virus Security tool

[Weenie]

zdravim,

dnes pri browsovani na webe som zrejme lapil virus security tool
snazil som sa tuna na fore najst uz nejaky navod..,.aj som nasiel ale bola tam aj rada ze sa nikto nema riadit ziadnym navodom a vzdy zalozit novu temu:)

a chcem este upozornit ze som dost velky zaciatocnik co sa tohto tyka takze poprosim vysvetlovat a radit ako teliatku:)) a mimochodom niesom v nudzovom rezime neviem sa tam dostat je to problem?:)

log z RSIT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by tam at 2010-08-24 12:24:22
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 41 GB (43%) free of 95 GB
Total RAM: 991 MB (54% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\Acrobat Update.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-764733703-1177238915-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-764733703-1177238915-1003UA.job
C:\WINDOWS\tasks\NCRUSQKRHN.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-764733703-1177238915-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-764733703-1177238915-1003.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\Program Files\ICQToolbar\toolbaru.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-05-26 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll [2009-07-16 664888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D}]
XML Class - C:\WINDOWS\system32\msxml71.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61263B8A-627D-7A29-8C4B-351509A898B7}]
cashtitan browser enhancer - C:\WINDOWS\system32\qetjuayfpdo.dll [2010-08-06 394240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-25 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-10 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-10 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-03-28 1017592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-11-22 16858112]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-03-17 421888]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"C:\WINDOWS\system32\kdrqu.exe"=C:\WINDOWS\system32\kdrqu.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-05-26 202256]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]
"emhitaobyjuhnveew"=C:\WINDOWS\System32\regsvr32.exe [2008-04-14 12288]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-07-08 13762560]
"nwiz"=nwiz.exe /installquiet []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-07-08 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Steam"=c:\program files\steam\steam.exe [2010-08-24 1242448]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe /background []
"AdobeBridge"= []
"Octoshape Streaming Services"=C:\Documents and Settings\tam\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [2009-01-08 70936]
"Google Update"=C:\Documents and Settings\tam\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Agike"=C:\WINDOWS\nvsmfn.dll [2008-04-14 71168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"46357"=C:\DOCUME~1\tam\LOCALS~1\DATAAP~1\46357.exe [2010-08-24 1026560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet32]
C:\WINDOWS\system32\cryptnet32.dll [2010-08-24 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winveg32]
C:\WINDOWS\system32\winveg32.dll [2010-08-19 80896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
AfaKq - {F073992E-5AD9-3384-04FA-03BCC1CFCF69} - C:\WINDOWS\system32\tnd.dll [2009-03-21 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=kdrqu.exe []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Counter-Strike 1.6\hltv.exe"="C:\Program Files\Counter-Strike 1.6\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Disabled:GameSpy Arcade"
"C:\Program Files\Vietcong\vietcong.exe"="C:\Program Files\Vietcong\vietcong.exe:*:Disabled:vietcong"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\mIRC v6.15 sk\mirc.exe"="C:\Program Files\mIRC v6.15 sk\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Documents and Settings\tam\Plocha\povhltv\hltv.exe"="C:\Documents and Settings\tam\Plocha\povhltv\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Documents and Settings\tam\Plocha\hltv\hltv.exe"="C:\Documents and Settings\tam\Plocha\hltv\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Program Files\Steam\steamapps\phioneer\dedicated server\hltv.exe"="C:\Program Files\Steam\steamapps\phioneer\dedicated server\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\EslWire\wire.exe"="C:\Program Files\EslWire\wire.exe:*:Enabled:ESL Wire Client"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\flexi_dfs\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\flexi_dfs\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\fugas1994\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\fugas1994\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\khlemr\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\khlemr\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\lukesin15\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\lukesin15\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steam.exe"="C:\Program Files\Steam\steam.exe:*:Enabled:Steam"
"C:\Documents and Settings\tam\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe"="C:\Documents and Settings\tam\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:OctoshapeClient.exe"
"C:\Program Files\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe:*:Enabled:left4dead2"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Teamspeak2_RC2\server_windows.exe"="C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\tam\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\tam\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Documents and Settings\tam\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\tam\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\Steam\steamapps\phioneer\dedicated server\hlds.exe"="C:\Program Files\Steam\steamapps\phioneer\dedicated server\hlds.exe:*:Enabled:Dedicated Server"
"C:\Documents and Settings\tam\Plocha\NOVE MOVIE\genArts sapphire plugins\GENARTS_SAPPHIRE\rlm.exe"="C:\Documents and Settings\tam\Plocha\NOVE MOVIE\genArts sapphire plugins\GENARTS_SAPPHIRE\rlm.exe:*:Enabled:rlm"
"C:\Program Files\GenArts\rlm\rlm.exe"="C:\Program Files\GenArts\rlm\rlm.exe:*:Enabled:rlm"
"C:\Program Files\Adobe\Adobe After Effects CS4\Support Files\AfterFX.exe"="C:\Program Files\Adobe\Adobe After Effects CS4\Support Files\AfterFX.exe:*:Enabled:Adobe After Effects CS4"
"C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe:*:Enabled:winver"
"C:\Program Files\Steam\steamapps\phioneer\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\phioneer\counter-strike\hl.exe:*:Enabled:Counter-Strike"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-08-24 12:14:32 ----D---- C:\Program Files\trend micro
2010-08-24 12:07:21 ----D---- C:\WINDOWS\RegLooks
2010-08-24 12:03:40 ----D---- C:\rsit
2010-08-24 11:40:54 ----A---- C:\WINDOWS\system32\shimg.dll
2010-08-24 11:40:54 ----A---- C:\WINDOWS\system32\cryptnet32.dll
2010-08-24 00:41:17 ----D---- C:\Program Files\Magic Bullet Suite 2.1
2010-08-24 00:40:14 ----D---- C:\Program Files\Magic Bullet Looks
2010-08-23 23:42:41 ----A---- C:\WINDOWS\system32\Engine3D.dll
2010-08-23 23:39:57 ----A---- C:\WINDOWS\WORDPAD.INI
2010-08-23 23:34:35 ----A---- C:\WINDOWS\system32\sapphire_ae.dll
2010-08-23 14:16:19 ----D---- C:\NVIDIA
2010-08-23 13:50:48 ----D---- C:\Program Files\Magic Bullet Mojo Vegas
2010-08-23 13:47:20 ----RASH---- C:\WINDOWS\system32\kbdfi9.dll
2010-08-23 13:47:00 ----A---- C:\WINDOWS\system32\uepzunjvwporzc.exe
2010-08-22 09:47:17 ----D---- C:\Program Files\Audacity1.2.6
2010-08-19 22:14:38 ----A---- C:\WINDOWS\system32\winveg32.dll
2010-08-19 22:14:31 ----A---- C:\WINDOWS\system32\winzdo32.dll
2010-08-19 22:14:23 ----A---- C:\WINDOWS\system32\winbjd32.dll
2010-08-19 22:13:44 ----A---- C:\WINDOWS\system32\winsaj32.dll
2010-08-19 21:52:50 ----D---- C:\Program Files\Cycore FX 1.0.1
2010-08-07 20:31:28 ----D---- C:\Program Files\Digieffects
2010-08-06 14:29:48 ----A---- C:\WINDOWS\system32\qetjuayfpdo.dll
2010-08-03 12:53:53 ----D---- C:\Presets
2010-08-03 12:53:53 ----A---- C:\Program Files\uninst-Particular.exe
2010-08-03 12:51:28 ----A---- C:\Program Files\uninst-Lux.exe
2010-08-03 12:50:35 ----D---- C:\Program Files\Trapcode Form
2010-08-03 12:47:23 ----A---- C:\Program Files\uninst-Echospace.exe
2010-08-03 12:45:22 ----D---- C:\Program Files\Trapcode

======List of files/folders modified in the last 1 months======

2010-08-24 12:24:25 ----SD---- C:\WINDOWS\Tasks
2010-08-24 12:24:17 ----D---- C:\WINDOWS\Temp
2010-08-24 12:24:09 ----D---- C:\Program Files\Steam
2010-08-24 12:23:22 ----D---- C:\WINDOWS\system32
2010-08-24 12:14:32 ----RD---- C:\Program Files
2010-08-24 12:07:21 ----D---- C:\WINDOWS
2010-08-24 11:41:01 ----D---- C:\Program Files\Mozilla Firefox
2010-08-24 00:06:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-23 23:55:50 ----D---- C:\Program Files\Adobe
2010-08-23 23:52:40 ----SHD---- C:\WINDOWS\Installer
2010-08-23 23:42:34 ----D---- C:\WINDOWS\Prefetch
2010-08-23 23:34:30 ----A---- C:\WINDOWS\win.ini
2010-08-23 20:30:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google Updater
2010-08-23 18:25:55 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-23 14:21:35 ----SHD---- C:\System Volume Information
2010-08-23 14:21:35 ----D---- C:\WINDOWS\system32\Restore
2010-08-23 14:18:38 ----D---- C:\WINDOWS\Help
2010-08-23 14:17:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-23 14:17:41 ----D---- C:\WINDOWS\system32\drivers
2010-08-23 14:17:36 ----HD---- C:\WINDOWS\inf
2010-08-23 14:08:57 ----D---- C:\Program Files\BitComet
2010-08-23 13:45:20 ----D---- C:\Downloads
2010-08-22 13:42:11 ----D---- C:\Documents and Settings\tam\Data aplikací\ICQ
2010-08-22 09:49:03 ----D---- C:\Documents and Settings\tam\Data aplikací\Audacity
2010-08-21 17:22:43 ----D---- C:\Program Files\Counter-Strike 1.6
2010-08-21 16:35:00 ----A---- C:\WINDOWS\NeroDigital.ini
2010-08-19 13:59:10 ----RD---- C:\HUDBA
2010-08-16 14:18:48 ----D---- C:\Program Files\Absolute Poker
2010-08-16 12:27:01 ----D---- C:\Documents and Settings\tam\Data aplikací\Microgaming
2010-08-15 09:54:26 ----D---- C:\Program Files\ICQ7.2
2010-08-03 16:20:48 ----RSD---- C:\WINDOWS\Fonts
2010-08-01 16:29:02 ----D---- C:\Documents and Settings\tam\Data aplikací\HLSW
2010-07-26 22:10:08 ----D---- C:\Shoty
2010-07-26 19:52:05 ----A---- C:\WINDOWS\MSUTIL.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-11-14 43528]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-06-16 691696]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-27 4630016]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-07-08 7967712]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-03-06 58752]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-03-06 19968]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780}; \??\C:\WINDOWS\TEMP\28.tmp []
S3 azzkqvy5;azzkqvy5; C:\WINDOWS\system32\drivers\azzkqvy5.sys []
S3 dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Ovladač třídy skeneru standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-07-01 25280]
S3 Ndisprot;ArcNet NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\Ndisprot.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 17408]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-10 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-07-08 168004]
R2 RLM-GenArts;RLM-GenArts; C:\Program Files\GenArts\rlm\rlm.exe [2010-04-02 1540096]
S2 gupdate1c99694d879faee;Služba Google Update (gupdate1c99694d879faee); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-24 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-14 17408]
S2 vvdsvc;VJVodClientServices; C:\WINDOWS\System32\svchost.exe [2008-04-14 17408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-07-21 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Weenie]

uz sa mi podarilo dostat aj do nudzoveho rezimu...prosim velmi pekne o pomoc dakujem:)

[stell]

Zdravim
stiahni na plochu a spust:
http://download.bleepingcomputer.com/grinler/rkill.scr
http://download.bleepingcomputer.com/bats/hostsperm.bat
Odteraz v ziadnom pripade nerestartovat pocitac.
Stiahnes>>Malwarebytes' Anti-Malware stiahnut-nainstalovat -aktualizovat-sprav-Rychly skan,-co najde zmaz log vloz sem.

[Weenie]

skenujem...uz 10 min...trva to dlho?:)

mimochodom ten rkill.scr mi vygeneroval nejaky txt subor...s nim nic?
a to druhe hostsperm.bat sa mi otvorilo len asi na polsekundy a hned sa zavrelo...je to ok?

[Weenie]

LOG Z TOHO MALVAREBYTES:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4469

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

24. 8. 2010 13:46:14
mbam-log-2010-08-24 (13-46-14).txt

Typ skenu: Rychlý sken
Skenované objekty: 163203
Uplynulý čas: 13 minuta(y), 46 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 2
Infikované klíče registru: 19
Infikované hodnoty registru: 3
Infikované datové položky registru: 4
Infikované složky: 0
Infikované soubory: 24

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
C:\WINDOWS\system32\cryptnet32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\winveg32.dll (Trojan.Agent) -> No action taken.

Infikované klíče registru:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\{def85c80-216a-43ab-af70-1665edbe2780} (Backdoor.Sinowal) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61263b8a-627d-7a29-8c4b-351509a898b7} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{61263b8a-627d-7a29-8c4b-351509a898b7} (Adware.BHO) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\agike (Trojan.Hiloti.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\emhitaobyjuhnveew (Trojan.Agent) -> No action taken.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdrqu.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\WINDOWS\system32\cryptnet32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\nvsmfn.dll (Trojan.Hiloti.Gen) -> No action taken.
C:\Documents and Settings\tam\Local Settings\Temp\27F.exe (Trojan.BHO) -> No action taken.
C:\Documents and Settings\tam\Local Settings\Temp\3A9.tmp (Rootkit.TDSS.Gen) -> No action taken.
C:\Documents and Settings\tam\Local Settings\Temp\EodFucFprm.exe (Trojan.Hiloti.Gen) -> No action taken.
C:\Documents and Settings\tam\Local Settings\Temp\VePUTUBzyS.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\tam\Local Settings\Temp\_3A5.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\rsyncini.exe (Trojan.Shutdowner) -> No action taken.
C:\Documents and Settings\tam\Local Settings\Temporary Internet Files\Content.IE5\0FBCFJAX\setup[1].exe (Rootkit.TDSS.Gen) -> No action taken.
C:\Documents and Settings\tam\Local Settings\Temporary Internet Files\Content.IE5\OQ5I0F8G\setup[1].exe (Trojan.Hiloti.Gen) -> No action taken.
C:\Documents and Settings\tam\Local Settings\Temporary Internet Files\Content.IE5\Z487OPJ9\setup[1].exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\tam\Nabídka Start\Programy\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.
C:\WINDOWS\system32\crt.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\shimg.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\winbjd32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\winsaj32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\winveg32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\winzdo32.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\tam\Local Settings\Temp\0.9516347860043761.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\tam\Local Settings\Temp\svchost.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\Acrobat Update.job (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\qetjuayfpdo.dll (Trojan.Agent) -> No action taken.

[stell]

len, kludne, nie je to dlho, nakolko mas infikovany pocitac, a security tool, nie je hocijaka infekcia,,Co Nasiel vsetko zmaz.
RKILL-ok,log netreba,Hostperm,ok,takto ma byt, .
Co najde MBAM-zmaz, log vloz sem, potom skontroluj toto:
start-ovladacie panely-moznosti internetu-pripojenie-dole v pravo gombik-nastavenie mistni site lan-ak je fajka v pouzit proxy,,,,,,vybrat-fajku-zmazat-ok-pouzit ak to budes mat tak napis.

[Weenie]

ok a pisal si ze nemam restartovat pc ale ked to zmazem tak po mne chce restart uz mozem?:) a ak ano zase mam ist do nudzoveho rezimu?

[Weenie]

tu mas ten log po delete:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4469

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

24. 8. 2010 13:51:57
mbam-log-2010-08-24 (13-51-57).txt

Typ skenu: Rychlý sken
Skenované objekty: 163203
Uplynulý čas: 13 minuta(y), 46 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 2
Infikované klíče registru: 19
Infikované hodnoty registru: 3
Infikované datové položky registru: 4
Infikované složky: 0
Infikované soubory: 24

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
C:\WINDOWS\system32\cryptnet32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\winveg32.dll (Trojan.Agent) -> Delete on reboot.

Infikované klíče registru:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\{def85c80-216a-43ab-af70-1665edbe2780} (Backdoor.Sinowal) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61263b8a-627d-7a29-8c4b-351509a898b7} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{61263b8a-627d-7a29-8c4b-351509a898b7} (Adware.BHO) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\agike (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\emhitaobyjuhnveew (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdrqu.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\WINDOWS\system32\cryptnet32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\nvsmfn.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\tam\Local Settings\Temp\27F.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\tam\Local Settings\Temp\3A9.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\tam\Local Settings\Temp\EodFucFprm.exe (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\tam\Local Settings\Temp\VePUTUBzyS.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\tam\Local Settings\Temp\_3A5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rsyncini.exe (Trojan.Shutdowner) -> Quarantined and deleted successfully.
C:\Documents and Settings\tam\Local Settings\Temporary Internet Files\Content.IE5\0FBCFJAX\setup[1].exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\tam\Local Settings\Temporary Internet Files\Content.IE5\OQ5I0F8G\setup[1].exe (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\tam\Local Settings\Temporary Internet Files\Content.IE5\Z487OPJ9\setup[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\tam\Nabídka Start\Programy\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crt.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shimg.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winbjd32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsaj32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winveg32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\winzdo32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\tam\Local Settings\Temp\0.9516347860043761.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\tam\Local Settings\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Acrobat Update.job (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qetjuayfpdo.dll (Trojan.Agent) -> Quarantined and deleted successfully.

[stell]

ano, uz mozes, dovolit restart, nakolko uz MBAM ide mazat, ano uz to spust do windows, a skontroluj ,moznosti internetu, tak ako som napisal.

[Weenie]

tak restartoval som comp...ten security tool mi tu stale robi sarapatu...

a prepac ale neviem to najst neviem co myslis...ovladacie panely - pripojenie k siti a internetu -sitova pripojeni? ale neviem aku fajku myslis a aky gombik vpravo dole...nevidim tam nic take

OS windows xp proffesional

[stell]

ovladacie panely-Moznosti internetu-pripojenie-a v pravo dole na karte je tlacitko nastavenie siete lan, a ak tu je zafajknute proxy,,zmazat fajku.

[Weenie]

no to som asi debil ale nemam tam nic take:) nemozes mi to odscreenovat?:) sorry fakt ale nic take tam nemam v ovladacich paneloch

[stell]

mas, ale vlavo hore prepni na klasicke zobrazovanie-tam je text klik-potom klikni na moznosti internetu,,atd,, ak nenajdes kasli na to, vloz sem novy log z RSIT a budeme pokracovat.

[stell]

mas, ale vlavo hore prepni na klasicke zobrazovanie-tam je text klik-potom klikni na moznosti internetu,,atd,, ak nenajdes kasli na to, vloz sem novy log z RSIT a budeme pokracovat.

[Weenie]

okej okej nasiel som to boze ja som... ale nemal som to ani zaskrtnute:) takze log z RKIS takze to musim ist zase do nudzoveho rezimu boze minutku...