Win32/Mebroot trojský kůň v operační paměti ve Win 7

[Tealc_EU]

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
ADS C:\Zabava\Osobni slozka\Registrace ICQ.eml:OECustomProperty deleted successfully.
ADS C:\ProgramData\TEMP:DF462FF6 deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD569.tmp folder moved successfully.
C:\WINDOWS\Temp\GUR5752.tmp moved successfully.
C:\WINDOWS\Temp\GUR58D8.tmp moved successfully.
C:\WINDOWS\Temp\HTT1170.tmp moved successfully.
C:\WINDOWS\Temp\HTT16AE.tmp moved successfully.
C:\WINDOWS\Temp\HTT172E.tmp moved successfully.
C:\WINDOWS\Temp\HTT1B1C.tmp moved successfully.
C:\WINDOWS\Temp\HTT73F.tmp moved successfully.
C:\WINDOWS\Temp\HTT77F.tmp moved successfully.
C:\WINDOWS\Temp\HTT791.tmp moved successfully.
C:\WINDOWS\Temp\HTT797.tmp moved successfully.
C:\WINDOWS\Temp\HTTB59B.tmp moved successfully.
C:\WINDOWS\Temp\HTTE052.tmp moved successfully.
C:\WINDOWS\Temp\HTTF80A.tmp moved successfully.
C:\WINDOWS\Temp\_avast5_\unp135269656.tmp moved successfully.
C:\WINDOWS\Temp\_avast5_\unp23953288.tmp moved successfully.
File\Folder c:\System Volume Information\Microsoft\services.exe not found.
File\Folder C:\System Volume Information\Microsoft\smss.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Tealc
->Temp folder emptied: 184658118 bytes
->Temporary Internet Files folder emptied: 14321234 bytes
->Java cache emptied: 2024272 bytes
->FireFox cache emptied: 98841896 bytes
->Google Chrome cache emptied: 74411198 bytes
->Flash cache emptied: 14193 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1139666 bytes
RecycleBin emptied: 489023578 bytes

Total Files Cleaned = 824,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Tealc
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb



OTL by OldTimer - Version 3.2.6.0 log created on 06172010_220216

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[motji]

Jak to vypadá s počítačem?
Zkuste znovu ten AVptool . Pokud bude znovu skenovat ty samé soubory ve složce system volume information, napište.

[Tealc_EU]

Zase na stejnem mýstě ale ja to tentokrat vsechno zamitl a necham to dojed do konce at je to cele v logu. Jen pripominam ze u me jde o Win32/Mebroot trojský kůň uhnízděný v operační paměti a ten je tam tedy po všech těch procedurách pořad Uvidime co bude v tom logu...ted jsem na 24%

[motji]

Toho meebrota Vám hlásí co? Nod jste odinstaloval,ne? Avast Vám ho také hlásí?
Disk máte jen jeden,že?

Až dojede AVPTOOL, zkusíme ještě nějaké utilitky na meebrota.

[Tealc_EU]

Autoscan: completed 1 minute ago (events: 24, objects: 518394, time: 03:18:23)
17.6.2010 22:13:28 Task started
17.6.2010 22:16:46 Detected: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\services.exe
17.6.2010 22:17:17 Will be deleted on system restart: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\services.exe
17.6.2010 22:17:17 Detected: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\smss.exe
17.6.2010 22:17:38 Will be deleted on system restart: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\smss.exe
17.6.2010 22:18:20 Detected: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\services.exe
17.6.2010 22:18:58 Will be deleted on system restart: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\services.exe
17.6.2010 22:19:02 Detected: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\smss.exe
17.6.2010 22:19:25 Will be deleted on system restart: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\smss.exe
17.6.2010 22:49:01 Detected: not-a-virus:AdWare.Win32.AdMedia.ja C:\Documents and Settings\Tealc\Downloads\TNODUP\TNODUP Setup.exe/data0008
17.6.2010 22:49:09 Detected: not-a-virus:AdWare.Win32.AdMedia.ja C:\Documents and Settings\Tealc\Downloads\TNODUP\TNODUP.exe
17.6.2010 22:49:52 Deleted: not-a-virus:AdWare.Win32.AdMedia.ja C:\Documents and Settings\Tealc\Downloads\TNODUP\TNODUP.exe
17.6.2010 22:49:53 Deleted: not-a-virus:AdWare.Win32.AdMedia.ja C:\Documents and Settings\Tealc\Downloads\TNODUP\TNODUP Setup.exe
17.6.2010 23:30:17 Detected: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\services.exe
17.6.2010 23:30:17 Detected: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\smss.exe
18.6.2010 1:31:51 Task completed




Ano Nod ted nemam. Awast nenajde nic. Ale najde ho ta utilita od Esetu "EMebRemover". Ano HDD mám jen jeden. A na tom services.exe a smss.exe se to porad zastavovalo, mazalo a restartovalo i minule. Ted jsem to nechal dojed az do konce a zadosti o mazani (nesmaze to, jen se stale znovu spousti a znovu provadi lecbu, vyzaduje restart a tak dale . Vcera asi 3 hodiny ) jsem zamítal aby to konečně dojelo do konce a mohl jsem sem hodit ten log.

[motji]

Gmer byl čistý, i MBR.exe, pokud by tam byl meebrot, tak tyto dva programy by ho odhalily.
Také to může být falešná detekce Esetu .
Ještě udělejte mbam, ty dva soubory ve SVI nám taky dávají zabrat , a kolega Caroprd už odpoledne něco vymyslí



Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[Tealc_EU]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4211

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18.6.2010 8:35:07
mbam-log-2010-06-18 (08-35-07).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 277796
Uplynulý čas: 51 minuta(y), 16 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[motji]

Fajn. vy máte win7 a na nich pár aplikací na meebrota neběží, takže topic už přenechám kolegovi Caroprdovi, odpoledne by tu měl být. Má win7 a může programy vyzkoušet.

Napište ještě, jak se chová počítač

[Tealc_EU]

Jak se chova ? ...nějak nevím jak to specifikovat...normalně. Žadnou změnu nepozoruji jen me stve ten brabrouk v te pameti, mam strach chodit do banky a na eBay Někde jsem četl že monitoruje činost. Většinou lidi píšou že Eset je na detekci bezkonkurecne nejlepsi a on taky jediny (spolecne s tou utilitou od Esetu) ho našel.

[motji]

Ale také má občas na meebrota falešnou detekci, už jsme se s tím párkrát tady setkala.
Nejlepší je kontaktovat přímo ESET, oni už si udělají svoje testy.
Ale třeba kolega Caroprd ještě něco vymyslí .
Já věřím Gmeru, a ten nic neobjevil. Mebroot je podvůrka zažraná v Mbr sektoru, nepůsobí žádné problémy pc, je daloby se říct neviditelná, tkaže je těžké ji odhalit. Monituruje činnost pc, krade hesla, prostě všechno. Po odvirování si ke všemu změňte hesla.

[Tealc_EU]

Ale také má občas na meebrota falešnou detekci, už jsme se s tím párkrát tady setkala.
Nejlepší je kontaktovat přímo ESET, oni už si udělají svoje testy.
Ale třeba kolega Caroprd ještě něco vymyslí .
Já věřím Gmeru, a ten nic neobjevil. Mebroot je podvůrka zažraná v Mbr sektoru, nepůsobí žádné problémy pc, je daloby se říct neviditelná, tkaže je těžké ji odhalit. Monituruje činnost pc, krade hesla, prostě všechno. Po odvirování si ke všemu změňte hesla.

OK děkuji za pomoc. Doufam že se toho brabrouka brzy zbavím...potřebuji na eBay a bojim se !!!

[Caroprd111]

Dobrý večer


Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
• Vložte do PC všechny flash disky, které používáte.
• Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
• Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
• Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
• Během skenování může být počítač restartován.

[Tealc_EU]

ComboFix 10-06-17.03 - Tealc 18.06.2010 21:24:36.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2047.1244 [GMT 2:00]
Spuštěný z: c:\users\Tealc\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Tealc\AppData\Roaming\BITS
c:\users\Tealc\AppData\Roaming\BITS\BITS.ini
c:\users\Tealc\AppData\Roaming\BITS\DHTTable.dat
c:\users\Tealc\AppData\Roaming\BITS\ProxyList.ini
c:\users\Tealc\AppData\Roaming\BITS\Torrent\20100509235114.torrent
c:\users\Tealc\AppData\Roaming\BITS\Torrent\20100509235114.torrent.filelist
c:\users\Tealc\AppData\Roaming\BITS\Torrent\20100509235136.torrent
c:\users\Tealc\AppData\Roaming\BITS\Torrent\20100509235136.torrent.filelist
c:\users\Tealc\AppData\Roaming\BITS\Torrent\20100509235137.torrent
c:\users\Tealc\AppData\Roaming\BITS\Torrent\20100509235137.torrent.~tmp
c:\users\Tealc\AppData\Roaming\BITS\Torrent\20100509235137.torrent.bits
c:\users\Tealc\AppData\Roaming\BITS\Torrent\20100509235137.torrent.filelist
c:\users\Tealc\AppData\Roaming\BITS\Torrent\20100509235137.torrent.statistic
c:\users\Tealc\AppData\Roaming\BITS\UPnP.ini
c:\users\Tealc\AppData\Roaming\FlashGetBHO
c:\users\Tealc\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
c:\users\Tealc\AppData\Roaming\FlashGetBHO\FlashGetHook.dll
c:\users\Tealc\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
c:\users\Tealc\AppData\Roaming\FlashGetBHO\GetUrl.htm
c:\windows\system32\%appdata%
c:\windows\system32\secushr.dat
c:\windows\system32\secustat.dat
c:\windows\system32\win.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-18 do 2010-06-18 )))))))))))))))))))))))))))))))
.

2010-06-18 19:33 . 2010-06-18 19:34 -------- d-----w- c:\users\Tealc\AppData\Roaming\BITS
2010-06-18 19:31 . 2010-06-18 19:34 -------- d-----w- c:\users\Tealc\AppData\Local\temp
2010-06-18 19:31 . 2010-06-18 19:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-18 05:42 . 2010-06-18 05:42 -------- d-----w- c:\users\Tealc\AppData\Roaming\Malwarebytes
2010-06-18 05:42 . 2010-06-18 05:42 -------- d-----w- c:\programdata\Malwarebytes
2010-06-17 20:02 . 2010-06-17 20:02 -------- d-----w- C:\_OTL
2010-06-17 13:20 . 2010-06-17 13:20 -------- d-----w- c:\program files\PhotoMail Maker
2010-06-17 13:20 . 2010-06-17 13:19 -------- d-----w- c:\programdata\PhotoMail
2010-06-15 11:01 . 2010-06-15 11:01 -------- d-sh--w- c:\windows\system32\%USERPROFILE%
2010-06-15 10:10 . 2010-06-17 20:13 -------- d-----w- c:\programdata\Kaspersky Lab
2010-06-14 21:19 . 2010-06-14 21:19 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-14 20:40 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-14 20:40 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-14 20:40 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-14 20:40 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-14 20:40 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-14 20:39 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-14 20:39 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-14 20:39 . 2010-06-14 20:39 -------- d-----w- c:\programdata\Alwil Software
2010-06-14 20:39 . 2010-06-14 20:39 -------- d-----w- c:\program files\Alwil Software
2010-06-14 19:20 . 2010-06-14 20:48 -------- d-----w- c:\program files\trend micro
2010-06-14 19:20 . 2010-06-14 19:20 -------- d-----w- C:\rsit
2010-06-14 17:14 . 2010-06-14 18:00 -------- d-----w- c:\users\Tealc\DoctorWeb
2010-06-13 18:46 . 2010-06-13 19:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-12 08:28 . 2010-06-12 08:28 -------- d-----w- c:\program files\Yamaha
2010-06-12 08:19 . 2010-06-12 08:19 23040 ----a-w- c:\users\Tealc\AppData\Roaming\Thinstall\MRConverter\4000005c200002i\MRConverter.exe
2010-06-12 08:19 . 2010-06-12 08:19 -------- d-----w- c:\users\Tealc\AppData\Roaming\Thinstall
2010-06-12 08:00 . 2010-06-12 08:48 -------- d-----w- C:\Ringtone
2010-06-12 07:59 . 2010-06-12 08:15 -------- d-----w- c:\users\Tealc\AppData\Roaming\Ringtone
2010-06-09 16:11 . 2010-05-10 12:45 1268736 ----a-w- c:\windows\system32\plroutingdll.dll
2010-06-09 16:11 . 2009-03-11 16:44 561664 ----a-w- c:\windows\system32\plplacesystemdll.dll
2010-06-09 16:11 . 2007-04-11 15:06 65536 ----a-w- c:\windows\system32\psslib.dll
2010-06-09 15:57 . 2010-06-09 15:57 -------- d-----w- c:\program files\Silabs
2010-06-09 15:56 . 2010-06-09 15:57 -------- d-----w- c:\windows\system32\Silabs
2010-06-09 07:49 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-09 07:48 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 07:48 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 07:48 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 07:48 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-05 09:08 . 2010-06-05 09:08 -------- d-----w- C:\My Plugins
2010-06-05 09:08 . 2010-06-05 09:08 -------- d-----w- c:\program files\Nexus Radio
2010-06-05 09:08 . 2010-06-05 09:08 -------- d-----w- C:\My Saved Files
2010-06-05 09:08 . 2010-06-05 09:08 -------- d-----w- C:\My Recorded Files
2010-06-05 07:30 . 2010-06-05 07:30 -------- d-----w- c:\users\Tealc\SystemRequirementsLab
2010-06-02 20:55 . 2010-04-18 12:33 172032 ----a-w- c:\users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2010-06-02 20:55 . 2010-05-23 15:50 73216 ----a-w- c:\users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
2010-06-02 20:55 . 2010-04-18 12:33 307200 ----a-w- c:\users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2010-06-02 09:21 . 2010-06-02 09:21 -------- d-----w- c:\program files\GNU
2010-05-28 20:13 . 2010-05-24 11:11 65536 ----a-w- c:\users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\components\Engine.dll
2010-05-27 09:55 . 2010-05-27 10:37 -------- d-----w- c:\program files\Google
2010-05-26 18:40 . 2010-05-26 19:50 -------- d-----w- c:\users\Tealc\AppData\Local\SecondLife
2010-05-26 18:40 . 2010-05-26 18:42 -------- d-----w- c:\users\Tealc\AppData\Roaming\SecondLife
2010-05-26 07:30 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 12:04 . 2010-05-27 10:38 -------- d-----w- c:\users\Tealc\AppData\Local\Google
2010-05-25 11:08 . 2009-09-21 08:55 12160 ----a-w- c:\windows\system32\drivers\ss_bwhnt.sys
2010-05-25 11:08 . 2009-09-21 08:55 12160 ----a-w- c:\windows\system32\drivers\ss_bwh.sys
2010-05-25 11:08 . 2009-09-21 08:55 14976 ----a-w- c:\windows\system32\drivers\ss_bmdfl.sys
2010-05-25 11:08 . 2009-09-21 08:55 121856 ----a-w- c:\windows\system32\drivers\ss_bmdm.sys
2010-05-25 11:08 . 2009-09-21 08:55 90112 ----a-w- c:\windows\system32\drivers\ss_bbus.sys
2010-05-25 11:08 . 2009-09-21 08:55 12160 ----a-w- c:\windows\system32\drivers\ss_bcmnt.sys
2010-05-25 11:08 . 2009-09-21 08:55 12160 ----a-w- c:\windows\system32\drivers\ss_bcm.sys
2010-05-25 11:06 . 2010-05-25 11:06 -------- d-----w- c:\program files\SAMSUNG
2010-05-25 11:06 . 2010-05-25 11:06 -------- d-----w- c:\programdata\Samsung
2010-05-25 11:05 . 2009-12-17 16:42 238952 ----a-w- c:\windows\system32\FsUsbExService.Exe
2010-05-25 11:05 . 2009-12-14 07:21 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2010-05-25 11:05 . 2009-12-14 07:21 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2010-05-25 11:05 . 2010-05-25 11:05 -------- d-----w- c:\users\Tealc\AppData\Roaming\Samsung
2010-05-25 11:04 . 2010-05-25 11:04 -------- d-----w- c:\program files\MarkAny
2010-05-25 10:51 . 2010-05-25 10:51 -------- d-----w- c:\users\Tealc\AppData\Local\Downloaded Installations
2010-05-21 01:01 . 2010-05-21 01:01 -------- d-----w- c:\windows\system32\Wat
2010-05-20 20:47 . 2010-03-29 07:59 52224 ----a-w- c:\users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-05-20 20:47 . 2010-03-29 07:59 101376 ----a-w- c:\users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-18 19:33 . 2010-04-24 06:30 -------- d-----w- c:\programdata\NVIDIA
2010-06-18 08:07 . 2009-07-14 08:44 627448 ----a-w- c:\windows\system32\perfh005.dat
2010-06-18 08:07 . 2009-07-14 08:44 120518 ----a-w- c:\windows\system32\perfc005.dat
2010-06-17 19:35 . 2010-04-27 17:06 -------- d-----w- c:\users\Tealc\AppData\Roaming\LangSoft
2010-06-12 08:28 . 2010-04-27 10:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-12 02:57 . 2010-05-13 14:27 -------- d-----w- c:\users\Tealc\AppData\Roaming\ICQ
2010-06-10 14:44 . 2010-05-13 12:47 -------- d-----w- c:\users\Tealc\AppData\Roaming\Skype
2010-06-10 14:05 . 2010-05-13 12:49 -------- d-----w- c:\users\Tealc\AppData\Roaming\skypePM
2010-06-09 16:00 . 2010-06-09 16:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_silabser_01009.Wdf
2010-06-09 07:54 . 2010-04-24 19:32 -------- d-----w- c:\programdata\Microsoft Help
2010-06-03 14:48 . 2010-05-09 22:02 -------- d-----w- c:\users\Tealc\AppData\Roaming\Azureus
2010-06-03 12:36 . 2010-04-24 07:15 -------- d-----w- c:\program files\Programy
2010-05-25 11:37 . 2010-05-25 11:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-21 12:14 . 2010-04-24 06:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-14 11:24 . 2010-05-14 10:27 -------- d-----w- c:\programdata\Seznam DVD 2008
2010-05-13 14:08 . 2010-05-13 14:08 -------- d-----w- c:\program files\Common Files\snpstd3
2010-05-13 13:15 . 2010-05-13 13:15 -------- d-----w- c:\program files\DIFX
2010-05-13 12:49 . 2010-05-13 12:49 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-05-13 12:45 . 2010-05-13 12:45 -------- d-----w- c:\program files\Common Files\Skype
2010-05-13 12:45 . 2010-05-13 12:45 -------- d-----w- c:\programdata\Skype
2010-05-12 21:15 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-10 14:03 . 2010-05-10 14:03 -------- d-----w- c:\program files\Windows Virtual PC
2010-05-10 13:57 . 2010-05-10 13:56 -------- d-----w- c:\program files\Windows XP Mode
2010-05-10 13:55 . 2010-05-10 13:47 467714320 ----a-w- c:\users\Tealc\WindowsXPMode_cs-cz.exe
2010-05-10 13:42 . 2010-05-09 17:21 -------- d-----w- c:\users\Tealc\AppData\Roaming\QuickStoresToolbar
2010-05-09 17:28 . 2010-05-09 17:28 -------- d-----w- c:\users\Tealc\AppData\Roaming\Zoner
2010-05-09 17:21 . 2010-05-09 17:21 704248 ----a-w- c:\users\Tealc\AppData\Roaming\QuickStoresToolbar\unins000.exe
2010-05-04 14:41 . 2010-05-01 14:06 -------- d-----w- c:\program files\Hry
2010-05-04 12:42 . 2010-05-04 12:42 -------- d-----w- c:\program files\VID_0E8F&PID_0003
2010-05-04 12:41 . 2010-04-28 10:11 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-03 21:31 . 2010-05-03 21:31 -------- d-----w- c:\users\Tealc\AppData\Roaming\GRETECH
2010-05-01 14:40 . 2010-05-01 14:40 -------- d-----w- c:\users\Tealc\AppData\Roaming\NVIDIA
2010-04-30 09:12 . 2010-04-24 06:40 111000 ----a-w- c:\users\Tealc\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-29 17:12 . 2010-04-29 17:12 -------- d-----w- c:\users\Tealc\AppData\Roaming\Posta
2010-04-29 16:50 . 2010-04-29 16:49 -------- d-----w- c:\programdata\Microsoft NT Ident
2010-04-29 16:49 . 2010-04-29 16:49 -------- d-----w- c:\programdata\Formix
2010-04-29 11:17 . 2010-04-29 11:17 -------- d-----w- c:\program files\MSXML 4.0
2010-04-28 12:03 . 2010-04-28 12:03 -------- d-----w- c:\programdata\LightScribe
2010-04-28 12:01 . 2010-04-28 12:01 -------- d-----w- c:\users\Tealc\AppData\Roaming\Nero
2010-04-28 11:52 . 2010-04-28 11:46 -------- d-----w- c:\programdata\Nero
2010-04-28 11:52 . 2010-04-28 11:52 -------- d-----w- c:\program files\Nero
2010-04-28 11:46 . 2010-04-28 11:45 -------- d-----w- c:\program files\Common Files\Nero
2010-04-28 11:35 . 2010-04-28 11:35 -------- d-----w- c:\program files\Common Files\LightScribe
2010-04-28 10:16 . 2010-04-28 10:16 -------- d-----w- c:\program files\Realtek
2010-04-28 10:12 . 2010-04-28 10:11 -------- d-----w- c:\program files\VIA
2010-04-28 07:59 . 2010-04-28 07:59 -------- d-----w- c:\users\Tealc\AppData\Roaming\FlashGet
2010-04-27 17:11 . 2010-04-27 17:10 798771 ----a-w- c:\programdata\LangSoft\WebIE.dll
2010-04-27 17:11 . 2010-04-27 17:07 -------- d-----w- c:\programdata\LangSoft
2010-04-27 17:11 . 2010-04-27 17:10 299008 ----a-w- c:\programdata\LangSoft\TrnWord.dll
2010-04-27 17:11 . 2010-04-27 17:10 356352 ----a-w- c:\programdata\LangSoft\TrnOutl.dll
2010-04-27 10:38 . 2010-04-27 10:38 -------- d-----w- c:\program files\KYE
2010-04-27 10:38 . 2010-04-27 10:38 -------- d-----w- c:\users\Tealc\AppData\Roaming\InstallShield
2010-04-26 19:21 . 2010-04-26 19:21 -------- d-----w- c:\programdata\FLEXnet
2010-04-26 19:20 . 2010-04-26 19:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-26 19:20 . 2010-04-26 19:20 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-04-24 20:10 . 2010-04-24 20:10 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-04-24 20:06 . 2010-04-24 19:35 -------- d-----w- c:\program files\Microsoft Works
2010-04-24 20:01 . 2010-04-24 20:00 -------- d-----w- c:\program files\QuickTime
2010-04-24 20:00 . 2010-04-24 20:00 -------- d-----w- c:\programdata\Apple Computer
2010-04-24 19:59 . 2010-04-24 19:59 -------- d-----w- c:\program files\Common Files\Apple
2010-04-24 19:59 . 2010-04-24 19:59 -------- d-----w- c:\programdata\Apple
2010-04-24 19:59 . 2010-04-24 19:59 -------- d-----w- c:\program files\Apple Software Update
2010-04-24 19:34 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-04-24 19:34 . 2010-04-24 19:34 -------- d-----w- c:\program files\Microsoft.NET
2010-04-24 19:33 . 2010-04-24 19:32 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-04-24 08:06 . 2010-04-24 08:05 -------- d-----w- c:\programdata\IM
2010-04-24 08:05 . 2010-04-24 08:05 -------- d-----w- c:\programdata\IncrediMail
2010-04-24 08:05 . 2010-04-24 08:05 -------- d-----w- c:\program files\IncrediMail
2010-04-24 07:29 . 2010-04-24 07:29 -------- d-----w- c:\program files\Common Files\Java
2010-04-24 07:28 . 2010-04-24 07:28 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-24 07:28 . 2010-04-24 07:28 -------- d-----w- c:\program files\Java
2010-04-24 06:49 . 2010-04-24 06:49 0 ----a-w- c:\windows\nsreg.dat
2010-04-24 06:30 . 2010-04-24 06:29 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-24 06:26 . 2010-04-24 06:26 -------- d-----w- c:\program files\SystemRequirementsLab
2010-04-24 06:04 . 2010-04-24 06:04 -------- d-sh--we c:\programdata\Plocha
2010-04-24 06:04 . 2010-04-24 06:04 -------- d-sh--we c:\programdata\Oblíbené položky
2010-04-24 06:04 . 2010-04-24 06:04 -------- d-sh--we c:\programdata\Šablony
2010-04-24 06:04 . 2010-04-24 06:04 -------- d-sh--we c:\programdata\Nabídka Start
2010-04-24 06:04 . 2010-04-24 06:04 -------- d-sh--we c:\programdata\Dokumenty
2010-04-24 06:04 . 2010-04-24 06:04 -------- d-sh--we c:\programdata\Data aplikací
2010-04-24 05:59 . 2010-04-24 05:59 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-07 19:08 . 2010-04-07 19:08 41312 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2010-04-07 19:08 . 2010-04-07 19:08 32584 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-04-07 19:08 . 2010-04-07 19:08 134488 ----a-w- c:\windows\system32\drivers\epfw.sys
2010-04-07 19:07 . 2010-04-07 19:07 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-04-07 19:03 . 2010-04-07 19:03 133512 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-04-03 16:27 . 2010-04-03 16:27 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-04-03 16:27 . 2010-04-03 16:27 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-04-03 16:27 . 2010-04-03 16:27 1515624 ----a-w- c:\windows\system32\nvsvcr.dll
2010-04-03 16:27 . 2010-04-03 16:27 13683816 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 16:27 . 2010-04-03 16:27 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-04-03 16:27 . 2010-04-03 16:27 110696 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-06-17 353736]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"FlashGet 3"="c:\program files\Programy\Internet\FlashGet\Flashget3.exe" [2009-12-22 2127408]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"AutoStartNPSAgent"="c:\program files\Programy\MT\Samsung PC Studio\NPSAgent.exe" [2009-12-17 116056]
"Google Update"="c:\users\Tealc\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-05-25 136176]
"Nexus Radio"="c:\program files\Programy\Internet\Nexus Radio\Nexus Radio.exe" [2010-06-03 4699136]
"SpybotSD TeaTimer"="c:\program files\Programy\Ochrana PC\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe Acrobat Speed Launcher"="c:\program files\Programy\Uzitecny SW\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Programy\Uzitecny SW\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"CHotkey"="mHotkey.exe" [2007-01-15 550912]
"ShowOSD"="OSDShow.exe" [2007-01-15 28672]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 1486848]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-30 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-05-06 2815192]

c:\users\Tealc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-27 136176]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2010-02-02 43520]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2010-02-16 63488]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-21 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-21 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-21 121856]
R3 vpcuxd;Služba zástupné procedury virtualizace rozhraní USB;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 12800]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-14 697328]
S1 aswSP;aswSP; [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-04-07 133512]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-04-07 41312]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-12-17 238952]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Programy\Ochrana PC\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-12-14 36608]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-08-17 1077760]


--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - FSUSBEXDISK

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-27 10:36]

2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-27 10:36]

2010-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1799825571-120127457-2417961916-1001Core.job
- c:\users\Tealc\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-25 12:04]

2010-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1799825571-120127457-2417961916-1001UA.job
- c:\users\Tealc\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-25 12:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
IE: ????3??
IE: ????3??????
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all by FlashGet3 - c:\users\Tealc\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\Tealc\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Stahnou vse FlashGet3 - c:\program files\Programy\Internet\FlashGet\GetAllUrl.htm
IE: Stahnout FlashGet3 - c:\program files\Programy\Internet\FlashGet\GetUrl.htm
IE: ????3?? - c:\users\Tealc\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\users\Tealc\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\Programy\Internet\ICQ7.1\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
Trusted Zone: kuaiche.com\software
FF - ProfilePath - c:\users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/coolchaser_game/ws/redir?_iceUrl=true&user_id=34777753&tool_id=60531&qkw=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\Programy\Grafika\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Programy\Uzitecny SW\Acrobat 9.0\Acrobat\browser\nppdf32.dll
FF - plugin: c:\users\Tealc\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Nektra OEAPI - (no file)
HKCU-Run-OEXPRESS - (no file)
HKCU-Run-WEBTRAN - (no file)
HKLM-Run-NPSStartup - (no file)
AddRemove-PC Translator - c:\users\Tealc\AppData\Local\Temp\UN32.EXE
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,1c,1b,74,3e,59,2f,42,ab,05,be,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,1c,1b,74,3e,59,2f,42,ab,05,be,\

[HKEY_USERS\S-1-5-21-1799825571-120127457-2417961916-1001\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@="c:\\Users\\Tealc\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-1799825571-120127457-2417961916-1001\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@="c:\\Users\\Tealc\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\system volume information\Microsoft\services.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\nvvsvc.exe
c:\system volume information\Microsoft\smss.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Programy\Vypalovaci SW\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\MODPS2KEY.EXE
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\conhost.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\mHotkey.exe
c:\windows\OSDShow.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\IncrediMail\Bin\ImApp.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2010-06-18 21:37:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-06-18 19:37

Před spuštěním: Volných bajtů: 485 349 134 336
Po spuštění: Volných bajtů: 485 289 385 984

- - End Of File - - C55D78F50225370829A7FE6D9B915BB1

[Caroprd111]

Doporučuji odinstalovat Spybot - Search and Destroy.


Následující soubor/y otestujte na http://www.virustotal.com/cs/
c:\windows\system32\plroutingdll.dll
c:\windows\system32\plplacesystemdll.dll

(Soubor/y nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)


Pokud nemáte, přesuňte Combofix na plochu

• Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

Folder::
c:\users\Tealc\AppData\Local\temp
c:\users\Default\AppData\Local\temp
c:\windows\system32\%USERPROFILE%

DDS:
IE: ????3??
IE: ????3??????

RegNull::
[HKEY_USERS\S-1-5-21-1799825571-120127457-2417961916-1001\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3* 
[HKEY_USERS\S-1-5-21-1799825571-120127457-2417961916-1001\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3* 
N}ŹhQčţ”Ąc]

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

• Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
• Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
  
  
• Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[Tealc_EU]

http://www.virustotal.com/cs/analisis/2 ... 1276894586


http://www.virustotal.com/cs/analisis/4 ... 1276894709