rez. štít AVG nalezl BackDoor.Generic12.AEIU-pomale PC

[vorvan]

+ 2010-01-13 19:04 . 2009-05-26 16:10 391032 c:\windows\$NtUninstallKB955759$\spuninst\updspapi.dll
+ 2010-01-13 19:04 . 2009-05-26 11:40 233848 c:\windows\$NtUninstallKB955759$\spuninst\spuninst.exe
+ 2010-01-13 19:04 . 2008-04-14 03:21 451072 c:\windows\$NtUninstallKB955759$\aclayers.dll
+ 2010-01-22 16:05 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB978207-IE7\update\updspapi.dll
+ 2010-01-22 16:05 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB978207-IE7\update\update.exe
+ 2010-01-22 16:05 . 2009-05-26 11:40 233848 c:\windows\$hf_mig$\KB978207-IE7\spuninst.exe
+ 2010-01-05 09:48 . 2010-01-05 09:48 841216 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll
+ 2010-01-05 09:48 . 2010-01-05 09:48 233472 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\webcheck.dll
+ 2010-01-05 09:48 . 2010-01-05 09:48 105984 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\url.dll
+ 2010-01-05 09:48 . 2010-01-05 09:48 102912 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\occache.dll
+ 2010-01-05 09:48 . 2010-01-05 09:48 671232 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mstime.dll
+ 2010-01-05 09:48 . 2010-01-05 09:48 193024 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\msrating.dll
+ 2010-01-05 09:48 . 2010-01-05 09:48 477696 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtmled.dll
+ 2010-01-05 09:48 . 2010-01-05 09:48 459264 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\msfeeds.dll
+ 2009-12-18 07:00 . 2009-12-18 07:00 634632 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iexplore.exe
+ 2010-01-05 09:48 . 2010-01-05 09:48 268288 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iertutil.dll
+ 2010-01-05 09:48 . 2010-01-05 09:48 193024 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iepeers.dll
+ 2010-01-05 09:48 . 2010-01-05 09:48 388608 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\iedkcs32.dll
+ 2010-01-05 09:48 . 2010-01-05 09:48 380928 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieapfltr.dll
+ 2009-12-18 06:58 . 2009-12-18 06:58 161792 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieakui.dll
+ 2010-01-05 09:48 . 2010-01-05 09:48 230400 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieaksie.dll
+ 2010-01-05 09:48 . 2010-01-05 09:48 153088 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieakeng.dll
+ 2010-01-05 09:48 . 2010-01-05 09:48 132608 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\extmgr.dll
+ 2010-01-05 09:48 . 2010-01-05 09:48 214528 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\dxtrans.dll
+ 2010-01-05 09:48 . 2010-01-05 09:48 347136 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\dxtmsft.dll
+ 2010-01-05 09:48 . 2010-01-05 09:48 124928 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\advpack.dll
+ 2009-12-09 17:05 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB976325-IE7\update\updspapi.dll
+ 2009-12-09 17:05 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB976325-IE7\update\update.exe
+ 2009-12-09 17:05 . 2009-05-26 11:40 233848 c:\windows\$hf_mig$\KB976325-IE7\spuninst.exe
+ 2009-10-29 07:37 . 2009-10-29 07:37 841216 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\wininet.dll
+ 2009-10-29 07:37 . 2009-10-29 07:37 233472 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\webcheck.dll
+ 2009-10-29 07:37 . 2009-10-29 07:37 105984 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\url.dll
+ 2009-10-29 07:37 . 2009-10-29 07:37 102912 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\occache.dll
+ 2009-10-29 07:37 . 2009-10-29 07:37 671232 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mstime.dll
+ 2009-10-29 07:37 . 2009-10-29 07:37 193024 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\msrating.dll
+ 2009-10-29 07:37 . 2009-10-29 07:37 477696 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtmled.dll
+ 2009-10-29 07:37 . 2009-10-29 07:37 459264 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\msfeeds.dll
+ 2009-10-28 06:54 . 2009-10-28 06:54 634632 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iexplore.exe
+ 2009-10-29 07:37 . 2009-10-29 07:37 268288 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iertutil.dll
+ 2009-10-29 07:37 . 2009-10-29 07:37 388608 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iedkcs32.dll
+ 2009-10-29 07:37 . 2009-10-29 07:37 380928 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieapfltr.dll
+ 2009-10-28 06:52 . 2009-10-28 06:52 161792 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieakui.dll
+ 2009-10-29 07:37 . 2009-10-29 07:37 230400 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieaksie.dll
+ 2009-10-29 07:37 . 2009-10-29 07:37 153088 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieakeng.dll
+ 2009-10-29 07:37 . 2009-10-29 07:37 132608 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\extmgr.dll
+ 2009-10-29 07:37 . 2009-10-29 07:37 214528 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\dxtrans.dll
+ 2009-10-29 07:37 . 2009-10-29 07:37 347136 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\dxtmsft.dll
+ 2009-10-29 07:37 . 2009-10-29 07:37 124928 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\advpack.dll
+ 2009-12-09 17:04 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB974392\update\updspapi.dll
+ 2009-12-09 17:04 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB974392\update\update.exe
+ 2009-12-09 17:04 . 2009-05-26 11:40 233848 c:\windows\$hf_mig$\KB974392\spuninst.exe
+ 2009-10-13 10:39 . 2009-10-13 10:39 271360 c:\windows\$hf_mig$\KB974392\SP3QFE\oakley.dll
+ 2009-12-09 17:06 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB974318\update\updspapi.dll
+ 2009-12-09 17:06 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB974318\update\update.exe
+ 2009-12-09 17:06 . 2009-05-26 11:40 233848 c:\windows\$hf_mig$\KB974318\spuninst.exe
+ 2009-10-12 13:33 . 2009-10-12 13:33 150528 c:\windows\$hf_mig$\KB974318\SP3QFE\rastls.dll
+ 2009-12-09 17:06 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB973904\update\updspapi.dll
+ 2009-12-09 17:06 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB973904\update\update.exe
+ 2009-12-09 17:06 . 2009-05-26 11:40 233848 c:\windows\$hf_mig$\KB973904\spuninst.exe
+ 2009-12-09 10:19 . 2009-07-29 14:00 119648 c:\windows\$hf_mig$\KB973904\SP3QFE\msconv97.dll
+ 2009-11-25 19:34 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB973687\update\updspapi.dll
+ 2009-11-25 19:34 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB973687\update\update.exe
+ 2009-11-25 19:34 . 2008-07-08 12:59 233848 c:\windows\$hf_mig$\KB973687\spuninst.exe
+ 2010-01-13 19:04 . 2008-07-08 12:59 391032 c:\windows\$hf_mig$\KB972270\update\updspapi.dll
+ 2010-01-13 19:04 . 2008-07-08 12:59 759160 c:\windows\$hf_mig$\KB972270\update\update.exe
+ 2010-01-13 19:04 . 2008-07-08 12:59 233848 c:\windows\$hf_mig$\KB972270\spuninst.exe
+ 2010-01-13 06:19 . 2009-10-15 16:40 119808 c:\windows\$hf_mig$\KB972270\SP3QFE\t2embed.dll
+ 2009-12-09 17:04 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB971737\update\updspapi.dll
+ 2009-12-09 17:04 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB971737\update\update.exe
+ 2009-12-09 17:04 . 2008-07-08 12:59 233848 c:\windows\$hf_mig$\KB971737\spuninst.exe
+ 2009-08-25 09:31 . 2009-08-25 09:31 354816 c:\windows\$hf_mig$\KB971737\SP3QFE\winhttp.dll
+ 2009-12-09 17:06 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB970430\update\updspapi.dll
+ 2009-12-09 17:06 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB970430\update\update.exe
+ 2009-12-09 17:06 . 2009-05-26 11:40 233848 c:\windows\$hf_mig$\KB970430\spuninst.exe
+ 2009-10-20 15:21 . 2009-10-20 15:21 265728 c:\windows\$hf_mig$\KB970430\SP3QFE\http.sys
+ 2009-11-11 07:40 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB969947\update\updspapi.dll
+ 2009-11-11 07:40 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB969947\update\update.exe
+ 2009-11-11 07:40 . 2008-07-08 12:59 233848 c:\windows\$hf_mig$\KB969947\spuninst.exe
+ 2010-01-13 19:04 . 2009-05-26 16:10 391032 c:\windows\$hf_mig$\KB955759\update\updspapi.dll
+ 2010-01-13 19:04 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB955759\update\update.exe
+ 2010-01-13 19:04 . 2009-05-26 11:40 233848 c:\windows\$hf_mig$\KB955759\spuninst.exe
+ 2010-01-13 06:19 . 2009-11-21 15:49 471552 c:\windows\$hf_mig$\KB955759\SP3QFE\aclayers.dll
+ 2006-03-02 12:00 . 2009-08-14 15:15 1850624 c:\windows\system32\win32k.sys
+ 2006-03-02 12:00 . 2010-01-05 09:58 1168384 c:\windows\system32\urlmon.dll
- 2006-03-02 12:00 . 2009-08-29 07:31 1168384 c:\windows\system32\urlmon.dll
+ 2006-03-02 12:00 . 2009-11-27 17:14 1294336 c:\windows\system32\quartz.dll
+ 2007-05-15 14:43 . 2009-07-31 09:05 1372672 c:\windows\system32\msxml6.dll
+ 2006-03-02 12:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2006-03-02 12:00 . 2010-01-05 09:58 3599360 c:\windows\system32\mshtml.dll
+ 2007-08-13 17:54 . 2010-01-05 09:58 6067200 c:\windows\system32\ieframe.dll
- 2007-08-13 17:54 . 2009-08-29 07:30 6067200 c:\windows\system32\ieframe.dll
+ 2008-10-16 06:02 . 2009-08-14 15:15 1850624 c:\windows\system32\dllcache\win32k.sys
- 2006-03-02 12:00 . 2009-08-29 07:31 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2006-03-02 12:00 . 2010-01-05 09:58 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-07 05:12 . 2009-11-27 17:14 1294336 c:\windows\system32\dllcache\quartz.dll
- 2008-10-16 06:02 . 2009-08-04 20:59 2191360 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 06:02 . 2009-12-09 10:11 2191360 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 06:02 . 2009-12-09 10:11 2025984 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-16 06:02 . 2009-08-04 17:29 2025984 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-16 06:02 . 2009-08-04 17:29 2068224 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 06:02 . 2009-12-09 10:11 2068224 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-16 06:02 . 2009-08-04 17:29 2147328 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-16 06:02 . 2009-12-09 10:11 2147328 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-04-14 03:21 . 2009-07-31 09:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2008-11-13 06:34 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2006-03-02 12:00 . 2010-01-05 09:58 3599360 c:\windows\system32\dllcache\mshtml.dll
+ 2007-10-10 23:50 . 2010-01-05 09:58 6067200 c:\windows\system32\dllcache\ieframe.dll
- 2007-10-10 23:50 . 2009-08-29 07:30 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2009-10-16 06:03 . 2009-10-16 06:03 5003776 c:\windows\Installer\46ab70.msp
+ 2009-08-18 11:58 . 2009-08-18 11:58 8301056 c:\windows\Installer\46ab5f.msp
+ 2009-08-18 11:57 . 2009-08-18 11:57 9122304 c:\windows\Installer\46ab4e.msp
+ 2009-04-04 16:10 . 2009-04-04 16:10 9926144 c:\windows\Installer\38881f.msp
+ 2009-04-04 16:09 . 2009-04-04 16:09 2364928 c:\windows\Installer\38880b.msp
+ 2009-12-03 13:15 . 2009-12-03 13:15 5004288 c:\windows\Installer\2c2644d.msp
+ 2010-01-14 20:26 . 2010-01-14 20:26 5027840 c:\windows\Installer\20ba576.msp
+ 2009-11-20 22:36 . 2009-11-20 22:36 5002752 c:\windows\Installer\1d8435b.msp
+ 2009-10-16 06:09 . 2009-10-16 06:09 2518016 c:\windows\Installer\1d8434a.msp
+ 2009-11-17 17:27 . 2009-11-17 17:27 4871680 c:\windows\Installer\1d8433a.msp
+ 2008-01-15 12:26 . 2010-02-10 15:55 1172240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-01-15 12:26 . 2009-10-16 18:08 1172240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-03-06 03:26 . 2009-03-06 03:26 5291376 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.6425\IPEDITOR.DLL
+ 2006-10-26 13:47 . 2006-10-26 13:47 1512304 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.4518\NLSD0000.DLL
+ 2010-01-22 16:05 . 2009-10-29 07:45 1168384 c:\windows\ie7updates\KB978207-IE7\urlmon.dll
+ 2010-01-22 16:05 . 2009-10-29 07:45 3598336 c:\windows\ie7updates\KB978207-IE7\mshtml.dll
+ 2010-01-22 16:05 . 2009-10-29 07:45 6067200 c:\windows\ie7updates\KB978207-IE7\ieframe.dll
+ 2009-12-09 17:05 . 2009-08-29 07:31 1168384 c:\windows\ie7updates\KB976325-IE7\urlmon.dll
+ 2009-12-09 17:05 . 2009-10-21 04:08 3598336 c:\windows\ie7updates\KB976325-IE7\mshtml.dll
+ 2009-12-09 17:05 . 2009-08-29 07:30 6067200 c:\windows\ie7updates\KB976325-IE7\ieframe.dll
- 2008-10-16 06:02 . 2009-08-04 20:59 2191360 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 06:02 . 2009-12-09 10:11 2191360 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-16 06:02 . 2009-08-04 17:29 2025984 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 06:02 . 2009-12-09 10:11 2025984 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 06:02 . 2009-12-09 10:11 2068224 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-16 06:02 . 2009-08-04 17:29 2068224 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-16 06:02 . 2009-08-04 17:29 2147328 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-16 06:02 . 2009-12-09 10:11 2147328 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-11-25 19:34 . 2008-09-10 01:16 1307648 c:\windows\$NtUninstallKB973687$\msxml6.dll
+ 2009-11-25 19:34 . 2008-09-04 17:17 1106944 c:\windows\$NtUninstallKB973687$\msxml3.dll
+ 2009-11-11 07:40 . 2009-04-19 19:52 1847168 c:\windows\$NtUninstallKB969947$\win32k.sys
+ 2010-01-05 09:48 . 2010-01-05 09:48 1170944 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\urlmon.dll
+ 2010-01-05 09:48 . 2010-01-05 09:48 3602944 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll
+ 2010-01-05 09:48 . 2010-01-05 09:48 6071296 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieframe.dll
+ 2010-01-22 06:31 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\ieapfltr.dat
+ 2009-10-29 07:37 . 2009-10-29 07:37 1170944 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\urlmon.dll
+ 2009-10-29 07:37 . 2009-10-29 07:37 3602432 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
+ 2009-10-29 07:37 . 2009-10-29 07:37 6070784 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieframe.dll
+ 2009-12-09 10:20 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieapfltr.dat
+ 2009-11-25 08:46 . 2009-07-31 04:30 1447424 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml6.dll
+ 2009-11-25 08:46 . 2009-07-31 04:30 1172480 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml3.dll
+ 2009-08-14 16:00 . 2009-08-14 16:00 1859712 c:\windows\$hf_mig$\KB969947\SP3QFE\win32k.sys
+ 2008-01-14 16:04 . 2010-02-01 19:26 30364104 c:\windows\system32\MRT.exe
+ 2009-04-04 16:09 . 2009-04-04 16:09 10874880 c:\windows\Installer\388815.msp
+ 2009-04-04 14:50 . 2009-04-04 14:50 20277760 c:\windows\Installer\388731.msp
+ 2009-04-04 14:49 . 2009-04-04 14:49 14030336 c:\windows\Installer\388724.msp
+ 2009-04-04 16:08 . 2009-04-04 16:08 343058432 c:\windows\Installer\388805.msp
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ABUNINSTALLEX"="c:\documents and settings\all users\data aplikací\ab studio\ABUnInstallEx.exe" [2007-07-03 263664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2006-11-02 528384]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-16 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 06:58 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [27.2.2009 8:53 12552]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [12.12.2003 16:49 77312]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [27.2.2009 8:53 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [27.2.2009 8:53 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [27.2.2009 8:52 297752]
S0 aepqc;aepqc; [x]
S3 AbSoftMgr4;AbSoftMgr4;c:\program files\Common Files\AB Studio Shared\AbSoftMgr4.exe [15.1.2008 13:49 450560]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {640373B0-6978-4FA5-A9FC-420ECBBC61C7} - file://pracant/data%20(d)/PORSCHEolomouc/DPS/GEMO%20dilenska%20dokumentace,%20materialy/ocelovka/model%20aktualni%20SO02/PORSCHE_Olomouc_virtualni_model_SO%2002/dll/zkitlib.dll
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://217.112.167.135:30080/activex/AMC.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-The Bat! - c:\windows\tbat_del.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-02 06:56
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck = c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe 1????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-03-02 06:59:54
ComboFix-quarantined-files.txt 2010-03-02 05:59
ComboFix2.txt 2009-11-06 15:24

Před spuštěním: Volných bajtů: 34 531 024 896
Po spuštění: Volných bajtů: 34 517 782 528

- - End Of File - - E0CE485A3583E7D5C87549370161FC34

[cernohous13]

Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

ComboFix se spustí - počkej na log a vlož ho sem.

CFscript

Kód: Vybrat vše

KillAll::

File::
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\WinZip Quick Pick.lnk
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk

Driver::
aepqc

[vorvan]

Skromný dotaz....zase mám vypnout rezident. štít?

[cernohous13]

Je to při práci ComboFixu doporučováno

[vorvan]

Tak a je to tady ....

ComboFix 10-03-01.01 - Pavel 02.03.2010 8:32.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1024.568 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavel\Plocha\CFscript.txt
AV: AVG Anti-Virus Network Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk"
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\WinZip Quick Pick.lnk"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\WinZip Quick Pick.lnk

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_aepqc


((((((((((((((((((((((((( Soubory vytvořené od 2010-02-02 do 2010-03-02 )))))))))))))))))))))))))))))))
.

2010-03-01 08:05 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-01 08:05 . 2010-03-01 08:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-01 08:05 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-01 07:46 . 2010-03-01 07:46 -------- d-----w- C:\_OTM
2010-03-01 06:50 . 2010-03-01 16:39 -------- d-----w- c:\program files\trend micro
2010-03-01 06:50 . 2010-03-01 06:52 -------- d-----w- C:\rsit
2010-02-26 19:11 . 2010-02-26 19:11 -------- d-----w- C:\AVGTemp
2010-02-26 17:05 . 2010-02-26 17:05 -------- d-----w- c:\program files\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 14:42 . 2008-01-15 15:37 49 ----a-w- c:\windows\wpd99.drv
2010-01-05 09:58 . 2006-03-02 12:00 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 07:42 . 2008-01-14 13:46 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-10 06:46 . 2006-03-02 12:00 79062 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 06:46 . 2006-03-02 12:00 432004 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 10:11 . 2006-03-02 12:00 2191360 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2068224 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2006-03-02 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ABUNINSTALLEX"="c:\documents and settings\all users\data aplikací\ab studio\ABUnInstallEx.exe" [2007-07-03 263664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2006-11-02 528384]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 06:58 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [27.2.2009 8:53 12552]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [12.12.2003 16:49 77312]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [27.2.2009 8:53 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [27.2.2009 8:53 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [27.2.2009 8:52 297752]
S3 AbSoftMgr4;AbSoftMgr4;c:\program files\Common Files\AB Studio Shared\AbSoftMgr4.exe [15.1.2008 13:49 450560]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {640373B0-6978-4FA5-A9FC-420ECBBC61C7} - file://pracant/data%20(d)/PORSCHEolomouc/DPS/GEMO%20dilenska%20dokumentace,%20materialy/ocelovka/model%20aktualni%20SO02/PORSCHE_Olomouc_virtualni_model_SO%2002/dll/zkitlib.dll
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://217.112.167.135:30080/activex/AMC.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-02 08:39
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck = c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe 1????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-03-02 08:44:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-02 07:44
ComboFix2.txt 2010-03-02 05:59
ComboFix3.txt 2009-11-06 15:24

Před spuštěním: Volných bajtů: 34 514 821 120
Po spuštění: Volných bajtů: 34 422 415 360

- - End Of File - - 424A123DA05B25E3945CEFF2FA6C3855

[cernohous13]

teď ComboFix odinstalujeme
jdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK

Spusť opět OTM -> CleanUp! - odinstaluje a vyčistí po sobě.

Mohu doporučit kontrolu a vyčištění Ccleanerem

Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.
Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Ten si můžeš nechat i na budoucí občasné čištění.

Po vyčištění by se hodila defragmentace
doporučuji http://www.slunecnice.cz/sw/defraggler/ + čeština

a jestli nemáš s PC problémy je to vše

[vorvan]

Sláva, hurá!! Všechny úkony v poslední odpovědi jsem zvládla a zdá se že všechno běží jak má. Ulevilo se mi....díky moc za pomoc Jsem rád, že se najdou ochotní lidi jako ty a díky za tohle fórum ...samosebou s mou podporou počítejte!

PS: Jo ještě jeden drzý dotaz na závěr ...myslíš, že bych sem mohl hodit ještě log z mého "domácího" počítače? Sice se zdá být celkem OK...ale možná bych měl raději jistotu...taková preventivní kontrola

[cernohous13]

Na kontroly jsme tady šup sem s logem RSIT + MBAM

[vorvan]

Takže jdu na to.......

RSIT
----------------------------------------------------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Paja at 2010-03-02 21:34:25
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 10 GB (39%) free of 26 GB
Total RAM: 502 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:26, on 2.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\DOCUME~1\Paja\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast5\aswRunDll.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Paja\Plocha\RSIT.exe
C:\Program Files\trend micro\Paja.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 10305 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2008-02-29 1152000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2006-02-22 106496]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-08-16 962808]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\ctbr.dll [2008-02-29 1152000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-12-21 53248]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-07-20 729177]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-18 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-18 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PCMService"=C:\Program Files\Acer\Acer Arcade\PCMService.exe [2005-12-13 151552]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-28 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-28 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-28 118784]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2005-12-27 69632]
"ADMTray.exe"=C:\Acer\Empowering Technology\admtray.exe [2005-10-24 2462208]
"ntiMUI"=C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2005-05-11 45056]
""= []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-27 16248320]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-01-17 344064]
"Acer ePower Management"=C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe [2006-01-16 3080192]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-07-20 593920]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\Monitor.exe [2006-01-24 397312]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Acer\Acer Arcade\PCMService.exe"="C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Documents and Settings\Lucka\Local Settings\Temporary Internet Files\Content.IE5\C96ZS5QB\incredimail_install[1].exe"="C:\Documents and Settings\Lucka\Local Settings\Temporary Internet Files\Content.IE5\C96ZS5QB\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Documents and Settings\Lucka\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe"="C:\Documents and Settings\Lucka\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Documents and Settings\Paja\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe"="C:\Documents and Settings\Paja\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Lucka\Data aplikací\U3\000118710353048C\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe"="C:\Documents and Settings\Lucka\Data aplikací\U3\000118710353048C\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bffd1f2-019e-11dc-ad75-0016cf517801}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(0)\command - Recycled\ctfmon.exe


======List of files/folders created in the last 1 months======

2010-03-02 21:33:16 ----D---- C:\Program Files\trend micro
2010-03-02 21:33:15 ----D---- C:\rsit
2010-03-02 21:15:50 ----D---- C:\Documents and Settings\Paja\Data aplikací\Malwarebytes
2010-03-02 21:15:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-03-02 21:15:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-02 20:40:07 ----D---- C:\Program Files\Google
2010-03-02 20:39:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-02-23 22:32:10 ----HD---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-10 22:56:15 ----HD---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 22:56:10 ----HD---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 22:54:39 ----HD---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 22:54:33 ----HD---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 22:54:28 ----HD---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 22:54:22 ----HD---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 22:54:13 ----HD---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 22:54:02 ----HD---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 22:53:48 ----HD---- C:\WINDOWS\$NtUninstallKB977165$

======List of files/folders modified in the last 1 months======

2010-03-02 20:46:46 ----A---- C:\WINDOWS\system32\eRLog.ini
2010-03-02 20:43:46 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2010-03-02 20:42:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-23 22:32:18 ----A---- C:\WINDOWS\imsins.BAK
2010-02-11 19:53:36 ----A---- C:\WINDOWS\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-02-11 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-02-11 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 OsaFsLoc;OsaFsLoc; \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys []
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-02-11 100432]
R2 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-02-11 23376]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-01 424320]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-10-31 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2005-11-17 60928]
R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2005-11-17 37888]
R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2005-11-17 74624]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-24 218496]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
R3 NdisFilt;OSA NdisFilter Protocol; C:\WINDOWS\System32\Drivers\NdisFilt.sys [2005-09-13 4392]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-06-29 6144]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-07-20 190592]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 NETMNT;Acer NetMonitor Protocol; C:\WINDOWS\system32\DRIVERS\NETMNT.sys [2005-05-02 9600]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2005-10-31 46080]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20060922.092\symidsco.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-11-27 1427968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R2 AWService;AdminWorks Agent X6; C:\Acer\Empowering Technology\admServ.exe [2005-10-24 1314816]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2005-12-13 254050]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2005-12-13 114784]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2005-12-13 61440]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-02-17 73728]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-01-21 143360]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-08-06 570880]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-02 133104]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe []

-----------------EOF-----------------


....a teď MBAM
---------------------------------------------------------

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3815
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2.3.2010 22:03:55
mbam-log-2010-03-02 (22-03-49).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 251142
Uplynulý čas: 25 minute(s), 55 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 2
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

[cernohous13]

Stáhni si ComboFix
a ulož ho na plochu.
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

[vorvan]

Jasně...provedu! Teda hned jak dorazím zpět domů. Však už mám některé postupy nacvičené. Ale co mě trochu překvapilo...tak jsem procházel dálší vlákna ať se poučím a vyskočila na mě hláška AVG...nevím teda jako tomu mám rozumět No ale pokusím se ji sem nějak vložit.

[cernohous13]

Možná je to reakce na živé odkazy (modré) - můj Avast to neřeší

Hlavně tam na nic neklikat - stejně by tě tam AVG neměl pustit

[vorvan]

Myslel jsem si že to nic důležitého není....díval jsem se do nápovědy AVG a je pravda že by v tomto případě něměl webový štít případnou potvoru do PC pustit. Takže do večera už rušit nebudu ať můžeš pomáhat taky jiným v tuto chvíli potřebnějším

Přeju pěkný den

[vorvan]

Tak tady je log z toho ComboFixu...


ComboFix 10-03-03.02 - Paja 03.03.2010 20:00:04.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.502.170 [GMT 1:00]
Spuštěný z: c:\documents and settings\Paja\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\LOG1.tmp
C:\LOG10.tmp
C:\LOG11.tmp
C:\LOG12.tmp
C:\LOG13.tmp
C:\LOG14.tmp
C:\LOG15.tmp
C:\LOG16.tmp
C:\LOG17.tmp
C:\LOG18.tmp
C:\LOG19.tmp
C:\LOG1A.tmp
C:\LOG1B.tmp
C:\LOG1C.tmp
C:\LOG1D.tmp
C:\LOG1E.tmp
C:\LOG1F.tmp
C:\LOG2.tmp
C:\LOG20.tmp
C:\LOG21.tmp
C:\LOG22.tmp
C:\LOG23.tmp
C:\LOG24.tmp
C:\LOG25.tmp
C:\LOG26.tmp
C:\LOG27.tmp
C:\LOG28.tmp
C:\LOG29.tmp
C:\LOG2A.tmp
C:\LOG2B.tmp
C:\LOG2C.tmp
C:\LOG2D.tmp
C:\LOG2E.tmp
C:\LOG2F.tmp
C:\LOG3.tmp
C:\LOG30.tmp
C:\LOG31.tmp
C:\LOG32.tmp
C:\LOG33.tmp
C:\LOG34.tmp
C:\LOG35.tmp
C:\LOG36.tmp
C:\LOG37.tmp
C:\LOG38.tmp
C:\LOG39.tmp
C:\LOG3A.tmp
C:\LOG3B.tmp
C:\LOG3C.tmp
C:\LOG3D.tmp
C:\LOG4.tmp
C:\LOG46.tmp
C:\LOG47.tmp
C:\LOG5.tmp
C:\LOG6.tmp
C:\LOG7.tmp
C:\LOG8.tmp
C:\LOG82.tmp
C:\LOG9.tmp
C:\LOGA.tmp
C:\LOGB.tmp
C:\LOGC.tmp
C:\LOGD.tmp
C:\LOGE.tmp
C:\LOGF.tmp
c:\program files\Internet Explorer\SET5C.tmp
c:\program files\Internet Explorer\SET5D.tmp
c:\program files\Internet Explorer\SET5F.tmp
c:\windows\EventSystem.log

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-03 do 2010-03-03 )))))))))))))))))))))))))))))))
.

2010-03-02 20:33 . 2010-03-02 20:33 -------- d-----w- c:\program files\trend micro
2010-03-02 20:33 . 2010-03-02 20:33 -------- d-----w- C:\rsit
2010-03-02 20:15 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-02 20:15 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-02 20:15 . 2010-03-02 20:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-02 19:40 . 2010-03-02 19:40 -------- d-----w- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-11 18:53 . 2006-10-26 20:54 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-11 18:53 . 2006-10-26 20:54 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-11 18:42 . 2006-10-26 20:55 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-11 18:42 . 2008-04-08 21:56 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-11 18:39 . 2006-10-26 20:55 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-11 18:38 . 2006-10-26 20:55 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-11 18:38 . 2006-10-26 20:55 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-11 18:38 . 2008-04-08 21:56 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-11 18:38 . 2006-10-26 20:55 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-09 19:25 . 2010-01-09 19:25 -------- d-----w- c:\program files\ICQ6.5
2010-01-07 16:14 . 2005-02-19 09:34 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-31 16:50 . 2004-08-18 19:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2006-01-09 19:08 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2004-08-18 19:00 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 19:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-10 15:37 . 2006-06-29 03:45 378864 ----a-w- c:\windows\system32\perfh005.dat
2009-12-10 15:37 . 2006-06-29 03:45 61666 ----a-w- c:\windows\system32\perfc005.dat
2009-12-09 10:11 . 2005-09-29 18:30 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2005-09-29 18:30 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-18 19:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-03-30 19:22 . 2008-03-30 19:22 2090323 ----a-w- c:\program files\HfAsistentSetup.exe
2010-03-02 14:23 . 2007-04-06 19:37 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2010-03-02 14:23 . 2007-04-06 19:37 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2010-03-02 14:23 . 2007-04-06 19:37 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2010-03-02 14:23 . 2007-04-06 19:37 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2010-03-02 14:23 . 2007-04-06 19:37 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-20 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-20 729177]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2005-12-13 151552]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 16248320]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-01-17 344064]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-16 3080192]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-10-21 106560]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8.4.2008 22:56 162512]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [5.1.2009 20:38 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [19.7.2007 21:35 141312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.4.2008 22:56 19024]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [23.6.2008 20:58 222968]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [5.1.2009 20:38 65576]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2.3.2010 20:40 133104]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - INT15.SYS
.
Obsah adresáře 'Naplánované úlohy'

2010-02-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 19:40]

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 19:40]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = hxxp://www.aceradvantage.com/stdreg
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\Paja\Data aplikací\Mozilla\Firefox\Profiles\xm9vt1d6.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-IncrediMail Xe - c:\progra~1\INCRED~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-03 20:12
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-03-03 20:15:34
ComboFix-quarantined-files.txt 2010-03-03 19:15

Před spuštěním: Volných bajtů: 10 420 207 616
Po spuštění: Volných bajtů: 12 945 571 840

- - End Of File - - 863F300E31870CFE0E82F218D7A72EFE

[cernohous13]

odinstaluj C:\Program Files\Crawler

Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

ComboFix se spustí - počkej na log a vlož ho sem.

CFscript

Kód: Vybrat vše

KillAll::

Firefox::
FF - ProfilePath - c:\documents and settings\Paja\Data aplikací\Mozilla\Firefox\Profiles\xm9vt1d6.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll

File::
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\AppleSoftwareUpdate.job
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\WinZip Quick Pick.lnk
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
D:\Recycled
E:\Recycled
C:\Recycled

Driver::
gupdate
ICQ Service

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
""=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=-
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Search Bar"=-
[HKLM\Software\Microsoft\Internet Explorer\Main]
"SearchAssistant"=-
"CustomizeSearch"=-
[HKLM\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=-
"SearchAssistant"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=-
"updateMgr"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bffd1f2-019e-11dc-ad75-0016cf517801}]

DDS::
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF}

MBAM spustit znovu - dát Kompletní kontrola
po ukončení -> Zobrazit výsledky -> zkontrolovat zda je vše označeno -> Odstranit označené
vyběhne log, ve kterém budou záznamy tohoto typu:
Infikované adresáře:
C:\Program Files\xxxxxx -> Quarantined and deleted successfully.
ten bych taky rád viděl

stáhneš speciální verzi G-Mer
Special
ulož na plochu a spusť -> proběhne krátký scan
když dostaneš hlášku rootkit activity and asks if you want to run scan>>klikneš NO<<
a nastavíš to takto


>> klikneš scan,<<
na konci scanu >>SAVE<< název dej Gspeclog.txt>>ulož na plochu a obsah logu zkopíruj sem