rootkit iapdmz.sys - prosím o kontrolu logu

[riha]

Tak tady to máme, tak snad už je čisto

Logfile of random's system information tool 1.08 (written by random/random)
Run by Kluci at 2010-08-15 19:50:05
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 17 GB (6%) free of 305 GB
Total RAM: 3327 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:50:12, on 15.8.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kluci\Desktop\download\RSIT.exe
C:\Program Files\trend micro\Kluci.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.2.dll
O3 - Toolbar: &Seznam Lištička - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Listicka\Toolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Bonus.SSR.FR10] "C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kluci\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Wireless Utility.lnk = C:\Program Files\EDIMAX\Common\RaUI.exe
O8 - Extra context menu item: &Přelož do češtiny - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5034
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Hlede&j v ČR - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5033
O8 - Extra context menu item: Hledej v &encyklopedii - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5108
O8 - Extra context menu item: Hledej ve &světě - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5035
O8 - Extra context menu item: Hledej ve &zboží - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5107
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (file missing) (HKCU)
O16 - DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} (ToolbarInetInstall Control) - https://download.seznam.cz/listicka/toolbar2007.cab
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (o2c Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CardBusService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\CardBusService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Unknown owner - C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8861 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1878353276-2966735170-3526819948-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1878353276-2966735170-3526819948-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC7E636D-39AA-49b6-B511-65413DA137A1}]
IE Developer Toolbar BHO - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll [2007-03-01 623992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.2.dll [2010-05-19 1117976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B71B15CE-3093-459C-B764-AEB2486F2273} - &Seznam Lištička - C:\Program Files\Seznam\Listicka\Toolbar.dll [2007-11-04 793960]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-07-16 6253088]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2007-10-11 31232]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2009-01-21 92168]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-11-02 2508104]
"Bonus.SSR.FR10"=C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe [2009-11-30 940808]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Google Update"=C:\Users\Kluci\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-15 133104]
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2009-04-18 306088]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2010-05-19 462104]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2009-04-18 306088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk]
C:\PROGRA~1\COMMON~1\AVERME~1\AVERQU~1\AVERQU~1.EXE [2007-05-31 622592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO -viewer-.lnk]
C:\PROGRA~1\PANASO~1\PHOTOF~1\PHAUTO~1.EXE [2007-11-16 40960]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Wireless Utility.lnk - C:\Program Files\EDIMAX\Common\RaUI.exe

C:\Users\Kluci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-08-15 19:50:05 ----D---- C:\rsit
2010-08-15 16:06:34 ----D---- C:\Program Files\VS Revo Group
2010-08-14 22:32:56 ----SHD---- C:\$RECYCLE.BIN
2010-08-14 17:04:06 ----D---- C:\Windows\system32\vi-VN
2010-08-14 17:04:06 ----D---- C:\Windows\system32\eu-ES
2010-08-14 17:04:06 ----D---- C:\Windows\system32\ca-ES
2010-08-14 16:33:34 ----D---- C:\Program Files\trend micro
2010-08-14 15:56:47 ----D---- C:\Windows\system32\EventProviders
2010-08-13 11:02:37 ----D---- C:\totalcmd2
2010-08-13 11:02:37 ----A---- C:\Windows\UC.PIF
2010-08-13 11:02:37 ----A---- C:\Windows\RAR.PIF
2010-08-13 11:02:37 ----A---- C:\Windows\PKZIP.PIF
2010-08-13 11:02:37 ----A---- C:\Windows\PKUNZIP.PIF
2010-08-13 11:02:37 ----A---- C:\Windows\NOCLOSE.PIF
2010-08-13 11:02:37 ----A---- C:\Windows\LHA.PIF
2010-08-13 11:02:37 ----A---- C:\Windows\ARJ.PIF
2010-08-13 10:48:34 ----A---- C:\Windows\system32\drivers\NTHANDLE.SYS
2010-08-12 07:57:27 ----A---- C:\Windows\system32\mshtml.dll
2010-08-12 07:57:27 ----A---- C:\Windows\system32\iertutil.dll
2010-08-12 07:57:25 ----A---- C:\Windows\system32\ieframe.dll
2010-08-12 07:57:23 ----A---- C:\Windows\system32\urlmon.dll
2010-08-12 07:57:22 ----A---- C:\Windows\system32\msfeeds.dll
2010-08-12 07:57:22 ----A---- C:\Windows\system32\ie4uinit.exe
2010-08-12 07:57:21 ----A---- C:\Windows\system32\wininet.dll
2010-08-12 07:57:21 ----A---- C:\Windows\system32\mstime.dll
2010-08-12 07:57:21 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-12 07:57:20 ----A---- C:\Windows\system32\occache.dll
2010-08-12 07:57:20 ----A---- C:\Windows\system32\ieui.dll
2010-08-12 07:57:20 ----A---- C:\Windows\system32\iesysprep.dll
2010-08-12 07:57:20 ----A---- C:\Windows\system32\iepeers.dll
2010-08-12 07:57:19 ----A---- C:\Windows\system32\ieUnatt.exe
2010-08-12 07:57:18 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-12 07:57:18 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-12 07:57:18 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-12 07:57:18 ----A---- C:\Windows\system32\iesetup.dll
2010-08-12 07:57:18 ----A---- C:\Windows\system32\iernonce.dll
2010-08-12 07:57:13 ----A---- C:\Windows\system32\iccvid.dll
2010-08-12 07:57:09 ----A---- C:\Windows\system32\schannel.dll
2010-08-12 07:56:57 ----A---- C:\Windows\system32\win32k.sys
2010-08-12 07:56:50 ----A---- C:\Windows\system32\rtutils.dll
2010-08-12 07:56:44 ----A---- C:\Windows\system32\msxml3.dll
2010-08-12 07:56:36 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-12 07:56:33 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-12 07:56:24 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-12 07:56:23 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-12 07:56:13 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-11 20:15:35 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-08-11 19:39:36 ----D---- C:\Users\Kluci\AppData\Roaming\ESTsoft
2010-08-11 19:38:09 ----D---- C:\ProgramData\ESTsoft
2010-08-11 19:38:04 ----D---- C:\Program Files\ESTsoft
2010-08-11 19:25:16 ----D---- C:\Users\Kluci\AppData\Roaming\OOo-dev
2010-08-11 19:20:46 ----D---- C:\Program Files\OOo-dev 3
2010-08-11 19:20:12 ----D---- C:\ProgramData\Sun
2010-08-11 19:20:09 ----D---- C:\Program Files\Common Files\Java
2010-08-11 19:19:51 ----A---- C:\Windows\system32\javaws.exe
2010-08-11 19:19:51 ----A---- C:\Windows\system32\javaw.exe
2010-08-11 19:19:51 ----A---- C:\Windows\system32\java.exe
2010-08-11 19:19:51 ----A---- C:\Windows\system32\deployJava1.dll
2010-08-10 20:18:44 ----A---- C:\Windows\system32\drivers\iapdmz.sys
2010-08-10 16:42:37 ----A---- C:\Windows\system32\XAudio2_7.dll
2010-08-10 16:42:37 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2010-08-10 16:42:37 ----A---- C:\Windows\system32\xactengine3_7.dll
2010-08-10 16:42:37 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2010-08-10 16:42:36 ----A---- C:\Windows\system32\D3DX9_43.dll
2010-08-10 16:42:36 ----A---- C:\Windows\system32\d3dx11_43.dll
2010-08-10 16:42:36 ----A---- C:\Windows\system32\d3dx10_43.dll
2010-08-10 16:42:36 ----A---- C:\Windows\system32\d3dcsx_43.dll
2010-08-10 16:42:35 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-08-10 16:42:35 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-08-10 16:42:35 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-08-10 16:42:35 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-08-10 14:12:34 ----D---- C:\Program Files\Common Files\Steam
2010-08-10 14:12:31 ----D---- C:\Program Files\Steam
2010-08-03 08:24:59 ----A---- C:\Windows\system32\shell32.dll

======List of files/folders modified in the last 1 months======

2010-08-15 19:50:12 ----D---- C:\Windows\Prefetch
2010-08-15 19:50:09 ----D---- C:\Windows\Temp
2010-08-15 19:47:07 ----RD---- C:\Program Files
2010-08-15 19:46:45 ----D---- C:\Windows\System32
2010-08-15 19:43:50 ----SHD---- C:\System Volume Information
2010-08-15 19:43:43 ----SHD---- C:\Windows\Installer
2010-08-15 19:37:36 ----D---- C:\Windows\system32\catroot
2010-08-15 19:37:36 ----D---- C:\Windows\inf
2010-08-15 19:37:34 ----D---- C:\Program Files\Common Files
2010-08-15 19:36:03 ----D---- C:\Program Files\KigoVideoConverter
2010-08-15 19:34:07 ----D---- C:\Program Files\City Interactive
2010-08-15 19:20:50 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-15 19:20:50 ----D---- C:\Program Files\Ubisoft
2010-08-15 19:09:20 ----D---- C:\Windows\Debug
2010-08-15 19:09:20 ----D---- C:\Windows
2010-08-15 18:56:58 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-15 18:47:07 ----D---- C:\Users\Kluci\AppData\Roaming\ICQ
2010-08-15 18:45:19 ----D---- C:\Windows\Minidump
2010-08-15 18:17:34 ----D---- C:\Windows\tracing
2010-08-15 14:40:25 ----D---- C:\download
2010-08-15 13:57:19 ----D---- C:\Users\Kluci\AppData\Roaming\vlc
2010-08-15 13:49:38 ----D---- C:\Windows\winsxs
2010-08-15 13:49:23 ----D---- C:\Windows\system32\catroot2
2010-08-15 02:06:24 ----D---- C:\Users\Kluci\AppData\Roaming\Adobe
2010-08-14 23:19:21 ----D---- C:\Program Files\Alcohol Soft
2010-08-14 22:45:45 ----D---- C:\Windows\system32\drivers
2010-08-14 22:32:52 ----A---- C:\Windows\system.ini
2010-08-14 22:32:47 ----D---- C:\Windows\system32\drivers\etc
2010-08-14 22:30:58 ----D---- C:\Windows\system32\config
2010-08-14 22:30:58 ----D---- C:\Boot
2010-08-14 22:26:50 ----D---- C:\Windows\AppPatch
2010-08-14 20:24:22 ----D---- C:\Program Files\Adobe
2010-08-14 20:01:26 ----D---- C:\Windows\system32\wbem
2010-08-14 19:17:49 ----D---- C:\Windows\Microsoft.NET
2010-08-14 18:58:22 ----RSD---- C:\Windows\assembly
2010-08-14 17:34:26 ----D---- C:\ProgramData\NVIDIA
2010-08-14 17:34:02 ----D---- C:\Program Files\NVIDIA Corporation
2010-08-14 17:25:56 ----D---- C:\Windows\rescache
2010-08-14 17:07:35 ----D---- C:\Windows\system32\drivers\UMDF
2010-08-14 17:04:38 ----D---- C:\Program Files\Windows Mail
2010-08-14 17:04:38 ----D---- C:\Program Files\Windows Calendar
2010-08-14 17:04:38 ----D---- C:\Program Files\Movie Maker
2010-08-14 17:04:34 ----D---- C:\Program Files\Windows Sidebar
2010-08-14 17:04:34 ----D---- C:\Program Files\Windows Media Player
2010-08-14 17:04:34 ----D---- C:\Program Files\Windows Journal
2010-08-14 17:04:34 ----D---- C:\Program Files\Windows Collaboration
2010-08-14 17:04:34 ----D---- C:\Program Files\Internet Explorer
2010-08-14 17:04:33 ----D---- C:\Windows\servicing
2010-08-14 17:04:33 ----D---- C:\Windows\ehome
2010-08-14 17:04:33 ----D---- C:\Program Files\Windows Photo Gallery
2010-08-14 17:04:33 ----D---- C:\Program Files\Windows Defender
2010-08-14 17:04:33 ----D---- C:\Program Files\Common Files\System
2010-08-14 17:04:31 ----D---- C:\Windows\system32\XPSViewer
2010-08-14 17:04:31 ----D---- C:\Windows\system32\lv-LV
2010-08-14 17:04:31 ----D---- C:\Windows\system32\hr-HR
2010-08-14 17:04:31 ----D---- C:\Windows\system32\da-DK
2010-08-14 17:04:31 ----D---- C:\Windows\IME
2010-08-14 17:04:30 ----D---- C:\Windows\system32\sk-SK
2010-08-14 17:04:30 ----D---- C:\Windows\system32\ru-RU
2010-08-14 17:04:30 ----D---- C:\Windows\system32\oobe
2010-08-14 17:04:30 ----D---- C:\Windows\system32\migration
2010-08-14 17:04:30 ----D---- C:\Windows\system32\ko-KR
2010-08-14 17:04:30 ----D---- C:\Windows\system32\it-IT
2010-08-14 17:04:30 ----D---- C:\Windows\system32\fr-FR
2010-08-14 17:04:30 ----D---- C:\Windows\system32\et-EE
2010-08-14 17:04:30 ----D---- C:\Windows\system32\en-US
2010-08-14 17:04:30 ----D---- C:\Windows\system32\el-GR
2010-08-14 17:04:30 ----D---- C:\Windows\system32\de-DE
2010-08-14 17:04:30 ----D---- C:\Windows\system32\AdvancedInstallers
2010-08-14 17:04:29 ----D---- C:\Windows\system32\sv-SE
2010-08-14 17:04:29 ----D---- C:\Windows\system32\SLUI
2010-08-14 17:04:29 ----D---- C:\Windows\system32\setup
2010-08-14 17:04:29 ----D---- C:\Windows\system32\pt-PT
2010-08-14 17:04:29 ----D---- C:\Windows\system32\hu-HU
2010-08-14 17:04:29 ----D---- C:\Windows\system32\he-IL
2010-08-14 17:04:29 ----D---- C:\Windows\system32\fi-FI
2010-08-14 17:04:29 ----D---- C:\Windows\system32\cs-CZ
2010-08-14 17:04:29 ----D---- C:\Windows\system32\cs
2010-08-14 17:04:28 ----D---- C:\Windows\system32\zh-TW
2010-08-14 17:04:28 ----D---- C:\Windows\system32\zh-CN
2010-08-14 17:04:28 ----D---- C:\Windows\system32\uk-UA
2010-08-14 17:04:28 ----D---- C:\Windows\system32\tr-TR
2010-08-14 17:04:28 ----D---- C:\Windows\system32\th-TH
2010-08-14 17:04:28 ----D---- C:\Windows\system32\sr-Latn-CS
2010-08-14 17:04:28 ----D---- C:\Windows\system32\sl-SI
2010-08-14 17:04:28 ----D---- C:\Windows\system32\ro-RO
2010-08-14 17:04:28 ----D---- C:\Windows\system32\pl-PL
2010-08-14 17:04:28 ----D---- C:\Windows\system32\manifeststore
2010-08-14 17:04:28 ----D---- C:\Windows\system32\ja-JP
2010-08-14 17:04:28 ----D---- C:\Windows\system32\es-ES
2010-08-14 17:04:28 ----D---- C:\Windows\system32\drivers\cs-CZ
2010-08-14 17:04:28 ----D---- C:\Windows\system32\bg-BG
2010-08-14 17:04:23 ----D---- C:\Windows\system32\pt-BR
2010-08-14 17:04:23 ----D---- C:\Windows\system32\nl-NL
2010-08-14 17:04:23 ----D---- C:\Windows\system32\nb-NO
2010-08-14 17:04:23 ----D---- C:\Windows\system32\migwiz
2010-08-14 17:04:23 ----D---- C:\Windows\system32\lt-LT
2010-08-14 17:04:23 ----D---- C:\Windows\system32\ar-SA
2010-08-14 17:04:14 ----RSD---- C:\Windows\Fonts
2010-08-14 17:04:06 ----D---- C:\Windows\system32\Boot
2010-08-14 17:02:21 ----D---- C:\Windows\system32\RTCOM
2010-08-14 16:56:01 ----A---- C:\Windows\fonts\GlobalUserInterface.CompositeFont
2010-08-14 14:48:25 ----D---- C:\Users\Kluci\AppData\Roaming\dvdcss
2010-08-13 11:03:54 ----A---- C:\Windows\WINCMD.INI
2010-08-13 11:02:37 ----D---- C:\Windows\system
2010-08-13 10:44:45 ----D---- C:\Program Files\CCleaner
2010-08-13 09:23:09 ----D---- C:\Program Files\ICQ7.0
2010-08-13 09:00:55 ----D---- C:\ProgramData\Microsoft Help
2010-08-11 19:38:09 ----D---- C:\ProgramData
2010-08-10 20:17:10 ----D---- C:\Program Files\Opera
2010-08-03 20:09:31 ----A---- C:\Windows\system32\mrt.exe
2010-07-25 11:51:40 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2007-08-09 110624]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-07-09 43872]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-10-30 685816]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-07-21 121872]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R2 RMCAST;Ovladač protokolu RMCAST (Pgm); C:\Windows\system32\DRIVERS\RMCAST.sys [2009-04-11 113664]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 AVerBDA6x;AVerBDA6x service; C:\Windows\system32\DRIVERS\AVerBDA6x.sys [2007-06-01 835712]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-05-17 25280]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-16 2156312]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2008-01-16 489984]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-18 1040544]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-04-03 11573800]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2009-01-13 19336]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2009-01-13 49160]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys []
S3 aolhyccz;aolhyccz; C:\Windows\system32\drivers\aolhyccz.sys []
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2009-04-11 93696]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-04-11 93696]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [2007-09-25 15152]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2007-09-07 27672]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 tap0901_2gm;VPN Anonymizer Adapter; C:\Windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2009-01-13 29192]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2009-01-13 31240]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2009-01-13 14728]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-11-25 814344]
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2007-10-11 51712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exe [2007-12-26 53760]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 CardBusService;CardBusService; C:\Program Files\Common Files\AVerMedia\Service\CardBusService.exe [2007-04-24 188416]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-19 136176]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-03-16 129640]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-27 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-16 316664]

-----------------EOF-----------------

[vyosek]

A jeste Vam nedam pokoj

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy - predevsim tedy ICQ Toolbar, Listicku od Seznamu muzete nechat pokud pouzivate

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

• Vyskoci na Vas okenko, do ktereho zkopirujte text nize

• Kód: Vybrat vše

  services.msc

• Kliknete na OK
• Najdete sluzby nize
• Služba Google Update
• U kazde provedte toto
  • Klik na ni pravym mysidlem a zvolit Vlastnosti
  • Nyní klik na Zastavit
  • Typ spousteni nastavit na Zakazano
  • Potvrdte kliknutim na OK

Rucne smazte tyto soubory

• C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
  C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1878353276-2966735170-3526819948-1000Core.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1878353276-2966735170-3526819948-1000UA.job

Otevrete si poznamkovy blok

• Start->spustit->notepad
• Vlozte text nize

• Kód: Vybrat vše

  Windows Registry Editor Version 5.00
  
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1EF681F7-A04B-4D6D-9012-A307CCA55610}]
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "QuickTime Task"=-
  "Bonus.SSR.FR10"=-
  "SunJavaUpdateSched"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "Google Update"=-¨
  "WMPNSCFG"=-
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO -viewer-.lnk]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-

• Soubor ulozte jako oprava.reg
• Pri ukladani dejte ulozit jako typ Vsechny soubory (nastevni je uvedeno na obrazku nize)
• 
• Zavrit notepad a spustit dvojklikem oprava.reg
• Pripadny dotaz na zmenu registru potvrdte
• Okno jen problikne a opravi regsitry - soubor muzete smazat

Z logu je patrno, ze nepouzivate firewall - doporucuji doinstalovat

• k cemu je dobry http://www.viry.cz/forum/viewtopic.php?f=41&t=20980
• prehled osobnich firewallu http://www.viry.cz/forum/viewtopic.php?f=41&t=6523

[riha]

Tak jsem vše udělal jak jste psal a zapnul jsem Windows Firewall, je to postačující ochrana?

[vyosek]

No mate Win Vista, tam je uz fw daleko lepsi jak v XPeckach, ale samozrejme windowsovy fw je prvni na rade mezi hackery...ale pokud jste slusny uzivatel = neklikate na kdejakou blbinu na netu, tak by Vas mel ochranit

[riha]

Ok, to myslim jsem. Tak děkuji za pomoc

[vyosek]

Nemate zac, rad jsem pomohl Zase nekdy

[riha]

Tak se mi tam objevil další vir, ani nevím jak za tak krátkou dobu. Hlásí mi ho avast asi tak každých pět minut, vždy je to soubor ve složce C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\xxxx.tmp\[UPX] přičemž místo xxxx.tmp se tam každých pět minut vytvoří další soubor, například s názvem 2556.tmp, C167.tmp, 5721.tmp, EC8E.tmp... Avast to označuje jako Win32:Regrun-BF [Wrm]. Přidávám tedy log z rsit, jestli pomůže:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Kluci at 2010-08-18 12:49:51
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 11 GB (4%) free of 305 GB
Total RAM: 3327 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:50:16, on 18.8.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Kluci\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Seznam.cz\postak.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\EDIMAX\Common\RaUI.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Users\Kluci\Desktop\download\RSIT.exe
C:\Program Files\trend micro\Kluci.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.2.dll
O3 - Toolbar: &Seznam Lištička - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Listicka\Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kluci\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Wireless Utility.lnk = C:\Program Files\EDIMAX\Common\RaUI.exe
O8 - Extra context menu item: &Přelož do češtiny - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5034
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Hlede&j v ČR - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5033
O8 - Extra context menu item: Hledej v &encyklopedii - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5108
O8 - Extra context menu item: Hledej ve &světě - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5035
O8 - Extra context menu item: Hledej ve &zboží - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5107
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (file missing) (HKCU)
O16 - DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} (ToolbarInetInstall Control) - https://download.seznam.cz/listicka/toolbar2007.cab
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (o2c Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CardBusService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\CardBusService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Unknown owner - C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Windows Security Center Service (SvrWsc) - Erasdvad Qiquu - C:\Windows\system32\svrwsc.exe

--
End of file - 8425 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC7E636D-39AA-49b6-B511-65413DA137A1}]
IE Developer Toolbar BHO - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll [2007-03-01 623992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.2.dll [2010-05-19 1117976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B71B15CE-3093-459C-B764-AEB2486F2273} - &Seznam Lištička - C:\Program Files\Seznam\Listicka\Toolbar.dll [2007-11-04 793960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-07-16 6253088]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2007-10-11 31232]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2009-01-21 92168]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-11-02 2508104]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Google Update"=C:\Users\Kluci\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-15 133104]
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2009-04-18 306088]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2010-05-19 462104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk]
C:\PROGRA~1\COMMON~1\AVERME~1\AVERQU~1\AVERQU~1.EXE [2007-05-31 622592]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Wireless Utility.lnk - C:\Program Files\EDIMAX\Common\RaUI.exe

C:\Users\Kluci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-08-16 10:44:30 ----D---- C:\Program Files\Windows Portable Devices
2010-08-16 09:40:02 ----A---- C:\Windows\system32\UIRibbonRes.dll
2010-08-16 09:40:02 ----A---- C:\Windows\system32\UIRibbon.dll
2010-08-16 09:40:02 ----A---- C:\Windows\system32\UIAnimation.dll
2010-08-16 09:39:38 ----A---- C:\Windows\system32\WMPhoto.dll
2010-08-16 09:39:37 ----A---- C:\Windows\system32\XpsRasterService.dll
2010-08-16 09:39:37 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2010-08-16 09:39:37 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2010-08-16 09:39:37 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2010-08-16 09:39:37 ----A---- C:\Windows\system32\d3d10warp.dll
2010-08-16 09:39:37 ----A---- C:\Windows\system32\d2d1.dll
2010-08-16 09:39:37 ----A---- C:\Windows\system32\cdd.dll
2010-08-16 09:39:36 ----A---- C:\Windows\system32\xpsservices.dll
2010-08-16 09:39:36 ----A---- C:\Windows\system32\XpsPrint.dll
2010-08-16 09:39:36 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2010-08-16 09:39:36 ----A---- C:\Windows\system32\WindowsCodecs.dll
2010-08-16 09:39:36 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2010-08-16 09:39:36 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2010-08-16 09:39:36 ----A---- C:\Windows\system32\OpcServices.dll
2010-08-16 09:39:36 ----A---- C:\Windows\system32\FntCache.dll
2010-08-16 09:39:36 ----A---- C:\Windows\system32\dxdiagn.dll
2010-08-16 09:39:36 ----A---- C:\Windows\system32\dxdiag.exe
2010-08-16 09:39:36 ----A---- C:\Windows\system32\DWrite.dll
2010-08-16 09:39:35 ----A---- C:\Windows\system32\dxgi.dll
2010-08-16 09:39:35 ----A---- C:\Windows\system32\d3d11.dll
2010-08-16 09:39:35 ----A---- C:\Windows\system32\d3d10level9.dll
2010-08-16 09:39:35 ----A---- C:\Windows\system32\d3d10core.dll
2010-08-16 09:39:35 ----A---- C:\Windows\system32\d3d10_1core.dll
2010-08-16 09:39:35 ----A---- C:\Windows\system32\d3d10_1.dll
2010-08-16 09:39:35 ----A---- C:\Windows\system32\d3d10.dll
2010-08-16 09:39:10 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2010-08-16 09:39:10 ----A---- C:\Windows\system32\wpdbusenum.dll
2010-08-16 09:39:10 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2010-08-16 09:39:05 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2010-08-16 09:39:03 ----A---- C:\Windows\system32\WPDSp.dll
2010-08-16 09:39:03 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2010-08-16 09:39:03 ----A---- C:\Windows\system32\wpdshext.dll
2010-08-16 09:39:03 ----A---- C:\Windows\system32\wpd_ci.dll
2010-08-16 09:39:03 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2010-08-16 09:39:03 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2010-08-16 09:39:03 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2010-08-16 09:39:03 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2010-08-16 09:38:12 ----A---- C:\Windows\system32\UIAutomationCore.dll
2010-08-16 09:38:12 ----A---- C:\Windows\system32\oleaccrc.dll
2010-08-16 09:38:12 ----A---- C:\Windows\system32\oleacc.dll
2010-08-16 01:10:54 ----D---- C:\ProgramData\WindowsSearch
2010-08-15 19:50:05 ----D---- C:\rsit
2010-08-15 16:06:34 ----D---- C:\Program Files\VS Revo Group
2010-08-14 22:32:56 ----SHD---- C:\$RECYCLE.BIN
2010-08-14 17:04:06 ----D---- C:\Windows\system32\vi-VN
2010-08-14 17:04:06 ----D---- C:\Windows\system32\eu-ES
2010-08-14 17:04:06 ----D---- C:\Windows\system32\ca-ES
2010-08-14 16:33:34 ----D---- C:\Program Files\trend micro
2010-08-14 15:56:47 ----D---- C:\Windows\system32\EventProviders
2010-08-13 11:02:37 ----D---- C:\totalcmd2
2010-08-13 11:02:37 ----A---- C:\Windows\UC.PIF
2010-08-13 11:02:37 ----A---- C:\Windows\RAR.PIF
2010-08-13 11:02:37 ----A---- C:\Windows\PKZIP.PIF
2010-08-13 11:02:37 ----A---- C:\Windows\PKUNZIP.PIF
2010-08-13 11:02:37 ----A---- C:\Windows\NOCLOSE.PIF
2010-08-13 11:02:37 ----A---- C:\Windows\LHA.PIF
2010-08-13 11:02:37 ----A---- C:\Windows\ARJ.PIF
2010-08-13 10:48:34 ----A---- C:\Windows\system32\drivers\NTHANDLE.SYS
2010-08-12 07:57:27 ----A---- C:\Windows\system32\mshtml.dll
2010-08-12 07:57:27 ----A---- C:\Windows\system32\iertutil.dll
2010-08-12 07:57:25 ----A---- C:\Windows\system32\ieframe.dll
2010-08-12 07:57:23 ----A---- C:\Windows\system32\urlmon.dll
2010-08-12 07:57:22 ----A---- C:\Windows\system32\msfeeds.dll
2010-08-12 07:57:22 ----A---- C:\Windows\system32\ie4uinit.exe
2010-08-12 07:57:21 ----A---- C:\Windows\system32\wininet.dll
2010-08-12 07:57:21 ----A---- C:\Windows\system32\mstime.dll
2010-08-12 07:57:21 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-12 07:57:20 ----A---- C:\Windows\system32\occache.dll
2010-08-12 07:57:20 ----A---- C:\Windows\system32\ieui.dll
2010-08-12 07:57:20 ----A---- C:\Windows\system32\iesysprep.dll
2010-08-12 07:57:20 ----A---- C:\Windows\system32\iepeers.dll
2010-08-12 07:57:19 ----A---- C:\Windows\system32\ieUnatt.exe
2010-08-12 07:57:18 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-12 07:57:18 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-12 07:57:18 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-12 07:57:18 ----A---- C:\Windows\system32\iesetup.dll
2010-08-12 07:57:18 ----A---- C:\Windows\system32\iernonce.dll
2010-08-12 07:57:13 ----A---- C:\Windows\system32\iccvid.dll
2010-08-12 07:57:09 ----A---- C:\Windows\system32\schannel.dll
2010-08-12 07:56:57 ----A---- C:\Windows\system32\win32k.sys
2010-08-12 07:56:50 ----A---- C:\Windows\system32\rtutils.dll
2010-08-12 07:56:44 ----A---- C:\Windows\system32\msxml3.dll
2010-08-12 07:56:36 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-12 07:56:33 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-12 07:56:24 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-12 07:56:23 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-12 07:56:13 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-11 20:15:35 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-08-11 19:39:36 ----D---- C:\Users\Kluci\AppData\Roaming\ESTsoft
2010-08-11 19:38:09 ----D---- C:\ProgramData\ESTsoft
2010-08-11 19:38:04 ----D---- C:\Program Files\ESTsoft
2010-08-11 19:25:16 ----D---- C:\Users\Kluci\AppData\Roaming\OOo-dev
2010-08-11 19:20:46 ----D---- C:\Program Files\OOo-dev 3
2010-08-11 19:20:12 ----D---- C:\ProgramData\Sun
2010-08-11 19:20:09 ----D---- C:\Program Files\Common Files\Java
2010-08-11 19:19:51 ----A---- C:\Windows\system32\javaws.exe
2010-08-11 19:19:51 ----A---- C:\Windows\system32\javaw.exe
2010-08-11 19:19:51 ----A---- C:\Windows\system32\java.exe
2010-08-11 19:19:51 ----A---- C:\Windows\system32\deployJava1.dll
2010-08-10 20:18:44 ----A---- C:\Windows\system32\drivers\iapdmz.sys
2010-08-10 16:42:37 ----A---- C:\Windows\system32\XAudio2_7.dll
2010-08-10 16:42:37 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2010-08-10 16:42:37 ----A---- C:\Windows\system32\xactengine3_7.dll
2010-08-10 16:42:37 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2010-08-10 16:42:36 ----A---- C:\Windows\system32\D3DX9_43.dll
2010-08-10 16:42:36 ----A---- C:\Windows\system32\d3dx11_43.dll
2010-08-10 16:42:36 ----A---- C:\Windows\system32\d3dx10_43.dll
2010-08-10 16:42:36 ----A---- C:\Windows\system32\d3dcsx_43.dll
2010-08-10 16:42:35 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-08-10 16:42:35 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-08-10 16:42:35 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-08-10 16:42:35 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-08-10 14:12:34 ----D---- C:\Program Files\Common Files\Steam
2010-08-10 14:12:31 ----D---- C:\Program Files\Steam
2010-08-03 08:24:59 ----A---- C:\Windows\system32\shell32.dll

======List of files/folders modified in the last 1 months======

2010-08-18 12:49:52 ----D---- C:\Windows\Temp
2010-08-18 12:32:42 ----D---- C:\Windows\Prefetch
2010-08-18 10:33:19 ----D---- C:\Windows\tracing
2010-08-18 08:14:41 ----D---- C:\Windows\System32
2010-08-18 02:03:01 ----D---- C:\Users\Kluci\AppData\Roaming\ICQ
2010-08-17 12:14:59 ----SHD---- C:\Windows\Installer
2010-08-17 12:14:53 ----D---- C:\Program Files\Opera
2010-08-17 12:13:49 ----SHD---- C:\System Volume Information
2010-08-17 07:56:57 ----D---- C:\Windows\system32\catroot2
2010-08-16 13:00:02 ----D---- C:\download
2010-08-16 11:26:26 ----D---- C:\Windows\Microsoft.NET
2010-08-16 11:26:12 ----RSD---- C:\Windows\assembly
2010-08-16 11:03:37 ----D---- C:\Windows\rescache
2010-08-16 10:53:25 ----D---- C:\Windows\inf
2010-08-16 10:53:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-16 10:48:10 ----D---- C:\Windows\system32\Tasks
2010-08-16 10:46:27 ----D---- C:\Windows\system32\drivers\UMDF
2010-08-16 10:44:38 ----D---- C:\Windows
2010-08-16 10:44:31 ----D---- C:\Windows\system32\cs-CZ
2010-08-16 10:44:30 ----RD---- C:\Program Files
2010-08-16 10:44:30 ----D---- C:\Windows\system32\wbem
2010-08-16 10:44:30 ----D---- C:\Windows\system32\drivers\cs-CZ
2010-08-16 10:44:30 ----D---- C:\Windows\system32\drivers
2010-08-16 10:44:29 ----D---- C:\Windows\system32\zh-TW
2010-08-16 10:44:29 ----D---- C:\Windows\system32\zh-HK
2010-08-16 10:44:29 ----D---- C:\Windows\system32\zh-CN
2010-08-16 10:44:29 ----D---- C:\Windows\system32\uk-UA
2010-08-16 10:44:29 ----D---- C:\Windows\system32\tr-TR
2010-08-16 10:44:29 ----D---- C:\Windows\system32\th-TH
2010-08-16 10:44:29 ----D---- C:\Windows\system32\sv-SE
2010-08-16 10:44:29 ----D---- C:\Windows\system32\sr-Latn-CS
2010-08-16 10:44:29 ----D---- C:\Windows\system32\sl-SI
2010-08-16 10:44:29 ----D---- C:\Windows\system32\sk-SK
2010-08-16 10:44:29 ----D---- C:\Windows\system32\ru-RU
2010-08-16 10:44:29 ----D---- C:\Windows\system32\ro-RO
2010-08-16 10:44:29 ----D---- C:\Windows\system32\pt-PT
2010-08-16 10:44:29 ----D---- C:\Windows\system32\pt-BR
2010-08-16 10:44:29 ----D---- C:\Windows\system32\pl-PL
2010-08-16 10:44:29 ----D---- C:\Windows\system32\nl-NL
2010-08-16 10:44:29 ----D---- C:\Windows\system32\lv-LV
2010-08-16 10:44:29 ----D---- C:\Windows\system32\lt-LT
2010-08-16 10:44:29 ----D---- C:\Windows\system32\ko-KR
2010-08-16 10:44:29 ----D---- C:\Windows\system32\ja-JP
2010-08-16 10:44:29 ----D---- C:\Windows\system32\it-IT
2010-08-16 10:44:29 ----D---- C:\Windows\system32\hu-HU
2010-08-16 10:44:29 ----D---- C:\Windows\system32\hr-HR
2010-08-16 10:44:29 ----D---- C:\Windows\system32\he-IL
2010-08-16 10:44:29 ----D---- C:\Windows\system32\fr-FR
2010-08-16 10:44:29 ----D---- C:\Windows\system32\fi-FI
2010-08-16 10:44:29 ----D---- C:\Windows\system32\et-EE
2010-08-16 10:44:29 ----D---- C:\Windows\system32\es-ES
2010-08-16 10:44:29 ----D---- C:\Windows\system32\el-GR
2010-08-16 10:44:29 ----D---- C:\Windows\system32\de-DE
2010-08-16 10:44:29 ----D---- C:\Windows\system32\bg-BG
2010-08-16 10:44:29 ----D---- C:\Windows\system32\ar-SA
2010-08-16 10:44:28 ----D---- C:\Windows\system32\nb-NO
2010-08-16 10:44:28 ----D---- C:\Windows\system32\en-US
2010-08-16 10:44:28 ----D---- C:\Windows\system32\da-DK
2010-08-16 09:40:27 ----D---- C:\Windows\winsxs
2010-08-16 09:40:17 ----D---- C:\Windows\system32\catroot
2010-08-16 01:10:54 ----D---- C:\ProgramData
2010-08-15 20:44:41 ----D---- C:\Windows\Tasks
2010-08-15 19:37:34 ----D---- C:\Program Files\Common Files
2010-08-15 19:36:03 ----D---- C:\Program Files\KigoVideoConverter
2010-08-15 19:34:07 ----D---- C:\Program Files\City Interactive
2010-08-15 19:20:50 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-15 19:20:50 ----D---- C:\Program Files\Ubisoft
2010-08-15 19:09:20 ----D---- C:\Windows\Debug
2010-08-15 18:45:19 ----D---- C:\Windows\Minidump
2010-08-15 13:57:19 ----D---- C:\Users\Kluci\AppData\Roaming\vlc
2010-08-15 02:06:24 ----D---- C:\Users\Kluci\AppData\Roaming\Adobe
2010-08-14 23:19:21 ----D---- C:\Program Files\Alcohol Soft
2010-08-14 22:32:52 ----A---- C:\Windows\system.ini
2010-08-14 22:32:47 ----D---- C:\Windows\system32\drivers\etc
2010-08-14 22:30:58 ----D---- C:\Windows\system32\config
2010-08-14 22:30:58 ----D---- C:\Boot
2010-08-14 22:26:50 ----D---- C:\Windows\AppPatch
2010-08-14 20:24:22 ----D---- C:\Program Files\Adobe
2010-08-14 17:34:26 ----D---- C:\ProgramData\NVIDIA
2010-08-14 17:34:02 ----D---- C:\Program Files\NVIDIA Corporation
2010-08-14 17:04:38 ----D---- C:\Program Files\Windows Mail
2010-08-14 17:04:38 ----D---- C:\Program Files\Windows Calendar
2010-08-14 17:04:38 ----D---- C:\Program Files\Movie Maker
2010-08-14 17:04:34 ----D---- C:\Program Files\Windows Sidebar
2010-08-14 17:04:34 ----D---- C:\Program Files\Windows Media Player
2010-08-14 17:04:34 ----D---- C:\Program Files\Windows Journal
2010-08-14 17:04:34 ----D---- C:\Program Files\Windows Collaboration
2010-08-14 17:04:34 ----D---- C:\Program Files\Internet Explorer
2010-08-14 17:04:33 ----D---- C:\Windows\servicing
2010-08-14 17:04:33 ----D---- C:\Windows\ehome
2010-08-14 17:04:33 ----D---- C:\Program Files\Windows Photo Gallery
2010-08-14 17:04:33 ----D---- C:\Program Files\Windows Defender
2010-08-14 17:04:33 ----D---- C:\Program Files\Common Files\System
2010-08-14 17:04:31 ----D---- C:\Windows\system32\XPSViewer
2010-08-14 17:04:31 ----D---- C:\Windows\IME
2010-08-14 17:04:30 ----D---- C:\Windows\system32\oobe
2010-08-14 17:04:30 ----D---- C:\Windows\system32\migration
2010-08-14 17:04:30 ----D---- C:\Windows\system32\AdvancedInstallers
2010-08-14 17:04:29 ----D---- C:\Windows\system32\SLUI
2010-08-14 17:04:29 ----D---- C:\Windows\system32\setup
2010-08-14 17:04:29 ----D---- C:\Windows\system32\cs
2010-08-14 17:04:28 ----D---- C:\Windows\system32\manifeststore
2010-08-14 17:04:23 ----D---- C:\Windows\system32\migwiz
2010-08-14 17:04:14 ----RSD---- C:\Windows\Fonts
2010-08-14 17:04:06 ----D---- C:\Windows\system32\Boot
2010-08-14 17:02:21 ----D---- C:\Windows\system32\RTCOM
2010-08-14 16:56:01 ----A---- C:\Windows\fonts\GlobalUserInterface.CompositeFont
2010-08-14 14:48:25 ----D---- C:\Users\Kluci\AppData\Roaming\dvdcss
2010-08-13 11:03:54 ----A---- C:\Windows\WINCMD.INI
2010-08-13 11:02:37 ----D---- C:\Windows\system
2010-08-13 10:44:45 ----D---- C:\Program Files\CCleaner
2010-08-13 09:23:09 ----D---- C:\Program Files\ICQ7.0
2010-08-13 09:00:55 ----D---- C:\ProgramData\Microsoft Help
2010-08-03 20:09:31 ----A---- C:\Windows\system32\mrt.exe
2010-07-25 11:51:40 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2007-08-09 110624]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-07-09 43872]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-10-30 685816]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-07-21 121872]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R2 RMCAST;Ovladač protokolu RMCAST (Pgm); C:\Windows\system32\DRIVERS\RMCAST.sys [2009-04-11 113664]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 AVerBDA6x;AVerBDA6x service; C:\Windows\system32\DRIVERS\AVerBDA6x.sys [2007-06-01 835712]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-05-17 25280]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-16 2156312]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2008-01-16 489984]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-18 1040544]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-04-03 11573800]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2009-01-13 19336]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2009-01-13 49160]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 ac6dbl6a;ac6dbl6a; C:\Windows\system32\drivers\ac6dbl6a.sys []
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys []
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2009-04-11 93696]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-04-11 93696]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [2007-09-25 15152]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2007-09-07 27672]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 tap0901_2gm;VPN Anonymizer Adapter; C:\Windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2009-01-13 29192]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2009-01-13 31240]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2009-01-13 14728]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-11-25 814344]
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2007-10-11 51712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-03-16 129640]
R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exe [2007-12-26 53760]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 CardBusService;CardBusService; C:\Program Files\Common Files\AVerMedia\Service\CardBusService.exe [2007-04-24 188416]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe []
S2 SvrWsc;Windows Security Center Service; C:\Windows\system32\svrwsc.exe [2008-01-19 358400]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-27 654848]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-16 316664]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-19 136176]

-----------------EOF-----------------

[riha]

Tak se mi tam objevil další vir, ani nevím jak za tak krátkou dobu. Hlásí mi ho avast asi tak každých pět minut, vždy je to soubor ve složce C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\xxxx.tmp\[UPX] přičemž místo xxxx.tmp se tam každých pět minut vytvoří další soubor, například s názvem 2556.tmp, C167.tmp, 5721.tmp, EC8E.tmp... Avast to označuje jako Win32:Regrun-BF [Wrm]. Přidávám tedy log z rsit, jestli pomůže:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Kluci at 2010-08-18 12:49:51
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 11 GB (4%) free of 305 GB
Total RAM: 3327 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:50:16, on 18.8.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Kluci\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Seznam.cz\postak.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\EDIMAX\Common\RaUI.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Users\Kluci\Desktop\download\RSIT.exe
C:\Program Files\trend micro\Kluci.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.2.dll
O3 - Toolbar: &Seznam Lištička - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Listicka\Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kluci\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Wireless Utility.lnk = C:\Program Files\EDIMAX\Common\RaUI.exe
O8 - Extra context menu item: &Přelož do češtiny - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5034
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Hlede&j v ČR - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5033
O8 - Extra context menu item: Hledej v &encyklopedii - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5108
O8 - Extra context menu item: Hledej ve &světě - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5035
O8 - Extra context menu item: Hledej ve &zboží - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5107
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (file missing) (HKCU)
O16 - DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} (ToolbarInetInstall Control) - https://download.seznam.cz/listicka/toolbar2007.cab
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (o2c Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CardBusService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\CardBusService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Unknown owner - C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Windows Security Center Service (SvrWsc) - Erasdvad Qiquu - C:\Windows\system32\svrwsc.exe

--
End of file - 8425 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC7E636D-39AA-49b6-B511-65413DA137A1}]
IE Developer Toolbar BHO - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll [2007-03-01 623992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.2.dll [2010-05-19 1117976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B71B15CE-3093-459C-B764-AEB2486F2273} - &Seznam Lištička - C:\Program Files\Seznam\Listicka\Toolbar.dll [2007-11-04 793960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-07-16 6253088]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2007-10-11 31232]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2009-01-21 92168]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-11-02 2508104]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Google Update"=C:\Users\Kluci\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-15 133104]
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2009-04-18 306088]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2010-05-19 462104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk]
C:\PROGRA~1\COMMON~1\AVERME~1\AVERQU~1\AVERQU~1.EXE [2007-05-31 622592]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Wireless Utility.lnk - C:\Program Files\EDIMAX\Common\RaUI.exe

C:\Users\Kluci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-08-16 10:44:30 ----D---- C:\Program Files\Windows Portable Devices
2010-08-16 09:40:02 ----A---- C:\Windows\system32\UIRibbonRes.dll
2010-08-16 09:40:02 ----A---- C:\Windows\system32\UIRibbon.dll
2010-08-16 09:40:02 ----A---- C:\Windows\system32\UIAnimation.dll
2010-08-16 09:39:38 ----A---- C:\Windows\system32\WMPhoto.dll
2010-08-16 09:39:37 ----A---- C:\Windows\system32\XpsRasterService.dll
2010-08-16 09:39:37 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2010-08-16 09:39:37 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2010-08-16 09:39:37 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2010-08-16 09:39:37 ----A---- C:\Windows\system32\d3d10warp.dll
2010-08-16 09:39:37 ----A---- C:\Windows\system32\d2d1.dll
2010-08-16 09:39:37 ----A---- C:\Windows\system32\cdd.dll
2010-08-16 09:39:36 ----A---- C:\Windows\system32\xpsservices.dll
2010-08-16 09:39:36 ----A---- C:\Windows\system32\XpsPrint.dll
2010-08-16 09:39:36 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2010-08-16 09:39:36 ----A---- C:\Windows\system32\WindowsCodecs.dll
2010-08-16 09:39:36 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2010-08-16 09:39:36 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2010-08-16 09:39:36 ----A---- C:\Windows\system32\OpcServices.dll
2010-08-16 09:39:36 ----A---- C:\Windows\system32\FntCache.dll
2010-08-16 09:39:36 ----A---- C:\Windows\system32\dxdiagn.dll
2010-08-16 09:39:36 ----A---- C:\Windows\system32\dxdiag.exe
2010-08-16 09:39:36 ----A---- C:\Windows\system32\DWrite.dll
2010-08-16 09:39:35 ----A---- C:\Windows\system32\dxgi.dll
2010-08-16 09:39:35 ----A---- C:\Windows\system32\d3d11.dll
2010-08-16 09:39:35 ----A---- C:\Windows\system32\d3d10level9.dll
2010-08-16 09:39:35 ----A---- C:\Windows\system32\d3d10core.dll
2010-08-16 09:39:35 ----A---- C:\Windows\system32\d3d10_1core.dll
2010-08-16 09:39:35 ----A---- C:\Windows\system32\d3d10_1.dll
2010-08-16 09:39:35 ----A---- C:\Windows\system32\d3d10.dll
2010-08-16 09:39:10 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2010-08-16 09:39:10 ----A---- C:\Windows\system32\wpdbusenum.dll
2010-08-16 09:39:10 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2010-08-16 09:39:05 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2010-08-16 09:39:03 ----A---- C:\Windows\system32\WPDSp.dll
2010-08-16 09:39:03 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2010-08-16 09:39:03 ----A---- C:\Windows\system32\wpdshext.dll
2010-08-16 09:39:03 ----A---- C:\Windows\system32\wpd_ci.dll
2010-08-16 09:39:03 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2010-08-16 09:39:03 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2010-08-16 09:39:03 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2010-08-16 09:39:03 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2010-08-16 09:38:12 ----A---- C:\Windows\system32\UIAutomationCore.dll
2010-08-16 09:38:12 ----A---- C:\Windows\system32\oleaccrc.dll
2010-08-16 09:38:12 ----A---- C:\Windows\system32\oleacc.dll
2010-08-16 01:10:54 ----D---- C:\ProgramData\WindowsSearch
2010-08-15 19:50:05 ----D---- C:\rsit
2010-08-15 16:06:34 ----D---- C:\Program Files\VS Revo Group
2010-08-14 22:32:56 ----SHD---- C:\$RECYCLE.BIN
2010-08-14 17:04:06 ----D---- C:\Windows\system32\vi-VN
2010-08-14 17:04:06 ----D---- C:\Windows\system32\eu-ES
2010-08-14 17:04:06 ----D---- C:\Windows\system32\ca-ES
2010-08-14 16:33:34 ----D---- C:\Program Files\trend micro
2010-08-14 15:56:47 ----D---- C:\Windows\system32\EventProviders
2010-08-13 11:02:37 ----D---- C:\totalcmd2
2010-08-13 11:02:37 ----A---- C:\Windows\UC.PIF
2010-08-13 11:02:37 ----A---- C:\Windows\RAR.PIF
2010-08-13 11:02:37 ----A---- C:\Windows\PKZIP.PIF
2010-08-13 11:02:37 ----A---- C:\Windows\PKUNZIP.PIF
2010-08-13 11:02:37 ----A---- C:\Windows\NOCLOSE.PIF
2010-08-13 11:02:37 ----A---- C:\Windows\LHA.PIF
2010-08-13 11:02:37 ----A---- C:\Windows\ARJ.PIF
2010-08-13 10:48:34 ----A---- C:\Windows\system32\drivers\NTHANDLE.SYS
2010-08-12 07:57:27 ----A---- C:\Windows\system32\mshtml.dll
2010-08-12 07:57:27 ----A---- C:\Windows\system32\iertutil.dll
2010-08-12 07:57:25 ----A---- C:\Windows\system32\ieframe.dll
2010-08-12 07:57:23 ----A---- C:\Windows\system32\urlmon.dll
2010-08-12 07:57:22 ----A---- C:\Windows\system32\msfeeds.dll
2010-08-12 07:57:22 ----A---- C:\Windows\system32\ie4uinit.exe
2010-08-12 07:57:21 ----A---- C:\Windows\system32\wininet.dll
2010-08-12 07:57:21 ----A---- C:\Windows\system32\mstime.dll
2010-08-12 07:57:21 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-12 07:57:20 ----A---- C:\Windows\system32\occache.dll
2010-08-12 07:57:20 ----A---- C:\Windows\system32\ieui.dll
2010-08-12 07:57:20 ----A---- C:\Windows\system32\iesysprep.dll
2010-08-12 07:57:20 ----A---- C:\Windows\system32\iepeers.dll
2010-08-12 07:57:19 ----A---- C:\Windows\system32\ieUnatt.exe
2010-08-12 07:57:18 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-12 07:57:18 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-12 07:57:18 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-12 07:57:18 ----A---- C:\Windows\system32\iesetup.dll
2010-08-12 07:57:18 ----A---- C:\Windows\system32\iernonce.dll
2010-08-12 07:57:13 ----A---- C:\Windows\system32\iccvid.dll
2010-08-12 07:57:09 ----A---- C:\Windows\system32\schannel.dll
2010-08-12 07:56:57 ----A---- C:\Windows\system32\win32k.sys
2010-08-12 07:56:50 ----A---- C:\Windows\system32\rtutils.dll
2010-08-12 07:56:44 ----A---- C:\Windows\system32\msxml3.dll
2010-08-12 07:56:36 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-12 07:56:33 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-12 07:56:24 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-12 07:56:23 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-12 07:56:13 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-11 20:15:35 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-08-11 19:39:36 ----D---- C:\Users\Kluci\AppData\Roaming\ESTsoft
2010-08-11 19:38:09 ----D---- C:\ProgramData\ESTsoft
2010-08-11 19:38:04 ----D---- C:\Program Files\ESTsoft
2010-08-11 19:25:16 ----D---- C:\Users\Kluci\AppData\Roaming\OOo-dev
2010-08-11 19:20:46 ----D---- C:\Program Files\OOo-dev 3
2010-08-11 19:20:12 ----D---- C:\ProgramData\Sun
2010-08-11 19:20:09 ----D---- C:\Program Files\Common Files\Java
2010-08-11 19:19:51 ----A---- C:\Windows\system32\javaws.exe
2010-08-11 19:19:51 ----A---- C:\Windows\system32\javaw.exe
2010-08-11 19:19:51 ----A---- C:\Windows\system32\java.exe
2010-08-11 19:19:51 ----A---- C:\Windows\system32\deployJava1.dll
2010-08-10 20:18:44 ----A---- C:\Windows\system32\drivers\iapdmz.sys
2010-08-10 16:42:37 ----A---- C:\Windows\system32\XAudio2_7.dll
2010-08-10 16:42:37 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2010-08-10 16:42:37 ----A---- C:\Windows\system32\xactengine3_7.dll
2010-08-10 16:42:37 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2010-08-10 16:42:36 ----A---- C:\Windows\system32\D3DX9_43.dll
2010-08-10 16:42:36 ----A---- C:\Windows\system32\d3dx11_43.dll
2010-08-10 16:42:36 ----A---- C:\Windows\system32\d3dx10_43.dll
2010-08-10 16:42:36 ----A---- C:\Windows\system32\d3dcsx_43.dll
2010-08-10 16:42:35 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-08-10 16:42:35 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-08-10 16:42:35 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-08-10 16:42:35 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-08-10 14:12:34 ----D---- C:\Program Files\Common Files\Steam
2010-08-10 14:12:31 ----D---- C:\Program Files\Steam
2010-08-03 08:24:59 ----A---- C:\Windows\system32\shell32.dll

======List of files/folders modified in the last 1 months======

2010-08-18 12:49:52 ----D---- C:\Windows\Temp
2010-08-18 12:32:42 ----D---- C:\Windows\Prefetch
2010-08-18 10:33:19 ----D---- C:\Windows\tracing
2010-08-18 08:14:41 ----D---- C:\Windows\System32
2010-08-18 02:03:01 ----D---- C:\Users\Kluci\AppData\Roaming\ICQ
2010-08-17 12:14:59 ----SHD---- C:\Windows\Installer
2010-08-17 12:14:53 ----D---- C:\Program Files\Opera
2010-08-17 12:13:49 ----SHD---- C:\System Volume Information
2010-08-17 07:56:57 ----D---- C:\Windows\system32\catroot2
2010-08-16 13:00:02 ----D---- C:\download
2010-08-16 11:26:26 ----D---- C:\Windows\Microsoft.NET
2010-08-16 11:26:12 ----RSD---- C:\Windows\assembly
2010-08-16 11:03:37 ----D---- C:\Windows\rescache
2010-08-16 10:53:25 ----D---- C:\Windows\inf
2010-08-16 10:53:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-16 10:48:10 ----D---- C:\Windows\system32\Tasks
2010-08-16 10:46:27 ----D---- C:\Windows\system32\drivers\UMDF
2010-08-16 10:44:38 ----D---- C:\Windows
2010-08-16 10:44:31 ----D---- C:\Windows\system32\cs-CZ
2010-08-16 10:44:30 ----RD---- C:\Program Files
2010-08-16 10:44:30 ----D---- C:\Windows\system32\wbem
2010-08-16 10:44:30 ----D---- C:\Windows\system32\drivers\cs-CZ
2010-08-16 10:44:30 ----D---- C:\Windows\system32\drivers
2010-08-16 10:44:29 ----D---- C:\Windows\system32\zh-TW
2010-08-16 10:44:29 ----D---- C:\Windows\system32\zh-HK
2010-08-16 10:44:29 ----D---- C:\Windows\system32\zh-CN
2010-08-16 10:44:29 ----D---- C:\Windows\system32\uk-UA
2010-08-16 10:44:29 ----D---- C:\Windows\system32\tr-TR
2010-08-16 10:44:29 ----D---- C:\Windows\system32\th-TH
2010-08-16 10:44:29 ----D---- C:\Windows\system32\sv-SE
2010-08-16 10:44:29 ----D---- C:\Windows\system32\sr-Latn-CS
2010-08-16 10:44:29 ----D---- C:\Windows\system32\sl-SI
2010-08-16 10:44:29 ----D---- C:\Windows\system32\sk-SK
2010-08-16 10:44:29 ----D---- C:\Windows\system32\ru-RU
2010-08-16 10:44:29 ----D---- C:\Windows\system32\ro-RO
2010-08-16 10:44:29 ----D---- C:\Windows\system32\pt-PT
2010-08-16 10:44:29 ----D---- C:\Windows\system32\pt-BR
2010-08-16 10:44:29 ----D---- C:\Windows\system32\pl-PL
2010-08-16 10:44:29 ----D---- C:\Windows\system32\nl-NL
2010-08-16 10:44:29 ----D---- C:\Windows\system32\lv-LV
2010-08-16 10:44:29 ----D---- C:\Windows\system32\lt-LT
2010-08-16 10:44:29 ----D---- C:\Windows\system32\ko-KR
2010-08-16 10:44:29 ----D---- C:\Windows\system32\ja-JP
2010-08-16 10:44:29 ----D---- C:\Windows\system32\it-IT
2010-08-16 10:44:29 ----D---- C:\Windows\system32\hu-HU
2010-08-16 10:44:29 ----D---- C:\Windows\system32\hr-HR
2010-08-16 10:44:29 ----D---- C:\Windows\system32\he-IL
2010-08-16 10:44:29 ----D---- C:\Windows\system32\fr-FR
2010-08-16 10:44:29 ----D---- C:\Windows\system32\fi-FI
2010-08-16 10:44:29 ----D---- C:\Windows\system32\et-EE
2010-08-16 10:44:29 ----D---- C:\Windows\system32\es-ES
2010-08-16 10:44:29 ----D---- C:\Windows\system32\el-GR
2010-08-16 10:44:29 ----D---- C:\Windows\system32\de-DE
2010-08-16 10:44:29 ----D---- C:\Windows\system32\bg-BG
2010-08-16 10:44:29 ----D---- C:\Windows\system32\ar-SA
2010-08-16 10:44:28 ----D---- C:\Windows\system32\nb-NO
2010-08-16 10:44:28 ----D---- C:\Windows\system32\en-US
2010-08-16 10:44:28 ----D---- C:\Windows\system32\da-DK
2010-08-16 09:40:27 ----D---- C:\Windows\winsxs
2010-08-16 09:40:17 ----D---- C:\Windows\system32\catroot
2010-08-16 01:10:54 ----D---- C:\ProgramData
2010-08-15 20:44:41 ----D---- C:\Windows\Tasks
2010-08-15 19:37:34 ----D---- C:\Program Files\Common Files
2010-08-15 19:36:03 ----D---- C:\Program Files\KigoVideoConverter
2010-08-15 19:34:07 ----D---- C:\Program Files\City Interactive
2010-08-15 19:20:50 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-15 19:20:50 ----D---- C:\Program Files\Ubisoft
2010-08-15 19:09:20 ----D---- C:\Windows\Debug
2010-08-15 18:45:19 ----D---- C:\Windows\Minidump
2010-08-15 13:57:19 ----D---- C:\Users\Kluci\AppData\Roaming\vlc
2010-08-15 02:06:24 ----D---- C:\Users\Kluci\AppData\Roaming\Adobe
2010-08-14 23:19:21 ----D---- C:\Program Files\Alcohol Soft
2010-08-14 22:32:52 ----A---- C:\Windows\system.ini
2010-08-14 22:32:47 ----D---- C:\Windows\system32\drivers\etc
2010-08-14 22:30:58 ----D---- C:\Windows\system32\config
2010-08-14 22:30:58 ----D---- C:\Boot
2010-08-14 22:26:50 ----D---- C:\Windows\AppPatch
2010-08-14 20:24:22 ----D---- C:\Program Files\Adobe
2010-08-14 17:34:26 ----D---- C:\ProgramData\NVIDIA
2010-08-14 17:34:02 ----D---- C:\Program Files\NVIDIA Corporation
2010-08-14 17:04:38 ----D---- C:\Program Files\Windows Mail
2010-08-14 17:04:38 ----D---- C:\Program Files\Windows Calendar
2010-08-14 17:04:38 ----D---- C:\Program Files\Movie Maker
2010-08-14 17:04:34 ----D---- C:\Program Files\Windows Sidebar
2010-08-14 17:04:34 ----D---- C:\Program Files\Windows Media Player
2010-08-14 17:04:34 ----D---- C:\Program Files\Windows Journal
2010-08-14 17:04:34 ----D---- C:\Program Files\Windows Collaboration
2010-08-14 17:04:34 ----D---- C:\Program Files\Internet Explorer
2010-08-14 17:04:33 ----D---- C:\Windows\servicing
2010-08-14 17:04:33 ----D---- C:\Windows\ehome
2010-08-14 17:04:33 ----D---- C:\Program Files\Windows Photo Gallery
2010-08-14 17:04:33 ----D---- C:\Program Files\Windows Defender
2010-08-14 17:04:33 ----D---- C:\Program Files\Common Files\System
2010-08-14 17:04:31 ----D---- C:\Windows\system32\XPSViewer
2010-08-14 17:04:31 ----D---- C:\Windows\IME
2010-08-14 17:04:30 ----D---- C:\Windows\system32\oobe
2010-08-14 17:04:30 ----D---- C:\Windows\system32\migration
2010-08-14 17:04:30 ----D---- C:\Windows\system32\AdvancedInstallers
2010-08-14 17:04:29 ----D---- C:\Windows\system32\SLUI
2010-08-14 17:04:29 ----D---- C:\Windows\system32\setup
2010-08-14 17:04:29 ----D---- C:\Windows\system32\cs
2010-08-14 17:04:28 ----D---- C:\Windows\system32\manifeststore
2010-08-14 17:04:23 ----D---- C:\Windows\system32\migwiz
2010-08-14 17:04:14 ----RSD---- C:\Windows\Fonts
2010-08-14 17:04:06 ----D---- C:\Windows\system32\Boot
2010-08-14 17:02:21 ----D---- C:\Windows\system32\RTCOM
2010-08-14 16:56:01 ----A---- C:\Windows\fonts\GlobalUserInterface.CompositeFont
2010-08-14 14:48:25 ----D---- C:\Users\Kluci\AppData\Roaming\dvdcss
2010-08-13 11:03:54 ----A---- C:\Windows\WINCMD.INI
2010-08-13 11:02:37 ----D---- C:\Windows\system
2010-08-13 10:44:45 ----D---- C:\Program Files\CCleaner
2010-08-13 09:23:09 ----D---- C:\Program Files\ICQ7.0
2010-08-13 09:00:55 ----D---- C:\ProgramData\Microsoft Help
2010-08-03 20:09:31 ----A---- C:\Windows\system32\mrt.exe
2010-07-25 11:51:40 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2007-08-09 110624]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-07-09 43872]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-10-30 685816]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-07-21 121872]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R2 RMCAST;Ovladač protokolu RMCAST (Pgm); C:\Windows\system32\DRIVERS\RMCAST.sys [2009-04-11 113664]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 AVerBDA6x;AVerBDA6x service; C:\Windows\system32\DRIVERS\AVerBDA6x.sys [2007-06-01 835712]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-05-17 25280]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-16 2156312]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2008-01-16 489984]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-18 1040544]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-04-03 11573800]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2009-01-13 19336]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2009-01-13 49160]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 ac6dbl6a;ac6dbl6a; C:\Windows\system32\drivers\ac6dbl6a.sys []
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys []
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2009-04-11 93696]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-04-11 93696]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [2007-09-25 15152]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2007-09-07 27672]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 tap0901_2gm;VPN Anonymizer Adapter; C:\Windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2009-01-13 29192]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2009-01-13 31240]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2009-01-13 14728]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-11-25 814344]
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2007-10-11 51712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-03-16 129640]
R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exe [2007-12-26 53760]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 CardBusService;CardBusService; C:\Program Files\Common Files\AVerMedia\Service\CardBusService.exe [2007-04-24 188416]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe []
S2 SvrWsc;Windows Security Center Service; C:\Windows\system32\svrwsc.exe [2008-01-19 358400]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-27 654848]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-16 316664]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-19 136176]

-----------------EOF-----------------

[vyosek]

Log vypada cisty, pouzijem vetsi kalibr

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte

[riha]

log z combofixu:

ComboFix 10-08-17.03 - Kluci 18.08.2010 13:47:32.3.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3327.2396 [GMT 2:00]
Spuštěný z: c:\users\Kluci\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Kluci\Documents\cc_20100815_191632.reg
c:\windows\system32\svrwsc.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SvrWsc


((((((((((((((((((((((((( Soubory vytvořené od 2010-07-18 do 2010-08-18 )))))))))))))))))))))))))))))))
.

2010-08-18 11:58 . 2010-08-18 12:00 -------- d-----w- c:\users\Kluci\AppData\Local\temp
2010-08-18 11:58 . 2010-08-18 11:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-18 11:58 . 2010-08-18 11:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-16 08:44 . 2010-08-16 08:44 -------- d-----w- c:\program files\Windows Portable Devices
2010-08-16 07:40 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-08-16 07:40 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-08-16 07:40 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-08-16 07:38 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-08-16 07:38 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-08-16 07:38 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-08-15 23:10 . 2010-08-15 23:10 -------- d-----w- c:\programdata\WindowsSearch
2010-08-15 17:50 . 2010-08-15 17:50 -------- d-----w- C:\rsit
2010-08-15 14:06 . 2010-08-15 14:06 -------- d-----w- c:\program files\VS Revo Group
2010-08-14 18:01 . 2010-08-18 11:42 -------- d-----w- c:\windows\system32\wbem\repository
2010-08-14 15:04 . 2010-08-14 15:04 -------- d-----w- c:\windows\system32\ca-ES
2010-08-14 15:04 . 2010-08-14 15:04 -------- d-----w- c:\windows\system32\eu-ES
2010-08-14 15:04 . 2010-08-14 15:04 -------- d-----w- c:\windows\system32\vi-VN
2010-08-14 14:33 . 2010-08-18 10:50 -------- d-----w- c:\program files\trend micro
2010-08-14 13:56 . 2010-08-14 13:56 -------- d-----w- c:\windows\system32\EventProviders
2010-08-13 09:02 . 2010-08-13 09:02 -------- d-----w- C:\totalcmd2
2010-08-13 09:02 . 2008-04-24 04:58 545 ----a-w- c:\windows\UC.PIF
2010-08-13 09:02 . 2008-04-24 04:58 545 ----a-w- c:\windows\RAR.PIF
2010-08-13 09:02 . 2008-04-24 04:58 545 ----a-w- c:\windows\PKZIP.PIF
2010-08-13 09:02 . 2008-04-24 04:58 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-08-13 09:02 . 2008-04-24 04:58 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-08-13 09:02 . 2008-04-24 04:58 545 ----a-w- c:\windows\LHA.PIF
2010-08-13 09:02 . 2008-04-24 04:58 545 ----a-w- c:\windows\ARJ.PIF
2010-08-13 09:02 . 2008-04-24 04:58 25808 ----a-w- c:\windows\system\CTL3DV2.DLL
2010-08-13 08:48 . 2010-08-13 08:50 3888 ----a-w- c:\windows\system32\drivers\NTHANDLE.SYS
2010-08-12 05:56 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 05:56 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 05:56 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 05:56 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-12 05:56 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 05:56 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 05:56 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 05:56 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-11 18:15 . 2010-08-11 18:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-11 17:39 . 2010-08-11 17:39 -------- d-----w- c:\users\Kluci\AppData\Roaming\ESTsoft
2010-08-11 17:38 . 2010-08-11 17:38 -------- d-----w- c:\programdata\ESTsoft
2010-08-11 17:38 . 2010-08-11 17:38 -------- d-----w- c:\program files\ESTsoft
2010-08-11 17:25 . 2010-08-11 17:25 -------- d-----w- c:\users\Kluci\AppData\Roaming\OOo-dev
2010-08-11 17:20 . 2010-08-11 17:37 -------- d-----w- c:\program files\OOo-dev 3
2010-08-11 17:20 . 2010-08-11 17:20 -------- d-----w- c:\program files\Common Files\Java
2010-08-11 17:19 . 2010-08-11 17:19 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-10 18:18 . 2010-08-14 20:31 585472 ----a-w- c:\windows\system32\drivers\iapdmz.sys
2010-08-10 14:45 . 2010-08-10 14:45 -------- d-----w- c:\users\Kluci\AppData\Local\2K Games
2010-08-10 14:42 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-10 14:42 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-10 14:42 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-10 14:42 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-10 14:42 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-10 14:42 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-10 14:42 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-10 14:42 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-08-10 14:42 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-08-10 14:42 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-08-10 14:42 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-08-10 14:42 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-08-10 12:12 . 2010-08-10 12:12 -------- d-----w- c:\program files\Common Files\Steam
2010-08-10 12:12 . 2010-08-11 18:23 -------- d-----w- c:\program files\Steam

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-18 12:00 . 2010-01-15 07:20 34901 ----a-w- c:\programdata\nvModes.dat
2010-08-18 00:03 . 2008-10-30 16:50 -------- d-----w- c:\users\Kluci\AppData\Roaming\ICQ
2010-08-17 10:14 . 2007-12-25 09:18 -------- d-----w- c:\program files\Opera
2010-08-16 08:53 . 2007-01-08 21:09 601854 ----a-w- c:\windows\system32\perfh005.dat
2010-08-16 08:53 . 2007-01-08 21:09 115998 ----a-w- c:\windows\system32\perfc005.dat
2010-08-16 08:44 . 2010-08-16 08:44 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-08-15 17:36 . 2009-01-25 18:01 -------- d-----w- c:\program files\KigoVideoConverter
2010-08-15 17:34 . 2009-01-06 19:52 -------- d-----w- c:\program files\City Interactive
2010-08-15 17:20 . 2008-11-27 18:36 -------- d-----w- c:\program files\Ubisoft
2010-08-15 17:20 . 2008-10-30 15:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-15 16:51 . 2008-10-30 15:12 108552 ----a-w- c:\users\Kluci\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-15 11:57 . 2009-09-05 20:21 -------- d-----w- c:\users\Kluci\AppData\Roaming\vlc
2010-08-14 21:19 . 2008-10-30 19:03 -------- d-----w- c:\program files\Alcohol Soft
2010-08-14 15:34 . 2008-10-30 15:31 -------- d-----w- c:\programdata\NVIDIA
2010-08-14 15:34 . 2010-03-25 19:12 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-14 15:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-08-14 15:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-14 15:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-08-14 15:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-08-14 15:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-08-14 15:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-08-14 15:04 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-08-14 12:48 . 2009-09-06 19:50 -------- d-----w- c:\users\Kluci\AppData\Roaming\dvdcss
2010-08-13 08:44 . 2008-12-12 13:32 -------- d-----w- c:\program files\CCleaner
2010-08-13 07:23 . 2010-01-19 17:46 -------- d-----w- c:\program files\ICQ7.0
2010-08-13 07:00 . 2008-11-27 18:23 -------- d-----w- c:\programdata\Microsoft Help
2010-08-10 18:17 . 2010-08-10 18:17 12 ----a-w- c:\users\Kluci\AppData\Roaming\bawuho.dat
2010-07-14 18:52 . 2008-10-30 19:48 -------- d-----w- c:\program files\MAXON
2010-07-14 17:24 . 2008-10-30 19:37 -------- d-----w- c:\users\Kluci\AppData\Roaming\MAXON
2010-07-13 21:35 . 2010-06-28 12:51 -------- d-----w- c:\program files\Grand Theft Auto IV - Episodes From Liberty City
2010-07-12 11:45 . 2009-05-13 18:12 16 ----a-w- c:\windows\msocreg32.dat
2010-06-26 06:05 . 2010-08-12 05:57 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 05:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-12 05:57 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-12 05:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-19 12:18 . 2009-01-01 17:03 -------- d-----w- c:\program files\Google
2010-06-11 16:16 . 2010-08-12 05:57 274944 ----a-w- c:\windows\system32\schannel.dll
2010-05-27 20:08 . 2010-08-12 05:57 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-05-26 17:06 . 2010-06-10 21:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 21:57 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-03 10:08 221568 ------w- c:\windows\system32\MpSigStub.exe
2009-07-08 08:54 . 2009-07-08 09:46 56800032 ----a-w- c:\program files\A2.dta
2009-04-18 12:08 . 2009-04-18 12:13 36206 ----a-w- c:\program files\handling.dat
2009-05-13 20:16 . 2009-05-13 17:12 80 --sh--r- c:\windows\System32\5B5B7B02B8.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"Google Update"="c:\users\Kluci\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-02-15 133104]
"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-04-18 306088]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-05-19 462104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-16 6253088]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]

c:\users\Kluci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Utility.lnk - c:\program files\EDIMAX\Common\RaUI.exe [2009-4-1 1040384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):0d,18,75,2f,c3,3b,cb,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1878353276-2966735170-3526819948-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [2007-04-23 188416]
R3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-19 136176]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-10-30 685816]
S1 aswSP;avast! Self Protection; [x]
S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-11-25 814344]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\DRIVERS\AVerBDA6x.sys [2007-06-01 835712]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-01-16 489984]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Doplňkový sken -------
.
mWindow Title = IE 4.01 (Microsoft Internet Explorer)
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = socks=
uSearchAssistant = hxxp://search.qip.ru/ie
IE: &Přelož do češtiny - c:\program files\Seznam\Listicka\Toolbar.dll/5034
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Hlede&j v ČR - c:\program files\Seznam\Listicka\Toolbar.dll/5033
IE: Hledej v &encyklopedii - c:\program files\Seznam\Listicka\Toolbar.dll/5108
IE: Hledej ve &světě - c:\program files\Seznam\Listicka\Toolbar.dll/5035
IE: Hledej ve &zboží - c:\program files\Seznam\Listicka\Toolbar.dll/5107
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxps://download.seznam.cz/listicka/toolbar2007.cab
DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} - hxxp://www.o2c.de/download/o2cplayer.cab
FF - ProfilePath - c:\users\Kluci\AppData\Roaming\Mozilla\Firefox\Profiles\2dmloifx.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\Kluci\AppData\Roaming\Mozilla\Firefox\Profiles\2dmloifx.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
FF - component: c:\users\Kluci\AppData\Roaming\Mozilla\Firefox\Profiles\2dmloifx.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\Kluci\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1878353276-2966735170-3526819948-1000\Software\SecuROM\License information*]
"datasecu"=hex:9f,97,16,1e,64,5f,4d,f1,17,72,ca,32,42,f2,16,0f,7d,72,3b,bd,13,
bb,1e,fd,d1,76,67,b1,05,c9,da,05,f3,b2,c5,a9,8b,08,15,78,e1,5b,9d,68,a0,83,\
"rkeysecu"=hex:0f,d2,12,e9,0e,51,68,b2,93,61,9a,33,0c,49,24,09
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(5180)
c:\program files\WinSCP\DragExt.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Rockstar Games\Rockstar Games Social Club\1_1_3_0\RGSC.exe
c:\program files\EDIMAX\Common\RalinkRegistryWriter.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Celkový čas: 2010-08-18 14:10:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-18 12:10

Před spuštěním: Volných bajtů: 12 198 457 344
Po spuštění: Volných bajtů: 11 837 448 192

- - End Of File - - 06F04991EB5DB762FEFDA26985C90B09

[vyosek]

Nekolik polozek smazano, log vypada cisty.
Jak se chova PC, Avast stale krici

[riha]

Smazal jsem teď ty soubory co se vytvořily v té složce a nové už se netvořej, takže už je to asi v pořádku. Ještě mám dotaz. Docela mě překvapilo že se mi tři dny po odstranění virů objevil nový, myslíte, že by to mohlo být způsobené tím, že nemám při zapínání počítače nastavené heslo? Mám tady jediného uživatele, tak by mě otravovalo ho vždy při zapínání zadávat, proto ho nepoužívám. Ale nepoužíval jsem ho nikdy a nějak to nevadilo nebo jsem o tom alespoň nevěděl

[vyosek]

Ja jsem na svem ntb taky sam a heslo mam - aspon se mi tam nemuze nikdo dostat

Kde se havet vzala tezko rici - klikanec na nejaky odkaz, mail, pres flesh disk,netusim...tim heslo bych nerekl ze to je...

Pro jistotu dame jeste mbam
Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

• Provedte aktualizaci - treti zalozka
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

[riha]

Tak tedy log z mbamu:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4445

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

18.8.2010 17:23:21
mbam-log-2010-08-18 (17-23-21).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 404365
Uplynulý čas: 1 hodina(y), 47 minuta(y), 7 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 7

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Program Files\Guitar Pro 6\guitarpro6-patch-Fixed.exe (Malware.Packer) -> No action taken.
C:\Program Files\Ubisoft\Heroes of Might and Magic V Collector Edition\Unleashed.exe (Malware.Packer.Krunchy) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\svrwsc.exe.vir (Trojan.Oficla) -> No action taken.
C:\Users\Kluci\Desktop\download\demopatch.exe (RiskWare.Tool.CK) -> No action taken.
C:\Users\Kluci\Desktop\download\programy, hry\adobe cs4\keygen.exe (Trojan.Agent) -> No action taken.
C:\Users\Kluci\Desktop\download\guitar\other\keygen.exe (RiskWare.Tool.CK) -> No action taken.
C:\Users\Kluci\Desktop\download\všechno možný\ScreenShots.exe (Trojan.Agent) -> No action taken.

[vyosek]

Vse co nasel MBAM smazte Tohle je nejlepsi cesta k haveti - cracky

Udelejte jeste kompletni sken Avastem ci neco nenajde, ale melo by byt cisto...