-11 524288]
"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2008-08-07 495616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 10:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Scan2Pc.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Sscan2io.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3.6.2008 20:45 78416]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [9.3.2007 11:21 15424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.6.2008 20:45 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13.1.2010 18:08 246520]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [19.4.2008 22:08 31616]
S2 gupdate1ca3e994ca319da;Služba Google Update (gupdate1ca3e994ca319da);c:\program files\Google\Update\GoogleUpdate.exe [26.9.2009 13:05 133104]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\drivers\adusbmdm65.sys [17.3.2006 14:05 64896]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\drivers\adusbser65.sys [17.3.2006 14:05 64896]
S3 elSerial;elSerial Filter driver;c:\windows\system32\drivers\elSerial.sys [2.11.2005 19:34 10112]
S3 gtcdcmdm;GTRAN USB CDC Driver (PID 3196);c:\windows\system32\DRIVERS\gtusbmdm_gpc6400.sys --> c:\windows\system32\DRIVERS\gtusbmdm_gpc6400.sys [?]
S3 ubi_bus;Ubiquam CDMA2000 Composite Device driver (WDM);c:\windows\system32\drivers\ubi_bus.sys [2.11.2005 19:34 58352]
S3 ubi_mdfl;Ubiquam CDMA2000 Filter;c:\windows\system32\drivers\ubi_mdfl.sys [2.11.2005 19:34 8336]
S3 ubi_mdm;Ubiquam CDMA2000 Drivers;c:\windows\system32\drivers\ubi_mdm.sys [2.11.2005 19:34 93872]
S3 VC0130Afx;VC130 Audio FX;c:\windows\system32\drivers\C0130Afx.sys [19.4.2008 22:20 142656]
S3 VC0130Aud;VC0130 Audio;c:\windows\system32\drivers\C0130Aud.sys [19.4.2008 22:20 94976]
S3 VC0130Dev;Live! Cam Notebook Ultra;c:\windows\system32\drivers\C0130Vid.sys [19.4.2008 22:20 690656]
S3 VC0130Vfx;VC0130 Video FX;c:\windows\system32\drivers\C0130Vfx.sys [19.4.2008 22:20 6912]
S3 VmbInfce;VmbInfce;c:\windows\system32\drivers\vmbinfce.sys [4.1.2006 10:26 50816]
.
Obsah adresáře 'Naplánované úlohy'

2010-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-26 11:05]

2010-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-26 11:05]
.
.
------- Doplňkový sken -------
.
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\kux4kwx3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-19 16:25
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1020)
c:\windows\system32\IWPDGINA.DLL
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(4016)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Eset\nod32krn.exe
c:\program files\Intel\Wireless\Bin\OProtSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\SOUNDMAN.EXE
c:\windows\AGRSMMSG.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
.
**************************************************************************
.
Celkový čas: 2010-05-19 16:31:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-19 14:31
ComboFix2.txt 2010-05-19 10:57

Před spuštěním: Volných bajtů: 17 601 630 208
Po spuštění: Volných bajtů: 17 568 669 696

- - End Of File - - E4EA5E01E47A2D67C35B7D31B182EE39

Odinstalujte všechny emulátory virtuálních mechanik.

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

• Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
• zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

• Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

Virtuální mechaniky nepoužívám, je to flash disk, který po připojení vytvoří virtuální mechaniku.

U SPTD nejde kliknout na Uninstall.

Zde je log z MBR:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK


Zde je log1 z GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-19 17:37:00
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Jirka\LOCALS~1\Temp\pxtdqpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )
AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset )
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

Zde je log2 z GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-20 10:22:13
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Jirka\LOCALS~1\Temp\pxtdqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Jirka\LOCALS~1\Temp\mbr.sys Systém nemůže nalézt uvedený soubor. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\00000089 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\0000008a sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\0000008b sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset )
AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)

---- EOF - GMER 1.0.15 ----

Jak to vypadá s PC

Myslím, že je v pořádku. Děkuji.

Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter



Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

• Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
• Po použití program vymažte. Pozor, antiviry ho mohou falešně označit za vir.

Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe

• Spusťte.
• Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

• Spusťte.
• Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

• Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.
  
  Záložka Čistič
• Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
  
  Záložka Registry
• Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
  OK Zavřít

Dejte nový log z RSIT.

Hotovo.

Logfile of random's system information tool 1.07 (written by random/random)
Run by Jirka at 2010-05-20 14:58:17
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (30%) free of 57 GB
Total RAM: 503 MB (29% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-30 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-30 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-15 385024]
"EOUApp"=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2004-10-15 356352]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-02-08 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-02-08 126976]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-01-20 77824]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-12-20 88358]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-10-08 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-10-08 688218]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-03-09 949376]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2005-07-25 1397760]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-30 148888]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-01-05 155648]
"C0130Mon.exe"=C:\WINDOWS\C0130Mon.exe [2006-10-03 32768]
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2008-08-11 524288]
"3170 Scan2PC"=C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe [2008-08-07 495616]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"=C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe [2007-06-07 155648]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2007-01-05 204288]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2010-01-03 172792]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Rychlé spuštění aplikace HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-02-08 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-10-15 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"HonorAutoRunSetting"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\ICQ\Icq.exe"="C:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\SightSpeed\SightSpeed.exe"="C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\WINDOWS\twain_32\Samsung\ScanMgr.exe"="C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger"
"C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe"="C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe:*:Enabled:ScanToPC"
"C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe"="C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe:*:Enabled:SScanToIO"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1e97f2e-eee0-11dc-bb4d-0040d075aa37}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2010-05-20 14:58:19 ----D---- C:\Program Files\trend micro
2010-05-20 14:58:17 ----D---- C:\rsit
2010-05-20 14:55:01 ----D---- C:\Program Files\CCleaner
2010-05-20 14:31:44 ----SHD---- C:\RECYCLER
2010-05-18 07:43:42 ----D---- C:\Documents and Settings\Jirka\Data aplikací\Malwarebytes
2010-05-18 07:43:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-05-18 07:43:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-11 17:10:30 ----RAD---- C:\autorun.inf

======List of files/folders modified in the last 1 months======

2010-05-20 14:58:19 ----RD---- C:\Program Files
2010-05-20 14:56:26 ----D---- C:\WINDOWS\Debug
2010-05-20 14:56:26 ----D---- C:\WINDOWS
2010-05-20 14:55:42 ----D---- C:\WINDOWS\Prefetch
2010-05-20 14:55:12 ----D---- C:\WINDOWS\Temp
2010-05-20 14:53:18 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-05-20 14:47:42 ----D---- C:\WINDOWS\Minidump
2010-05-20 14:47:01 ----SHD---- C:\System Volume Information
2010-05-20 14:47:01 ----D---- C:\WINDOWS\system32\Restore
2010-05-20 14:23:22 ----D---- C:\WINDOWS\system32\drivers
2010-05-19 17:03:51 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-19 16:39:32 ----D---- C:\WINDOWS\system32
2010-05-19 16:25:14 ----A---- C:\WINDOWS\system.ini
2010-05-19 16:17:49 ----D---- C:\WINDOWS\AppPatch
2010-05-19 16:17:44 ----D---- C:\Program Files\Common Files
2010-05-19 12:48:28 ----D---- C:\WINDOWS\system32\config
2010-05-19 12:41:18 ----D---- C:\Program Files\ESET
2010-05-19 12:26:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-05-17 12:34:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-11 17:11:28 ----D---- C:\Program Files\Mozilla Firefox
2010-04-28 23:32:56 ----D---- C:\DVD_KATAPULT
2010-04-28 18:59:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2010-04-28 08:44:18 ----D---- C:\Documents and Settings\Jirka\Data aplikací\ICQ
2010-04-21 19:07:00 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-25 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-07-25 28672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2007-03-09 15424]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.6.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-12-28 17119]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2007-03-09 512096]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-10-15 11354]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-12-20 1271463]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-01-28 2310272]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-02-08 804572]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual; C:\WINDOWS\system32\DRIVERS\livecamv.sys [2007-01-15 31616]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-10-15 71168]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-10-08 185824]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-29 3222784]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-25 101504]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501); C:\WINDOWS\system32\DRIVERS\adusbmdm65.sys [2005-05-02 64896]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501); C:\WINDOWS\system32\DRIVERS\adusbser65.sys [2005-05-02 64896]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 elSerial;elSerial Filter driver; C:\WINDOWS\system32\DRIVERS\elserial.sys [2005-09-02 10112]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 gtcdcmdm;GTRAN USB CDC Driver (PID 3196); C:\WINDOWS\system32\DRIVERS\gtusbmdm_gpc6400.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-15 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-15 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-15 21744]
S3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2008-04-13 63744]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-10-24 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 ubi_bus;Ubiquam CDMA2000 Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\ubi_bus.sys [2005-09-05 58352]
S3 ubi_mdfl;Ubiquam CDMA2000 Filter; C:\WINDOWS\system32\DRIVERS\ubi_mdfl.sys [2005-09-05 8336]
S3 ubi_mdm;Ubiquam CDMA2000 Drivers; C:\WINDOWS\system32\DRIVERS\ubi_mdm.sys [2005-09-05 93872]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VC0130Afx;VC130 Audio FX; C:\WINDOWS\system32\Drivers\C0130Afx.sys [2007-06-11 142656]
S3 VC0130Aud;VC0130 Audio; C:\WINDOWS\system32\Drivers\C0130Aud.sys [2007-03-28 94976]
S3 VC0130Dev;Live! Cam Notebook Ultra; C:\WINDOWS\system32\DRIVERS\C0130Vid.sys [2007-04-18 690656]
S3 VC0130Vfx;VC0130 Video FX; C:\WINDOWS\system32\DRIVERS\C0130VFx.sys [2006-06-20 6912]
S3 VmbInfce;VmbInfce; C:\WINDOWS\system32\drivers\vmbinfce.sys [2005-11-30 50816]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-10-15 86016]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-25 876032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-30 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-03-09 552064]
R2 OwnershipProtocol;OwnershipProtocol; C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe [2004-10-15 98304]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-10-15 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-10-15 360521]
R2 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2004-10-15 225353]
R2 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S2 gupdate1ca3e994ca319da;Služba Google Update (gupdate1ca3e994ca319da); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-26 133104]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-10-18 323584]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]

-----------------EOF-----------------

Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy.


V logu nevidím firewall, doinstalujte Přehled: http://www.viry.cz/forum/viewtopic.php?f=41&t=6523

ok, děkuji moc.

Nemáte zač