VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Havěť - pravděpodbně vir z FB

https://forum.viry.cz:443/viewtopic.php?t=114609

Stránka 2 z 3

Re: Havěť - pravděpodbně vir z FB

Napsal: 19 srp 2011 22:38
od kviki
ComboFix 11-08-19.02 - Martina Dreslerová 19.08.2011 23:16:51.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1014.504 [GMT 2:00]
Spuštěný z: c:\documents and settings\Martina Dreslerová\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Martina Dreslerová\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\program files\GOMPLAYERENSETUP.EXE"
"c:\program files\SoftonicDownloader_for_vlc-media-player.exe"
"c:\windows\l1rezerv.exe"
"c:\windows\systemup.exe"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ConduitEngine
c:\program files\ConduitEngine\appContextMenu.xml
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\ConduitEngineUninstall.exe
c:\program files\ConduitEngine\engineContextMenu.xml
c:\program files\ConduitEngine\EngineSettings.json
c:\program files\ConduitEngine\INSTALL.LOG
c:\program files\ConduitEngine\toolbar.cfg
c:\windows\update.7.1
c:\windows\update.7.1\svchostdriver.exe
c:\windows\update.tray-3-0
c:\windows\update.tray-3-0\svchost.exe
E:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DDSERVICE
-------\Service_ddservice
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-19 do 2011-08-19 )))))))))))))))))))))))))))))))
.
.
2011-08-19 20:09 . 2011-08-19 20:09 -------- d-----w- c:\documents and settings\Administrator
2011-08-19 19:55 . 2011-08-19 19:55 -------- d-----w- C:\_OTL
2011-08-19 19:30 . 2011-08-19 19:30 512 ----a-w- C:\PhysicalMBR.bin
2011-08-19 16:43 . 2011-08-19 16:43 -------- d-----w- c:\documents and settings\Martina Dreslerová\Data aplikací\Malwarebytes
2011-08-19 16:43 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-19 16:43 . 2011-08-19 16:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-08-19 16:43 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-19 16:43 . 2011-08-19 16:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-19 14:03 . 2011-08-19 14:04 -------- d-----w- c:\program files\trend micro
2011-08-19 14:03 . 2011-08-19 14:04 -------- d-----w- C:\rsit
2011-08-19 12:09 . 2011-08-19 12:09 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2011-08-04 07:53 . 2011-08-04 07:53 -------- d-----w- c:\program files\SHARP
2011-08-04 07:52 . 2008-10-29 12:18 98304 ----a-w- c:\windows\system32\SN0ELMON.dll
2011-08-04 07:52 . 2007-04-17 14:11 45056 ----a-w- c:\windows\system32\SN0EMTNT.dll
2011-08-04 07:52 . 2009-05-22 09:35 159836 ----a-w- c:\windows\_isusr32.dll
2011-08-04 07:52 . 2004-04-12 14:17 45056 ------w- c:\windows\system32\_isusr2k.dll
2011-08-04 07:52 . 2009-01-29 14:36 77492 ----a-w- c:\windows\system32\SCN2PM.dll
2011-08-04 07:52 . 2007-05-31 15:00 51855 ----a-w- c:\windows\system32\SCN2PMUI.dll
2011-08-04 07:52 . 2006-02-06 09:24 53248 ----a-w- c:\windows\system32\SCN2PMR.dll
2011-08-04 07:51 . 2011-08-04 07:52 -------- d-----w- c:\windows\system32\SCDRV
2011-08-04 07:51 . 2011-08-04 07:51 -------- d-----w- C:\Drivers
2011-07-24 08:10 . 2011-07-24 08:10 -------- d-----w- c:\program files\Common Files\Adobe
2011-07-22 09:32 . 2011-07-22 09:32 -------- d-----w- c:\documents and settings\Martina Dreslerová\Data aplikací\HypoKalk
2011-07-22 09:31 . 2011-07-22 09:31 -------- d-----w- c:\program files\Komerční Banka
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-24 08:39 . 2011-07-19 08:12 232960 ----a-w- c:\windows\l1rezerv.exe
2011-07-19 08:31 . 2011-07-19 07:59 246272 ----a-w- c:\windows\unrar.exe
2011-07-19 08:12 . 2011-07-19 08:12 114176 ----a-w- c:\windows\systemup.exe
2011-07-15 13:29 . 2009-12-23 18:07 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2009-12-23 18:07 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2009-12-24 02:16 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2009-12-23 18:07 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2009-12-23 18:07 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:31 . 2009-12-23 18:07 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2009-12-23 18:07 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2009-12-23 18:07 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-06 11:35 . 2009-12-23 18:07 1858944 ----a-w- c:\windows\system32\win32k.sys
2010-12-04 22:01 . 2010-12-04 22:01 293160 ----a-w- c:\program files\SoftonicDownloader_for_vlc-media-player.exe
2010-10-15 13:04 . 2010-10-15 13:04 7271080 ----a-w- c:\program files\GOMPLAYERENSETUP.EXE
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-19_20.43.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-19 21:24 . 2011-08-19 21:24 16384 c:\windows\Temp\Perflib_Perfdata_604.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-08-01 124480]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2010-03-25 402096]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-28 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-28 173592]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2010-01-29 751592]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-11-19 83240]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-05-12 2018032]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"CapsHook"="c:\program files\EeePC\CapsHook\CapsHook.exe" [2010-05-28 445344]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-27 19523616]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-06-26 118784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 1594664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-28 141336]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2010-05-17 1246632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Martina Dreslerov \Nabˇdka Start\Programy\Po spuçtŘnˇ\
Lingea Update Center.lnk - c:\program files\Common Files\Lingea Shared\luc.exe [2010-11-14 275736]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2010-3-18 385024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Martina Dreslerová^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\Martina Dreslerová\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"24654:TCP"= 24654:TCP:BitComet 24654 TCP
"24654:UDP"= 24654:UDP:BitComet 24654 UDP
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [18.3.2010 1:51 11520]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [26.9.2010 22:15 15424]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3.11.2009 10:34 44032]
R3 rtsuvc;Realtek USB2.0 PC Camera;c:\windows\system32\drivers\rtsuvc.sys [31.8.2010 0:29 73088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [31.8.2010 0:28 1691480]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [23.12.2009 20:07 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-19 23:25
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3776)
c:\windows\system32\webcheck.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxext.exe
.
**************************************************************************
.
Celkový čas: 2011-08-19 23:28:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-19 21:28
ComboFix2.txt 2011-08-19 20:48
.
Před spuštěním: Volných bajtů: 43 360 657 408
Po spuštění: Volných bajtů: 43 329 122 304
.
- - End Of File - - 81E0384C8E77F8957BEA7EAF1F65E73D

Re: Havěť - pravděpodbně vir z FB

Napsal: 19 srp 2011 22:42
od kviki
Děkuji dnes za rady. Budu tady zase zítra cca od 8 hod.

Re: Havěť - pravděpodbně vir z FB

Napsal: 19 srp 2011 22:44
od Caroprd111
Ok :)

Poprosím Vás o nový log z OTL, musíme ještě něco pomazat.

Re: Havěť - pravděpodbně vir z FB

Napsal: 20 srp 2011 07:05
od kviki
Jsem zde, novy log

OTL logfile created on: 20.8.2011 7:39:15 - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\Martina Dreslerová\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1014,11 Mb Total Physical Memory | 608,98 Mb Available Physical Memory | 60,05% Memory free
2,39 Gb Paging File | 2,09 Gb Available in Paging File | 87,57% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80,01 Gb Total Space | 40,38 Gb Free Space | 50,47% Space Free | Partition Type: NTFS
Drive D: | 62,16 Gb Total Space | 6,73 Gb Free Space | 10,83% Space Free | Partition Type: NTFS

Computer Name: MARTINKA | User Name: Martina Dreslerová | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.08.19 21:22:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Martina Dreslerová\Plocha\OTL.exe
PRC - [2011.08.01 10:28:16 | 000,124,480 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7.5\ICQ.exe
PRC - [2010.11.14 23:35:38 | 000,275,736 | ---- | M] (Lingea) -- C:\Program Files\Common Files\Lingea Shared\luc.exe
PRC - [2010.09.16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.05.17 10:40:22 | 001,246,632 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
PRC - [2010.03.25 09:30:52 | 000,402,096 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
PRC - [2010.01.29 20:18:52 | 000,751,592 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2009.06.26 13:13:00 | 000,118,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsTray.exe
PRC - [2009.05.08 16:54:20 | 000,098,304 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe
PRC - [2009.04.30 19:49:42 | 000,385,024 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2010.09.16 22:04:50 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.09.16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.03.25 09:30:52 | 000,402,096 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
MOD - [2010.01.29 20:23:40 | 000,161,768 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\Enumeration.dll
MOD - [2010.01.29 20:18:52 | 000,751,592 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
MOD - [2010.01.29 20:17:26 | 000,120,808 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\ClientSocket.dll
MOD - [2009.08.28 01:29:08 | 000,182,240 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\Parser.dll
MOD - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NOD32krn)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2004.09.29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010.09.26 22:14:08 | 000,512,096 | ---- | M] (Eset ) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
DRV - [2010.09.26 22:14:04 | 000,015,424 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv)
DRV - [2010.04.27 10:10:52 | 006,031,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010.03.31 03:40:20 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2010.02.04 17:08:30 | 000,073,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtsuvc.sys -- (rtsuvc)
DRV - [2009.11.18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.08.12 01:04:30 | 001,582,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009.08.06 07:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009.07.27 09:09:52 | 000,044,032 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008.11.03 09:03:28 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008.04.08 18:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2011.08.19 23:24:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [CapsHook] C:\Program Files\EeePC\CapsHook\CapsHook.exe (ASUS)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\Martina Dreslerová\Nabídka Start\Programy\Po spuštění\Lingea Update Center.lnk = C:\Program Files\Common Files\Lingea Shared\luc.exe (Lingea)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.71.150.16 82.209.19.226
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/MARTIN~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.gif
O24 - Desktop Components:1 () - file:///C:/DOCUME~1/MARTIN~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg
O24 - Desktop Components:2 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Martina Dreslerová\Data aplikací\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Martina Dreslerová\Data aplikací\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.24 04:19:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.08.19 22:32:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.08.19 22:27:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.08.19 22:27:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.08.19 22:27:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.08.19 22:27:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.08.19 22:27:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.08.19 22:26:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.08.19 22:26:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Martina Dreslerová\Nabídka Start\Programy\Nástroje pro správu
[2011.08.19 22:24:16 | 004,178,757 | R--- | C] (Swearware) -- C:\Documents and Settings\Martina Dreslerová\Plocha\ComboFix.exe
[2011.08.19 21:55:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.08.19 21:25:14 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Martina Dreslerová\Plocha\OTL.exe
[2011.08.19 18:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martina Dreslerová\Data aplikací\Malwarebytes
[2011.08.19 18:43:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.08.19 18:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2011.08.19 18:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.08.19 18:43:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.08.19 18:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.19 16:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.08.19 16:03:51 | 000,000,000 | ---D | C] -- C:\rsit
[2011.08.19 14:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\Adobe
[2011.08.04 09:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\SHARP
[2011.08.04 09:52:45 | 000,098,304 | ---- | C] (SHARP CORPORATION) -- C:\WINDOWS\System32\SN0ELMON.dll
[2011.08.04 09:52:45 | 000,045,056 | ---- | C] (SHARP CORPORATION) -- C:\WINDOWS\System32\SN0EMTNT.dll
[2011.08.04 09:52:21 | 000,077,492 | ---- | C] (SHARP CORPORATION) -- C:\WINDOWS\System32\SCN2PM.dll
[2011.08.04 09:52:21 | 000,053,248 | ---- | C] (SHARP CORPORATION) -- C:\WINDOWS\System32\SCN2PMR.dll
[2011.08.04 09:52:21 | 000,051,855 | ---- | C] (SHARP CORPORATION) -- C:\WINDOWS\System32\SCN2PMUI.dll
[2011.08.04 09:51:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SCDRV
[2011.08.04 09:51:18 | 000,000,000 | ---D | C] -- C:\Drivers
[2011.07.24 10:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.07.22 11:32:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martina Dreslerová\Data aplikací\HypoKalk
[2011.07.22 11:31:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Komerční banka
[2011.07.22 11:31:09 | 000,000,000 | ---D | C] -- C:\Program Files\Komerční Banka
[2009.11.04 08:53:14 | 000,013,880 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2011.08.19 23:30:52 | 000,001,090 | ---- | M] () -- C:\Documents and Settings\Martina Dreslerová\Plocha\Registrace ASUS produktu.lnk
[2011.08.19 23:24:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.08.19 23:24:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.08.19 23:24:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.08.19 23:16:49 | 000,001,263 | ---- | M] () -- C:\CF-Submit.htm
[2011.08.19 22:32:05 | 000,000,331 | RHS- | M] () -- C:\boot.ini
[2011.08.19 22:24:16 | 004,178,757 | R--- | M] (Swearware) -- C:\Documents and Settings\Martina Dreslerová\Plocha\ComboFix.exe
[2011.08.19 22:13:02 | 000,000,215 | ---- | M] () -- C:\Boot.bak
[2011.08.19 21:30:00 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.08.19 21:22:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Martina Dreslerová\Plocha\OTL.exe
[2011.08.19 18:43:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.08.19 15:55:00 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Martina Dreslerová\Plocha\RSIT.exe
[2011.08.19 14:12:07 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hîsts
[2011.08.19 14:11:33 | 000,000,245 | ---- | M] () -- C:\WINDOWS\info1
[2011.08.18 22:48:31 | 000,134,144 | ---- | M] () -- C:\Documents and Settings\Martina Dreslerová\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.18 09:28:25 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2011.08.11 21:15:53 | 000,445,098 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.08.11 21:15:53 | 000,442,078 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2011.08.11 21:15:53 | 000,084,710 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2011.08.11 21:15:53 | 000,072,974 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.08.11 21:11:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.07.25 17:08:54 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011.07.24 10:39:32 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe
[2011.07.24 10:11:20 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2011.08.19 23:30:52 | 000,001,090 | ---- | C] () -- C:\Documents and Settings\Martina Dreslerová\Plocha\Registrace ASUS produktu.lnk
[2011.08.19 23:16:49 | 000,001,263 | ---- | C] () -- C:\CF-Submit.htm
[2011.08.19 22:32:05 | 000,000,215 | ---- | C] () -- C:\Boot.bak
[2011.08.19 22:32:02 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2011.08.19 22:27:32 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.08.19 22:27:32 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.08.19 22:27:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.08.19 22:27:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.08.19 22:27:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.08.19 21:30:00 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.08.19 18:43:30 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.08.19 16:03:44 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Martina Dreslerová\Plocha\RSIT.exe
[2011.08.04 14:22:19 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\Martina Dreslerová\Nabídka Start\Programy\Po spuštění\Lingea Update Center.lnk
[2011.08.04 14:22:19 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\SuperHybridEngine.lnk
[2011.08.04 09:52:48 | 000,008,698 | ---- | C] () -- C:\WINDOWS\font2.sii
[2011.08.04 09:52:48 | 000,004,907 | ---- | C] () -- C:\WINDOWS\font1.sii
[2011.08.04 09:52:45 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\SN0ELMON.dat
[2011.08.04 09:52:45 | 000,000,074 | ---- | C] () -- C:\WINDOWS\System32\SN0ELMON.mtx
[2011.08.04 09:52:43 | 000,009,834 | ---- | C] () -- C:\WINDOWS\System32\SN0EUD61.MCF
[2011.08.04 09:52:27 | 000,159,836 | ---- | C] () -- C:\WINDOWS\_isusr32.dll
[2011.08.04 09:52:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\_isusr2k.dll
[2011.08.04 09:52:21 | 000,042,138 | ---- | C] () -- C:\WINDOWS\System32\SCN2PM.chm
[2011.08.04 09:52:21 | 000,000,397 | ---- | C] () -- C:\WINDOWS\System32\SCN2PM.DAT
[2011.07.24 10:10:22 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2011.07.24 10:10:21 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Adobe Reader 9.lnk
[2011.07.19 10:12:58 | 000,232,960 | ---- | C] () -- C:\WINDOWS\l1rezerv.exe
[2011.07.19 10:12:31 | 000,114,176 | ---- | C] () -- C:\WINDOWS\systemup.exe
[2011.07.19 09:59:29 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe
[2011.07.19 09:41:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok
[2011.07.18 21:20:28 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ReminderNextRun
[2011.06.03 20:29:20 | 000,260,531 | ---- | C] () -- C:\WINDOWS\imgcvt.dat
[2011.05.20 20:32:14 | 000,192,456 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2011.05.20 19:16:58 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Martina Dreslerová\Local Settings\Data aplikací\Model_hp.ini
[2011.05.20 19:05:05 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\Martina Dreslerová\Local Settings\Data aplikací\User_hp.cds
[2011.03.06 22:36:08 | 000,068,509 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2011.03.06 22:36:08 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2010.12.05 12:47:24 | 000,002,439 | ---- | C] () -- C:\Program Files\Microsoft Office PowerPoint 2007 (2).lnk
[2010.12.05 00:01:01 | 000,293,160 | ---- | C] () -- C:\Program Files\SoftonicDownloader_for_vlc-media-player.exe
[2010.11.20 17:16:10 | 000,001,475 | ---- | C] () -- C:\Program Files\DivX Movies.lnk
[2010.10.15 15:04:15 | 007,271,080 | ---- | C] () -- C:\Program Files\GOMPLAYERENSETUP.EXE
[2010.09.27 23:21:55 | 000,000,815 | ---- | C] () -- C:\Program Files\Spustit prohlížeč Internet Explorer.lnk
[2010.09.26 22:15:22 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2010.09.04 14:41:42 | 000,134,144 | ---- | C] () -- C:\Documents and Settings\Martina Dreslerová\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.03 18:53:26 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010.09.02 20:30:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.09.01 19:26:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Martina Dreslerová\Data aplikací\wklnhst.dat
[2010.08.31 00:31:11 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Martina Dreslerová\Local Settings\Data aplikací\fusioncache.dat
[2010.08.31 00:28:32 | 000,004,692 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2010.08.31 00:28:32 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2010.07.08 08:33:18 | 000,025,616 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2010.07.08 08:33:18 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2010.03.18 04:51:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010.03.18 01:55:51 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uvcrecordfix.exe
[2010.03.18 01:55:51 | 000,024,576 | ---- | C] () -- C:\WINDOWS\Sleep.exe
[2010.03.18 01:51:56 | 000,011,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys
[2010.03.18 01:51:46 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010.03.18 01:48:49 | 000,013,930 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2009.12.24 04:21:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.12.24 04:17:31 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.12.23 20:13:57 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.12.23 20:13:06 | 000,346,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.12.23 20:07:27 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009.12.23 20:07:23 | 000,442,078 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2009.12.23 20:07:23 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2009.12.23 20:07:23 | 000,084,710 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2009.12.23 20:07:23 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2009.12.23 20:07:17 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009.12.23 20:07:16 | 000,445,098 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009.12.23 20:07:16 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009.12.23 20:07:16 | 000,072,974 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009.12.23 20:07:16 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009.12.23 20:07:16 | 000,004,562 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009.12.23 20:07:15 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009.12.23 20:07:15 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009.12.23 20:07:13 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009.12.23 20:07:13 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009.12.23 20:07:11 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009.12.23 20:07:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

< End of report >

Re: Havěť - pravděpodbně vir z FB

Napsal: 20 srp 2011 11:54
od Caroprd111
:arrow: dělal jste sken pomocí MBAM?


:arrow: Znovu spusťte OTL a do spodního bílého okna vložte následující skript. Poté klikněte na Opravit, PC se restartuje, výsledný log vložte sem.

Kód: Vybrat vše

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]

:OTL
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/MARTIN~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.gif
O24 - Desktop Components:1 () - file:///C:/DOCUME~1/MARTIN~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg
[2011.08.19 14:11:33 | 000,000,245 | ---- | M] () -- C:\WINDOWS\info1
[2011.07.24 10:39:32 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe
[2011.07.19 10:12:58 | 000,232,960 | ---- | C] () -- C:\WINDOWS\l1rezerv.exe
[2011.07.19 10:12:31 | 000,114,176 | ---- | C] () -- C:\WINDOWS\systemup.exe
[2011.07.19 09:59:29 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe
[2011.07.19 09:41:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok
[2010.03.18 01:55:51 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uvcrecordfix.exe
[2010.03.18 01:55:51 | 000,024,576 | ---- | C] () -- C:\WINDOWS\Sleep.exe

Re: Havěť - pravděpodbně vir z FB

Napsal: 20 srp 2011 15:15
od kviki
All processes killed
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: Martina Dreslerová
->Temp folder emptied: 170538 bytes
->Temporary Internet Files folder emptied: 1966391 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33103 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: Martina Dreslerová
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
File file:///C:/DOCUME~1/MARTIN~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.gif not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1\ deleted successfully.
File file:///C:/DOCUME~1/MARTIN~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg not found.
C:\WINDOWS\info1 moved successfully.
C:\WINDOWS\l1rezerv.exe moved successfully.
File C:\WINDOWS\l1rezerv.exe not found.
C:\WINDOWS\systemup.exe moved successfully.
C:\WINDOWS\unrar.exe moved successfully.
C:\WINDOWS\loader2.exe_ok moved successfully.
C:\WINDOWS\uvcrecordfix.exe moved successfully.
C:\WINDOWS\Sleep.exe moved successfully.

OTL by OldTimer - Version 3.2.26.5 log created on 08202011_160743

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Re: Havěť - pravděpodbně vir z FB

Napsal: 20 srp 2011 15:16
od kviki
MBAm jsem delal ale nez jsme zacli spolu vse resit. POuze jsem testnul PC. Zde je log:
PS: Chces aktualni?

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 7509

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19.8.2011 20:31:22
mbam-log-2011-08-19 (20-31-18).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 220842
Uplynulý čas: 43 minut, 21 sekund

Infikované procesy v paměti: 9
Infikované moduly v paměti: 0
Infikované klíče v registru: 10
Infikované hodnoty v registru: 14
Infikované datové položky v registru: 3
Infikované složky: 1
Infikované soubory: 81

Infikované procesy v paměti:
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Agent.H) -> 1860 -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Agent.H) -> 256 -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Agent.H) -> 1224 -> No action taken.
c:\WINDOWS\systemup.exe (Trojan.Agent) -> 2964 -> No action taken.
c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> 3040 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 3564 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 3788 -> No action taken.
c:\WINDOWS\update.1\svchost.exe (Trojan.Agent) -> 1460 -> No action taken.
c:\WINDOWS\update.tray-3-0\svchost.exe (Trojan.Agent) -> 2556 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Agent.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent.H) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent) -> Value: systemup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent.H) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2727915.exe (Trojan.Agent.H) -> Value: 2727915.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\79826616-loader2.exe (Trojan.Agent.H) -> Value: 79826616-loader2.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2046629.exe (Trojan.Agent.H) -> Value: 2046629.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8049229.exe (Trojan.Agent.H) -> Value: 8049229.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\w_distrib.exe (Trojan.Downloader) -> Value: w_distrib.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Backdoor.Agent) -> Value: wxpdrv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Agent) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\474558.exe (Trojan.Downloader.Gen) -> Value: 474558.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
c:\WINDOWS\rpcminer (Trojan.BCMiner) -> No action taken.

Infikované soubory:
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Agent.H) -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Agent.H) -> No action taken.
c:\WINDOWS\systemup.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\sysdriver32_.exe (Trojan.Agent.H) -> No action taken.
c:\WINDOWS\Temp\2727915.exe (Trojan.Agent.H) -> No action taken.
c:\WINDOWS\Temp\79826616-loader2.exe (Trojan.Agent.H) -> No action taken.
c:\WINDOWS\Temp\2046629.exe (Trojan.Agent.H) -> No action taken.
c:\documents and settings\martina dreslerová\local settings\Temp\8049229.exe (Trojan.Agent.H) -> No action taken.
c:\system volume information\_restore{c0194ea1-9818-4ae4-8921-d214faf0968c}\RP103\A0030352.exe (Trojan.BCMiner) -> No action taken.
c:\system volume information\_restore{c0194ea1-9818-4ae4-8921-d214faf0968c}\RP103\A0030487.exe (Trojan.Agent.H) -> No action taken.
c:\system volume information\_restore{c0194ea1-9818-4ae4-8921-d214faf0968c}\RP103\A0030488.exe (Trojan.Agent.H) -> No action taken.
c:\system volume information\_restore{c0194ea1-9818-4ae4-8921-d214faf0968c}\RP103\A0030490.exe (Trojan.Downloader.H) -> No action taken.
c:\system volume information\_restore{c0194ea1-9818-4ae4-8921-d214faf0968c}\RP104\A0031811.exe (Trojan.Agent.H) -> No action taken.
c:\system volume information\_restore{c0194ea1-9818-4ae4-8921-d214faf0968c}\RP104\A0031812.exe (Trojan.Agent.H) -> No action taken.
c:\system volume information\_restore{c0194ea1-9818-4ae4-8921-d214faf0968c}\RP104\A0031937.exe (Trojan.Downloader.H) -> No action taken.
c:\system volume information\_restore{c0194ea1-9818-4ae4-8921-d214faf0968c}\RP105\A0032007.exe (Trojan.Agent.H) -> No action taken.
c:\system volume information\_restore{c0194ea1-9818-4ae4-8921-d214faf0968c}\RP105\A0032008.exe (Trojan.Agent.H) -> No action taken.
c:\system volume information\_restore{c0194ea1-9818-4ae4-8921-d214faf0968c}\RP105\A0033080.exe (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{c0194ea1-9818-4ae4-8921-d214faf0968c}\RP109\A0036335.exe (Trojan.Agent.H) -> No action taken.
c:\system volume information\_restore{c0194ea1-9818-4ae4-8921-d214faf0968c}\RP109\A0037390.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\107579.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\138430.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\3055724.exe (Trojan.Downloader.H) -> No action taken.
c:\WINDOWS\Temp\3446376.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\7781808.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\7799883.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\8107427.exe (Trojan.Downloader.H) -> No action taken.
c:\WINDOWS\Temp\8551359.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\8857006.exe (Trojan.Agent.H) -> No action taken.
c:\WINDOWS\Temp\9607071.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\Temp\9627129.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\9878825.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\4972863.exe (Trojan.Agent.H) -> No action taken.
c:\WINDOWS\Temp\5306391.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\Temp\5412165.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\5645836.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\5954108.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\6595459.exe (Trojan.Agent.H) -> No action taken.
c:\WINDOWS\Temp\669221.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\68535_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\Temp\6940462.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\7041405.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\7088992.exe (Trojan.Agent.H) -> No action taken.
c:\WINDOWS\Temp\71332491.exe (Trojan.Downloader) -> No action taken.
c:\WINDOWS\Temp\7326328.exe (Trojan.Agent.H) -> No action taken.
c:\WINDOWS\Temp\7444669.exe (Trojan.Agent.H) -> No action taken.
c:\WINDOWS\Temp\1140287.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\2938184.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\3251117.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\3280326.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\4132598.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\4197026.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\4913851.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\5962772.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\6605307.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\6923800.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\7563249.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\7982084.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\8997591.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\9133538.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\9396833.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\WINDOWS\update.1\svchost.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\update.3\svchost.exe (Trojan.Downloader) -> No action taken.
c:\WINDOWS\update.tray-3-0\svchost.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\474558.exe (Trojan.Downloader.Gen) -> No action taken.

Re: Havěť - pravděpodbně vir z FB

Napsal: 20 srp 2011 15:38
od Caroprd111
Ano, udělejte aktuální. :)

Re: Havěť - pravděpodbně vir z FB

Napsal: 21 srp 2011 07:07
od kviki
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 7509

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21.8.2011 8:06:16
mbam-log-2011-08-21 (08-06-11).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 226567
Uplynulý čas: 35 minut, 38 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Qoobox\quarantine\C\WINDOWS\sysdriver32.exe.vir (Trojan.Agent.H) -> No action taken.
c:\Qoobox\quarantine\C\WINDOWS\sysdriver32_.exe.vir (Trojan.Agent.H) -> No action taken.
c:\Qoobox\quarantine\C\WINDOWS\update.5.0\svchost.exe.vir (Trojan.Agent.H) -> No action taken.

Re: Havěť - pravděpodbně vir z FB

Napsal: 21 srp 2011 11:20
od Caroprd111
Vše smažte, je to jen karanténa CF - neškodné.

Jak se chová PC?

Re: Havěť - pravděpodbně vir z FB

Napsal: 21 srp 2011 11:30
od kviki
Smazano. PC se chova dobre.

Re: Havěť - pravděpodbně vir z FB

Napsal: 21 srp 2011 11:37
od Caroprd111
Obrázek Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter



Obrázek Stáhněte T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
  • Po použití program vymažte. Pozor, antiviry ho mohou falešně označit za vir.

Obrázek Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe
  • Spusťte.
  • Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)

Obrázek Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe
  • Spusťte.
  • Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)


Obrázek Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
Obrázek Záložka Čistič
  • Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

    Obrázek Záložka Registry
  • Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
Obrázek OK Obrázek Zavřít


:arrow: Dejte nový log z RSIT.

Re: Havěť - pravděpodbně vir z FB

Napsal: 21 srp 2011 14:38
od kviki
Logfile of random's system information tool 1.09 (written by random/random)
Run by Martina Dreslerová at 2011-08-21 15:36:36
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 42 GB (52%) free of 82 GB
Total RAM: 1014 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:36:41, on 21.8.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\CapsHook\CapsHook.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Common Files\Lingea Shared\luc.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Martina Dreslerová\Plocha\RSIT.exe
C:\Program Files\trend micro\Martina Dreslerová.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CapsHook] C:\Program Files\EeePC\CapsHook\CapsHook.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.5\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lingea Update Center.lnk = C:\Program Files\Common Files\Lingea Shared\luc.exe
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9198 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-15 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-23 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-20 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-20 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-09-28 141336]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-09-28 173592]
"LiveUpdate"=C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [2010-01-29 751592]
"SynAsusAcpi"=C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [2009-11-19 83240]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-14 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"CapsHook"=C:\Program Files\EeePC\CapsHook\CapsHook.exe [2010-05-28 445344]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-04-27 19523616]
"AsusTray"=C:\Program Files\EeePC\ACPI\AsTray.exe [2009-06-26 118784]
"AsusEPCMonitor"=C:\Program Files\EeePC\ACPI\AsEPCMon.exe [2009-05-08 98304]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-11-19 1594664]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-09-28 141336]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584]
"AsusACPIServer"=C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [2010-05-17 1246632]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]
"ICQ"=C:\Program Files\ICQ7.5\ICQ.exe [2011-08-01 124480]
"Eee Docking"=C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [2010-03-25 402096]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Martina Dreslerová^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~4\Office12\ONENOTEM.EXE [2009-02-26 97680]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

C:\Documents and Settings\Martina Dreslerová\Nabídka Start\Programy\Po spuštění
Lingea Update Center.lnk - C:\Program Files\Common Files\Lingea Shared\luc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-09-24 205312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"msacm.siren"=sirenacm.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"VIDC.FFDS"=ff_vfw.dll
"vidc.tscc"=C:\PROGRA~1\MpcStar\Codecs\tscc\tsccvid.dll

======List of files/folders created in the last 1 month======

2011-08-21 15:36:36 ----D---- C:\rsit
2011-08-21 14:58:24 ----D---- C:\Program Files\CCleaner
2011-08-20 16:07:48 ----SHD---- C:\RECYCLER
2011-08-19 22:32:05 ----A---- C:\Boot.bak
2011-08-19 22:32:01 ----RASHD---- C:\cmdcons
2011-08-19 18:43:36 ----D---- C:\Documents and Settings\Martina Dreslerová\Data aplikací\Malwarebytes
2011-08-19 18:43:30 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-08-19 18:43:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-08-19 18:43:26 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-08-19 18:43:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-08-19 16:03:52 ----D---- C:\Program Files\trend micro
2011-08-11 21:12:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2567680$
2011-08-11 21:11:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2011-08-11 21:11:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2570222$
2011-08-11 20:57:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2011-08-11 20:57:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2562937$
2011-08-04 09:53:03 ----D---- C:\Program Files\SHARP
2011-08-04 09:52:45 ----A---- C:\WINDOWS\system32\SN0EMTNT.dll
2011-08-04 09:52:45 ----A---- C:\WINDOWS\system32\SN0ELMON.dll
2011-08-04 09:52:45 ----A---- C:\WINDOWS\system32\SN0ELMON.dat
2011-08-04 09:52:27 ----A---- C:\WINDOWS\_isusr32.dll
2011-08-04 09:52:25 ----N---- C:\WINDOWS\system32\_isusr2k.dll
2011-08-04 09:52:21 ----A---- C:\WINDOWS\system32\SCN2PMUI.dll
2011-08-04 09:52:21 ----A---- C:\WINDOWS\system32\SCN2PMR.dll
2011-08-04 09:52:21 ----A---- C:\WINDOWS\system32\SCN2PM.dll
2011-08-04 09:52:21 ----A---- C:\WINDOWS\system32\SCN2PM.DAT
2011-08-04 09:51:30 ----D---- C:\WINDOWS\system32\SCDRV
2011-08-04 09:51:18 ----D---- C:\Drivers
2011-07-24 17:31:47 ----A---- C:\WINDOWS\w_distrib_iplist.txt
2011-07-24 10:10:07 ----D---- C:\Program Files\Common Files\Adobe
2011-07-22 11:32:09 ----D---- C:\Documents and Settings\Martina Dreslerová\Data aplikací\HypoKalk
2011-07-22 11:31:09 ----D---- C:\Program Files\Komerční Banka

======List of files/folders modified in the last 1 month======

2011-08-21 15:36:01 ----D---- C:\WINDOWS\Prefetch
2011-08-21 15:34:24 ----D---- C:\Documents and Settings\Martina Dreslerová\Data aplikací\ICQ
2011-08-21 14:58:57 ----D---- C:\Documents and Settings\Martina Dreslerová\Data aplikací\Winamp
2011-08-21 14:58:57 ----D---- C:\Documents and Settings\Martina Dreslerová\Data aplikací\Skype
2011-08-21 14:58:56 ----D---- C:\WINDOWS\Minidump
2011-08-21 14:58:56 ----D---- C:\WINDOWS\Logs
2011-08-21 14:58:56 ----D---- C:\WINDOWS\Debug
2011-08-21 14:58:56 ----D---- C:\WINDOWS
2011-08-21 14:58:24 ----RD---- C:\Program Files
2011-08-21 14:56:45 ----D---- C:\WINDOWS\Temp
2011-08-21 14:55:33 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-08-21 12:42:12 ----SHD---- C:\System Volume Information
2011-08-21 12:42:12 ----D---- C:\WINDOWS\system32\Restore
2011-08-21 12:41:07 ----D---- C:\WINDOWS\system32\drivers
2011-08-21 12:22:25 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2011-08-20 16:07:45 ----D---- C:\WINDOWS\system32\drivers\etc
2011-08-19 23:25:23 ----A---- C:\WINDOWS\system.ini
2011-08-19 23:23:26 ----D---- C:\WINDOWS\system32\config
2011-08-19 23:20:27 ----D---- C:\WINDOWS\system32
2011-08-19 23:20:27 ----D---- C:\WINDOWS\AppPatch
2011-08-19 23:20:24 ----D---- C:\Program Files\Common Files
2011-08-19 23:15:40 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-19 22:43:46 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-08-19 22:32:54 ----A---- C:\WINDOWS\iplist.txt
2011-08-19 22:32:05 ----RASH---- C:\boot.ini
2011-08-19 22:09:03 ----D---- C:\Documents and Settings
2011-08-19 18:04:38 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-08-19 17:50:09 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-08-19 15:17:03 ----HD---- C:\WINDOWS\inf
2011-08-17 09:16:28 ----D---- C:\WINDOWS\Network Diagnostic
2011-08-12 08:55:17 ----RSD---- C:\WINDOWS\assembly
2011-08-12 08:54:46 ----D---- C:\WINDOWS\Microsoft.NET
2011-08-11 21:16:06 ----D---- C:\Config.Msi
2011-08-11 21:16:00 ----SHD---- C:\WINDOWS\Installer
2011-08-11 21:15:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-08-11 21:15:34 ----D---- C:\WINDOWS\WinSxS
2011-08-11 21:12:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-08-11 21:12:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-08-11 21:11:13 ----HD---- C:\WINDOWS\$hf_mig$
2011-08-11 20:58:27 ----A---- C:\WINDOWS\system32\MRT.exe
2011-08-11 20:58:14 ----D---- C:\Program Files\Internet Explorer
2011-08-11 20:58:07 ----D---- C:\WINDOWS\ie8updates
2011-08-04 14:22:18 ----A---- C:\WINDOWS\win.ini
2011-08-04 09:51:30 ----HD---- C:\Program Files\InstallShield Installation Information
2011-08-04 09:50:49 ----D---- C:\WINDOWS\pss
2011-08-02 14:10:12 ----D---- C:\Program Files\ICQ7.5
2011-07-25 17:08:54 ----A---- C:\WINDOWS\system32\mshtml.dll
2011-07-24 10:10:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-07-22 19:32:33 ----D---- C:\Program Files\BitTorrent
2011-07-22 19:32:22 ----D---- C:\Documents and Settings\Martina Dreslerová\Data aplikací\BitTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2009-06-04 330264]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R1 AsUpIO;AsUpIO; C:\WINDOWS\system32\drivers\AsUpIO.sys [2010-03-31 11520]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2010-09-26 15424]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-06 54752]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2009-08-12 1582624]
R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2008-04-08 10752]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-09-24 6301696]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-04-27 6031904]
R3 kbfiltr;Keyboard Filter; C:\WINDOWS\system32\DRIVERS\kbfiltr.sys [2008-11-03 13880]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2009-07-27 44032]
R3 rtsuvc;Realtek USB2.0 PC Camera; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [2010-02-04 73088]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-11-19 230448]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2010-09-26 512096]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 btaudio;Zvukové zařízení Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTDriver;Ovladač virtuálních komunikací Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTWDNDIS;Server pro přístup k síti LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-15 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-15 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-15 21744]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-20 153376]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe []
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-04-28 704872]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-07-14 1121280]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: Havěť - pravděpodbně vir z FB

Napsal: 21 srp 2011 14:51
od Caroprd111
Použijte odinstalátor na NOD a http://www.viry.cz/forum/viewtopic.php?f=29&t=42886 a nainstalujte odpovídající legální zabezpečení http://www.viry.cz/forum/viewtopic.php?f=29&t=6152

Re: Havěť - pravděpodbně vir z FB

Napsal: 21 srp 2011 16:25
od kviki
Použil jsem pro odinstalaci RAFAZON. Bohužel se nějak nepodařil odinstalovat a krom toho přestalo fungovat wifi pripojeni. CO s tím?
Všechny časy jsou v UTC+01:00
Stránka 2 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz