VIRY.CZ

Zdravíčko, mám taký problém, že bol som prihlasený na skype a prišlo mi od kamaráta toto " Foto link " NESTAHOVAT !!!!!!!!!!!!!!!!!!!a neviem pýtal som sa ho, "že to čo je?" a on "že nevie." No a chyba je v tom, že som sa ho to opýtal až po stiahnutý a naištalovaný toho súboru (som si myslel, že mi dajaké foto chce ukázať ) No a teraz keď to už mám v PC zažraté tak mi nejde spustiť GOOGLE CHROME, uplne padol, stále ma chce prihlasovať na skype a tak. Kamaratovi, že to vyhadzuje čierne okna...tak by som Vás poprosil o nejakú pomoc. Vopred ďakujem. + samozrejme, že som si stiahol skúšobnú verzia ESS4 a spravil kontrolu..našlo 31 vírov...ale neviem aj tak PC nieje Ok.

Ahoj.

Hoed sem, prosim, log z RSITU.

Tu je navod : http://viry.cz/forum/viewtopic.php?f=24&t=81939

[quote="Diallix"]Tu je navod : http://viry.cz/forum/viewtopic.php?f=24&t=81939[/quoSom nevedel ze ten log tu mozem len tak supnut...no newa...tu je log : Logfile of random's system information tool 1.08 (written by random/random)
Run by Golis family at 2010-10-10 22:38:45
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 11 GB (28%) free of 40 GB
Total RAM: 1789 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:38:57, on 10. 10. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Bywifi\bywifi.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ClocX\ClocX.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\nvsvc32.exe
C:\Program Files\AccuWeather.com Stratus\AccuWeather.com Stratus.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Golis family\Data aplikací\C-76947-8457-2745\wincdrsvn.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Olufya.exe
C:\DOCUME~1\GOLISF~1\LOCALS~1\Temp\Osd.exe
C:\Program Files\ICQ7.1\ICQ.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Golis family\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Golis family.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.Facesounds.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ssm&s={searchTerms}&f=4
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof0.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
R3 - URLSearchHook: Brothersoft Toolbar - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBro1.dll
R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: FMTLB0001 - {3873F029-A2F7-42D1-94C1-A35ED1C59096} - C:\Program Files\FaceSounds Toolbar\tbcore3.dll
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof0.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.3.62.1\facemoods.dll
O2 - BHO: wit for ie - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - (no file)
O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - C:\Program Files\Bywifi\bywifiie.dll
O2 - BHO: chameleontom - {d0418393-40ee-8c3e-cc8a-9f94198b7ea0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Brothersoft Toolbar - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBro1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof0.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.3.62.1\facemoodsTlbr.dll
O3 - Toolbar: Brothersoft Toolbar - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\tbBro1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: FaceSounds Toolbar - {8B52078D-B630-4B00-A0AB-54D51CEDD9AA} - C:\Program Files\FaceSounds Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [bywifi] C:\Program Files\Bywifi\bywifi.exe "-silent"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S3CD5.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NVIDIA driver monitor] C:\WINDOWS\nvsvc32.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKCU\..\Run: [bywifi] C:\Program Files\Bywifi\bywifi.exe "-silent"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Golis family\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NVIDIA driver monitor] C:\WINDOWS\nvsvc32.exe
O4 - HKCU\..\Run: [WindowsDriverControl] C:\Documents and Settings\Golis family\Data aplikací\C-76947-8457-2745\wincdrsvn.exe
O4 - HKCU\..\Run: [KOO9RV9K4Z] C:\DOCUME~1\GOLISF~1\LOCALS~1\Temp\Osd.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AccuWeather.lnk = C:\Program Files\AccuWeather.com Stratus\AccuWeather.com Stratus.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... 2010092913
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bywifi: Video Stahovač - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe
O9 - Extra 'Tools' menuitem: Bywifi: Video Stahovač - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Bywifi: Video Stahovač - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (HKCU)
O9 - Extra 'Tools' menuitem: Bywifi: Video Stahovač - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (HKCU)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 12978 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-823518204-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-823518204-725345543-1003UA.job
C:\WINDOWS\tasks\WGASetup.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-07-17 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3873F029-A2F7-42D1-94C1-A35ED1C59096}]
FMTLB0001 Class - C:\Program Files\FaceSounds Toolbar\tbcore3.dll [2010-06-11 2604032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\tbSof0.dll [2010-09-15 2735200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
CescrtHlpr Object - C:\Program Files\facemoods.com\facemoods\1.3.62.1\facemoods.dll [2010-05-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4743D3E-20D7-4B52-84F2-5E4E277B2D82}]
BywifiBHO Class - C:\Program Files\Bywifi\bywifiie.dll [2010-01-05 720896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d0418393-40ee-8c3e-cc8a-9f94198b7ea0}]
chameleontom

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
Brothersoft Toolbar - C:\Program Files\Brothersoft\tbBro1.dll [2010-09-15 2735200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_0.dll [2010-09-15 2735200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-10-04 1049912]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-07-17 279944]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\tbSof0.dll [2010-09-15 2735200]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_0.dll [2010-09-15 2735200]
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - facemoods Toolbar - C:\Program Files\facemoods.com\facemoods\1.3.62.1\facemoodsTlbr.dll [2010-05-14 163840]
{e8de9422-3b2c-4243-bf6f-235da84d8ef8} - Brothersoft Toolbar - C:\Program Files\Brothersoft\tbBro1.dll [2010-09-15 2735200]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888]
{8B52078D-B630-4B00-A0AB-54D51CEDD9AA} - FaceSounds Toolbar - C:\Program Files\FaceSounds Toolbar\tbcore3.dll [2010-06-11 2604032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-07-16 61440]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-08-26 16851456]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"ClocX"=C:\Program Files\ClocX\ClocX.exe [2007-07-26 270336]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-06-29 74752]
"bywifi"=C:\Program Files\Bywifi\bywifi.exe [2010-01-05 2199552]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"EPSON Stylus DX4000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE [2006-02-21 131072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"NVIDIA driver monitor"=C:\WINDOWS\nvsvc32.exe [2010-10-10 59392]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-08-12 2215064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"ClocX"=C:\Program Files\ClocX\ClocX.exe [2007-07-26 270336]
"bywifi"=C:\Program Files\Bywifi\bywifi.exe [2010-01-05 2199552]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-09-02 13351304]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2010-03-19 2363392]
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2010-08-07 353736]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"Google Update"=C:\Documents and Settings\Golis family\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-09-11 136176]
"NVIDIA driver monitor"=C:\WINDOWS\nvsvc32.exe [2010-10-10 59392]
"WindowsDriverControl"=C:\Documents and Settings\Golis family\Data aplikací\C-76947-8457-2745\wincdrsvn.exe [2010-10-10 225280]
"KOO9RV9K4Z"=C:\DOCUME~1\GOLISF~1\LOCALS~1\Temp\Osd.exe [2010-10-10 186368]

C:\Documents and Settings\Golis family\Nabídka Start\Programy\Po spuštění
AccuWeather.lnk - C:\Program Files\AccuWeather.com Stratus\AccuWeather.com Stratus.exe
Stardock ObjectDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
Y'z ToolBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-08-01 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll [2001-12-20 24576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bywifi\bywifi.exe"="C:\Program Files\Bywifi\bywifi.exe:*:Enabled:Bywifi: Video Streaming Accelerator"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\IncrediMail\Bin\IncMail.exe"="C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\Bin\ImApp.exe"="C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\Bin\ImpCnt.exe"="C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\nainstalovanehry\PROTOTYPE\prototypef.exe"="D:\nainstalovanehry\PROTOTYPE\prototypef.exe:*:Enabled:Prototype(TM)"
"D:\nainstalovanehry\BF2\BF2.exe"="D:\nainstalovanehry\BF2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"D:\nainstalovanehry\WOTLK\World of Warcraft\Launcher.exe"="D:\nainstalovanehry\WOTLK\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Documents and Settings\Golis family\Plocha\P185623111.JPG-www.facebook.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Documents and Settings\Golis family\Data aplikací\C-76947-8457-2745\wincdrsvn.exe"="C:\Documents and Settings\Golis family\Data aplikací\C-76947-8457-2745\wincdrsvn.exe:*:Enabled:WindowsDriverControl"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-10-10 21:38:06 ----D---- C:\Program Files\trend micro
2010-10-10 21:38:05 ----D---- C:\rsit
2010-10-10 20:51:52 ----A---- C:\WINDOWS\Olufya.exe
2010-10-10 20:51:22 ----A---- C:\WINDOWS\system32\sshnas21.dll
2010-10-10 20:30:24 ----AH---- C:\WINDOWS\system32\winrtsnr.txt
2010-10-10 20:30:23 ----RSHD---- C:\Documents and Settings\Golis family\Data aplikací\C-76947-8457-2745
2010-10-10 20:27:27 ----A---- C:\tsa.exe
2010-10-10 18:53:59 ----D---- C:\Documents and Settings\Golis family\Data aplikací\ESET
2010-10-10 18:53:31 ----D---- C:\WINDOWS\LastGood
2010-10-10 17:09:40 ----RSH---- C:\WINDOWS\nvsvc32.exe
2010-09-29 19:06:31 ----D---- C:\Program Files\MyWebSearch
2010-09-29 19:06:31 ----D---- C:\Program Files\FunWebProducts
2010-09-28 22:43:12 ----D---- C:\Program Files\AccuWeather.com Stratus
2010-09-16 18:54:16 ----D---- C:\Program Files\Common Files\Java
2010-09-16 18:54:03 ----A---- C:\WINDOWS\system32\javaws.exe
2010-09-16 18:54:03 ----A---- C:\WINDOWS\system32\javaw.exe
2010-09-16 18:54:03 ----A---- C:\WINDOWS\system32\java.exe
2010-09-15 15:35:32 ----D---- C:\Documents and Settings\Golis family\Data aplikací\Toolbar4
2010-09-15 15:28:40 ----D---- C:\Program Files\FaceSounds Toolbar
2010-09-13 20:22:00 ----D---- C:\Program Files\NVIDIA Corporation
2010-09-13 20:20:34 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

======List of files/folders modified in the last 1 months======

2010-10-10 22:38:54 ----D---- C:\WINDOWS\Temp
2010-10-10 22:38:53 ----D---- C:\WINDOWS\Prefetch
2010-10-10 22:13:57 ----SHD---- C:\WINDOWS\Installer
2010-10-10 22:13:43 ----D---- C:\Program Files\Opera
2010-10-10 21:57:03 ----SD---- C:\WINDOWS\Tasks
2010-10-10 21:53:25 ----D---- C:\Documents and Settings\Golis family\Data aplikací\Skype
2010-10-10 21:38:06 ----RD---- C:\Program Files
2010-10-10 21:27:25 ----AD---- C:\WINDOWS\system32
2010-10-10 20:51:52 ----D---- C:\WINDOWS
2010-10-10 19:20:37 ----A---- C:\WINDOWS\NeroDigital.ini
2010-10-10 18:53:42 ----HD---- C:\WINDOWS\inf
2010-10-10 18:53:42 ----D---- C:\WINDOWS\system32\drivers
2010-10-10 18:53:30 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-10 18:53:06 ----D---- C:\Program Files\ESET
2010-10-10 18:53:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-10-10 17:10:26 ----D---- C:\Program Files\ICQ6Toolbar
2010-10-10 16:00:15 ----D---- C:\Documents and Settings\Golis family\Data aplikací\skypePM
2010-10-09 23:18:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-09 21:13:08 ----D---- C:\Program Files\Mozilla Firefox
2010-10-09 12:02:56 ----D---- C:\WINDOWS\system32\config
2010-10-08 21:46:32 ----D---- C:\Program Files\ICQ7.1
2010-10-06 20:32:38 ----D---- C:\Program Files\TeamSpeak 3 Client
2010-09-29 10:02:46 ----D---- C:\Program Files\Adobe
2010-09-29 10:02:45 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-09-28 13:50:31 ----D---- C:\Documents and Settings\Golis family\Data aplikací\uTorrent
2010-09-19 21:47:10 ----D---- C:\WINDOWS\security
2010-09-17 13:47:25 ----D---- C:\Program Files\uTorrent
2010-09-16 18:54:16 ----D---- C:\Program Files\Common Files
2010-09-16 18:54:01 ----D---- C:\Program Files\Java
2010-09-15 15:36:03 ----D---- C:\Program Files\Softonic-Eng7
2010-09-15 15:36:03 ----D---- C:\Program Files\BS_Player
2010-09-15 15:36:03 ----D---- C:\Program Files\Brothersoft
2010-09-13 20:14:19 ----D---- C:\WINDOWS\system32\DirectX
2010-09-13 20:13:56 ----RSD---- C:\WINDOWS\assembly
2010-09-13 18:17:16 ----D---- C:\WINDOWS\Logs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ahcix86;ahcix86; C:\WINDOWS\system32\drivers\ahcix86.sys [2008-05-27 174600]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 pavboot;pavboot; C:\WINDOWS\system32\drivers\pavboot.sys [2009-06-30 28552]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-04-29 691696]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-08-03 55256]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-07-29 134512]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-01 3266560]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-07-29 32608]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-08-06 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-27 4754432]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtHDMI.sys [2008-08-26 3684352]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-08-07 111360]
S3 a8brcxdv;a8brcxdv; C:\WINDOWS\system32\drivers\a8brcxdv.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-08-01 573440]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2010-03-19 73728]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-08-12 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Poriadne to je zahnusene...
Pouzi tento navod :

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary

Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrází stránka s licenčnímy podmínkami, pokračujte stisknutím tlačítka "Ano"

Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna

Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.

Během skenování může být počítač restartován.

Zdravíčkko tu je log z COMBA:
ComboFix 10-10-11.01 - Golis family . 10. 2010 20:30:48.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1789.1386 [GMT 2:00]
Spuštěný z: c:\documents and settings\Golis family\Plocha\ComboFix.exe
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Golis family\Data aplikací\facemoods.com
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoods.crx
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoods.dll
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoods.png
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoodssafe.dll
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.3.62.1\uninstall.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\0083D295.dat
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.htmlx
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\components\FFHst.xpt
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\facemoods.css
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\facemoods.png
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\facemoods.xul
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\fcmdDef.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\facemoods.png
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\fb.gif
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\help_16.gif
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\home.gif
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\logo.png
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\moodsIcon.png
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\pref.jpg
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\privecy_16_hot.gif
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\stripicons.png
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\tellafriend.gif
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\Thumbs.db
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\vssver.scc
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\instlgc.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\Loader.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\mtrprt.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\newTabLgc.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\preferences\preferences.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\preferences\preferences.xul
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\preferences\vssver.scc
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\prefman.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\script-compiler.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\Thumbs.db
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\utils.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\vssver.scc
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\xmlhttprequester.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\xpiInstallLgc.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\defaults\preferences\instlPref.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\defaults\preferences\vssver.scc
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\chrome.manifest
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\install.rdf
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\vssver.scc
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKin.dll
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\00824C52
c:\program files\MyWebSearch\bar\Cache\00825FEA
c:\program files\MyWebSearch\bar\Cache\00826122.bin
c:\program files\MyWebSearch\bar\Cache\008261DE.bin
c:\program files\MyWebSearch\bar\Cache\0082622C.bin
c:\program files\MyWebSearch\bar\Cache\00826374.bin
c:\program files\MyWebSearch\bar\Cache\015855C7.bin
c:\program files\MyWebSearch\bar\Cache\01585A7A.bmp
c:\program files\MyWebSearch\bar\Cache\01585AB9.bin
c:\program files\MyWebSearch\bar\Cache\01585BF1.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\nvsvc32.exe
c:\windows\system32\vbzlib1.dll
c:\windows\system32\winrtsnr.txt
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

Nakažená kopie c:\windows\system32\drivers\disk.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS


((((((((((((((((((((((((( Soubory vytvořené od 2010-09-11 do 2010-10-11 )))))))))))))))))))))))))))))))
.

2010-10-10 19:38 . 2010-10-10 20:38 -------- d-----w- c:\program files\trend micro
2010-10-10 19:38 . 2010-10-10 19:38 -------- d-----w- C:\rsit
2010-10-10 18:51 . 2010-10-10 18:51 182272 ----a-w- c:\windows\Olufya.exe
2010-10-10 18:30 . 2010-10-11 12:00 -------- d-sh--r- c:\documents and settings\Golis family\Data aplikací\C-76947-8457-2745
2010-10-10 18:27 . 2010-10-10 18:33 225282 ----a-w- C:\tsa.exe
2010-10-10 16:53 . 2010-10-10 16:53 -------- d-----w- c:\documents and settings\Golis family\Data aplikací\ESET
2010-09-28 20:43 . 2010-09-28 20:43 -------- d-----w- c:\program files\AccuWeather.com Stratus
2010-09-16 16:54 . 2010-09-16 16:54 -------- d-----w- c:\program files\Common Files\Java
2010-09-15 13:35 . 2010-09-15 13:35 -------- d-----w- c:\documents and settings\Golis family\Data aplikací\Toolbar4
2010-09-15 13:28 . 2010-09-15 13:28 -------- d-----w- c:\program files\FaceSounds Toolbar
2010-09-13 18:22 . 2010-09-13 18:22 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-13 18:20 . 2010-09-13 18:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-13 16:23 . 2010-09-13 16:23 -------- d-----w- c:\documents and settings\Golis family\Local Settings\Data aplikací\2K Games
2010-09-11 20:17 . 2010-09-23 12:22 -------- d-----w- c:\documents and settings\Golis family\Local Settings\Data aplikací\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[-] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\explorer.exe
[-] 2004-08-17 . 3CA180B1D5BD5CC22374B2FB77491EE8 . 1881088 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-17 . 3CA180B1D5BD5CC22374B2FB77491EE8 . 1881088 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-09-15 2735200]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-09-15 2735200]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-09-15 2735200]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 15:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3873F029-A2F7-42D1-94C1-A35ED1C59096}]
2010-06-11 15:44 2604032 ------w- c:\program files\FaceSounds Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-09-15 13:36 2735200 ----a-w- c:\program files\Softonic-Eng7\tbSof0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
2010-09-15 13:36 2735200 ----a-w- c:\program files\Brothersoft\tbBro1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-09-15 13:36 2735200 ----a-w- c:\program files\BS_Player\tbBS_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-09-15 2735200]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-09-15 2735200]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-09-15 2735200]
"{8B52078D-B630-4B00-A0AB-54D51CEDD9AA}"= "c:\program files\FaceSounds Toolbar\tbcore3.dll" [2010-06-11 2604032]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]

[HKEY_CLASSES_ROOT\clsid\{8b52078d-b630-4b00-a0ab-54d51cedd9aa}]
[HKEY_CLASSES_ROOT\FMTLB0001.FMTLB0001.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\FMTLB0001.FMTLB0001]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-09-15 2735200]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-09-15 2735200]
"{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-09-15 2735200]
"{8B52078D-B630-4B00-A0AB-54D51CEDD9AA}"= "c:\program files\FaceSounds Toolbar\tbcore3.dll" [2010-06-11 2604032]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]

[HKEY_CLASSES_ROOT\clsid\{8b52078d-b630-4b00-a0ab-54d51cedd9aa}]
[HKEY_CLASSES_ROOT\FMTLB0001.FMTLB0001.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\FMTLB0001.FMTLB0001]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"bywifi"="c:\program files\Bywifi\bywifi.exe" [2010-01-05 2199552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-03-19 2363392]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-08-07 353736]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Google Update"="c:\documents and settings\Golis family\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-09-11 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-06-29 74752]
"bywifi"="c:\program files\Bywifi\bywifi.exe" [2010-01-05 2199552]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Golis family\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AccuWeather.lnk - c:\program files\AccuWeather.com Stratus\AccuWeather.com Stratus.exe [2010-9-28 95232]
Stardock ObjectDock.lnk - c:\windows\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-2-21 1826885]
Y'z ToolBar.lnk - c:\windows\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-9-29 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 21:34 24576 ----a-w- c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bywifi\\bywifi.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\ImpCnt.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\nainstalovanehry\\PROTOTYPE\\prototypef.exe"=
"d:\\nainstalovanehry\\BF2\\BF2.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\nainstalovanehry\\WOTLK\\World of Warcraft\\Launcher.exe"=
"c:\\Documents and Settings\\Golis family\\Plocha\\P185623111.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [22. 3. 2009 12:25 174600]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [28. 6. 2010 11:36 28552]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29. 7. 2010 13:31 115008]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12. 8. 2010 14:16 810144]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13. 4. 2010 23:33 246520]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14. 4. 2010 13:44 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 09:15 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-10-11 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-04-14 15:58]

2010-10-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-27 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://mystart.incredimail.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://search.Facesounds.com
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902} - c:\program files\Bywifi\bywifici.exe
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
FF - prefs.js: keyword.URL - hxxp://search.Facesounds.com/?q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{8B52078D-B630-4B00-A0AB-54D51CEDD9AA}\components\Engine.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- NASTAVENÍ FIREFOXU ----
# Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/

FF - user.js: network.proxy.type - 2
FF - user.js: network.proxy.autoconfig_url - hxxp://localhost:9000/proxy.pac
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.3.62.1\facemoods.dll
BHO-{d0418393-40ee-8c3e-cc8a-9f94198b7ea0} - (no file)
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.3.62.1\facemoodsTlbr.dll
HKCU-Run-NVIDIA driver monitor - c:\windows\nvsvc32.exe
HKCU-Run-WindowsDriverControl - c:\documents and settings\Golis family\Data aplikací\C-76947-8457-2745\wincdrsvn.exe
HKLM-Run-NVIDIA driver monitor - c:\windows\nvsvc32.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.3.62.1\uninstall.exe


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-343818398-823518204-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1160)
c:\windows\system32\Ati2evxx.dll
c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'explorer.exe'(2156)
c:\windows\BricoPacks\Vista Inspirat\ObjectDock\DockShellHook.dll
c:\windows\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\stobject.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\IncrediMail\bin\IMApp.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-10-11 20:39:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-11 18:39

Před spuštěním: Volných bajtů: 11 719 471 104
Po spuštění: Volných bajtů: 11 700 269 056

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 9DFE8D0824DBC80DC4B2CCBB6FA8A511

Najprv otestuj tieto subory na virustotal.com.
c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\explorer.exe
c:\windows\explorer.exe
c:\windows\system32\dllcache\explorer.exe

vysledky sem.

Toto je co? :
c:\program files\Bywifi\bywifi.exe

Explorer.exe ale neviem ci to je ono ak ano napiste a scannem dalsie + bywifi je taký šikovný programik ktorý urýchľuje Buffovanie videa na nete YTa podobne tu ja ten scan :
file-44602_exe
Submission date:
2010-10-05 20:54:43 (UTC)
Current status:
finished
Result:
0 /42 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.10.05.00 2010.10.04 -
AntiVir 7.10.12.136 2010.10.05 -
Antiy-AVL 2.0.3.7 2010.10.05 -
Authentium 5.2.0.5 2010.10.05 -
Avast 4.8.1351.0 2010.10.05 -
Avast5 5.0.594.0 2010.10.05 -
AVG 9.0.0.851 2010.10.05 -
BitDefender 7.2 2010.10.05 -
CAT-QuickHeal 11.00 2010.10.05 -
ClamAV 0.96.2.0-git 2010.10.05 -
Comodo 6292 2010.10.05 -
DrWeb 5.0.2.03300 2010.10.05 -
Emsisoft 5.0.0.50 2010.10.05 -
eSafe 7.0.17.0 2010.10.05 -
eTrust-Vet 36.1.7893 2010.10.05 -
F-Prot 4.6.2.117 2010.10.05 -
F-Secure 9.0.15370.0 2010.10.05 -
Fortinet 4.2.249.0 2010.10.05 -
GData 21 2010.10.05 -
Ikarus T3.1.1.90.0 2010.10.05 -
Jiangmin 13.0.900 2010.10.05 -
K7AntiVirus 9.63.2680 2010.10.05 -
Kaspersky 7.0.0.125 2010.10.05 -
McAfee 5.400.0.1158 2010.10.05 -
McAfee-GW-Edition 2010.1C 2010.10.05 -
Microsoft 1.6201 2010.10.05 -
NOD32 5506 2010.10.05 -
Norman 6.06.07 2010.10.05 -
nProtect 2010-10-05.02 2010.10.05 -
Panda 10.0.2.7 2010.10.05 -
PCTools 7.0.3.5 2010.10.02 -
Prevx 3.0 2010.10.05 -
Rising 22.67.02.07 2010.09.30 -
Sophos 4.58.0 2010.10.05 -
Sunbelt 6990 2010.10.05 -
SUPERAntiSpyware 4.40.0.1006 2010.10.05 -
Symantec 20101.2.0.161 2010.10.05 -
TheHacker 6.7.0.1.048 2010.10.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.05 -
VBA32 None 2010.10.05 -
ViRobot 2010.10.4.4074 2010.10.05 -
VirusBuster 12.67.4.0 2010.10.05 -
Additional information
Show all
MD5 : 27afd587c462e280ee046b8cca3c2cd1
SHA1 : 59180eef4bf949f99db4d91171f140fa6a21e5e0
SHA256: 096ce5536bfb81c3982c464485e536e727edc7c31c8e67cef06644845f20126d
ssdeep: 12288:tHmcoCUyZtwAvAs4wTCyrPTFNm0VezaQG5oJpaz/g/J/v5qS:Jmfty/wAvN7lrDm0Ve7G
maz/g/J/xq
File size : 1034240 bytes
First seen: 2009-02-13 16:57:33
Last seen : 2010-10-05 20:54:43
Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID:
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. V_echna pr_va vyhrazena.
product......: Microsoft(R) Windows (R) 2000 Operating System
description..: Pr_zkumn_k Windows
original name: EXPLORER.EXE
internal name: explorer
file version.: 6.00.2900.5512 (xpsp.080413-2105)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1A55F
timedatestamp....: 0x48025C30 (Sun Apr 13 19:17:04 2008)
machinetype......: 0x14C (Intel I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x44C09, 0x44E00, 6.38, 26445bd0519c4e1bec1430a53c1c1f78
.data, 0x46000, 0x1DB4, 0x1800, 1.3, 983f35021232560eaaa99fcbc1b7d359
.rsrc, 0x48000, 0xB2410, 0xB2600, 6.63, 4955f4479dac601695e1af555183c83c
.reloc, 0xFB000, 0x374C, 0x3800, 6.78, ec335057489badbf6d8142b57175fd91
CWSandbox:
http://research.sunbelt-software.com/pa ... 8cca3c2cd1
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 282112
CompanyName: Microsoft Corporation
EntryPoint: 0x1a55f
FileDescription: Pr zkumn k Windows
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 1010 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 6.00.2900.5512 (xpsp.080413-2105)
FileVersionNumber: 6.0.2900.5512
ImageVersion: 5.1
InitializedDataSize: 751104
InternalName: explorer
LanguageCode: Czech
LegalCopyright: Microsoft Corporation. V echna pr va vyhrazena.
LinkerVersion: 7.1
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.1
ObjectFileType: Executable application
OriginalFilename: EXPLORER.EXE
PEType: PE32
ProductName: Microsoft(R) Windows (R) 2000 Operating System
ProductVersion: 6.00.2900.5512
ProductVersionNumber: 6.0.2900.5512
Subsystem: Windows GUI
SubsystemVersion: 4.1
TimeStamp: 2008:04:13 21:17:04+02:00
UninitializedDataSize: 0

Dobre, len potrebujem otestovat vsetky tri explorer.ese

Tu je 2. :
explorer.exe
Submission date:
2010-03-26 18:28:26 (UTC)
Current status:
finished
Result:
1 /42 (2.4%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.03.26 -
AhnLab-V3 5.0.0.2 2010.03.26 -
AntiVir 7.10.5.230 2010.03.26 -
Antiy-AVL 2.0.3.7 2010.03.26 -
Authentium 5.2.0.5 2010.03.26 -
Avast 4.8.1351.0 2010.03.25 -
Avast5 5.0.332.0 2010.03.25 -
AVG 9.0.0.787 2010.03.26 -
BitDefender 7.2 2010.03.26 -
CAT-QuickHeal 10.00 2010.03.26 -
ClamAV 0.96.0.0-git 2010.03.26 -
Comodo 4392 2010.03.26 -
DrWeb 5.0.1.12222 2010.03.26 -
eSafe 7.0.17.0 2010.03.25 -
eTrust-Vet 35.2.7390 2010.03.26 -
F-Prot 4.5.1.85 2010.03.26 -
F-Secure 9.0.15370.0 2010.03.26 -
Fortinet 4.0.14.0 2010.03.26 -
GData 19 2010.03.26 -
Ikarus T3.1.1.80.0 2010.03.26 -
Jiangmin 13.0.900 2010.03.26 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.26 -
McAfee 5931 2010.03.25 -
McAfee+Artemis 5931 2010.03.25 -
McAfee-GW-Edition 6.8.5 2010.03.26 -
Microsoft 1.5605 2010.03.26 -
NOD32 4977 2010.03.26 -
Norman 6.04.10 2010.03.26 -
nProtect 2009.1.8.0 2010.03.26 -
Panda 10.0.2.2 2010.03.26 -
PCTools 7.0.3.5 2010.03.26 -
Prevx 3.0 2010.03.26 -
Rising 22.40.04.04 2010.03.26 -
Sophos 4.52.0 2010.03.26 -
Sunbelt 6100 2010.03.26 -
Symantec 20091.2.0.41 2010.03.26 Suspicious.Insight
TheHacker 6.5.2.0.245 2010.03.26 -
TrendMicro 9.120.0.1004 2010.03.26 -
VBA32 3.12.12.2 2010.03.25 -
ViRobot 2010.3.26.2246 2010.03.26 -
VirusBuster 5.0.27.0 2010.03.26 -
Additional information
Show all
MD5 : 3ca180b1d5bd5cc22374b2fb77491ee8
SHA1 : 30e2a621cfdc807a2d4a728d56c43c696a689887
SHA256: 1dff5251dc42690ad159ce334d67c9e91bf4db6adecd4fa831c12f9d695c06e8
ssdeep: 24576:ozEuAwj2fNuIfeY+Kudn4v9Ny3QqVrHV334FEG+6nPhRttV6Jn:ozvKfNuI6V9Aw3PVr1
334FEGNPhRLU5
File size : 1881088 bytes
First seen: 2009-09-24 23:25:06
Last seen : 2010-03-26 18:28:26
Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID:
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. V_echna pr_va vyhrazena.
product......: Microsoft(R) Windows (R) 2000 Operating System
description..: Pr_zkumn_k Windows
original name: EXPLORER.EXE
internal name: explorer
file version.: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1E24E
timedatestamp....: 0x41107ECE (Wed Aug 04 06:14:38 2004)
machinetype......: 0x14C (Intel I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x44689, 0x44800, 6.38, b527a0acaf87251d79f0236e90308ccc
.data, 0x46000, 0x1D90, 0x1800, 1.29, d0b87d8ce5a34731be197efb73b5d7bf
.rsrc, 0x48000, 0x18176F, 0x181800, 5.88, d70c06a31ce00d4825770731674233e0
.reloc, 0x1CA000, 0x36DC, 0x3800, 6.75, ee49ce3a409d6d28c1d63eabd34499b3

[[ 13 import(s) ]]
advapi32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW
browseui.dll: -, -, -, -
gdi32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, SetTextColor, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, CreateRectRgnIndirect, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode
kernel32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, RegisterWaitForSingleObject, OpenEventW, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, DelayLoadFailureHook, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, GetFileAttributesExW, MulDiv, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, InitializeCriticalSectionAndSpinCount
msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf
ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess
ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop
oleaut32.dll: -, -
shdocvw.dll: -, -, -
shell32.dll: -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, ShellExecuteExW, -, -, -, -, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, SHGetSpecialFolderLocation, -, -, -, -, SHGetSpecialFolderPathW, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -
shlwapi.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, StrCmpNW, -, -
user32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, CopyRect, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, PtInRect, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, ModifyMenuW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW
uxtheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed



a 3. :
explorer.exe
Submission date:
2010-03-26 18:28:26 (UTC)
Current status:
finished
Result:
1 /42 (2.4%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.03.26 -
AhnLab-V3 5.0.0.2 2010.03.26 -
AntiVir 7.10.5.230 2010.03.26 -
Antiy-AVL 2.0.3.7 2010.03.26 -
Authentium 5.2.0.5 2010.03.26 -
Avast 4.8.1351.0 2010.03.25 -
Avast5 5.0.332.0 2010.03.25 -
AVG 9.0.0.787 2010.03.26 -
BitDefender 7.2 2010.03.26 -
CAT-QuickHeal 10.00 2010.03.26 -
ClamAV 0.96.0.0-git 2010.03.26 -
Comodo 4392 2010.03.26 -
DrWeb 5.0.1.12222 2010.03.26 -
eSafe 7.0.17.0 2010.03.25 -
eTrust-Vet 35.2.7390 2010.03.26 -
F-Prot 4.5.1.85 2010.03.26 -
F-Secure 9.0.15370.0 2010.03.26 -
Fortinet 4.0.14.0 2010.03.26 -
GData 19 2010.03.26 -
Ikarus T3.1.1.80.0 2010.03.26 -
Jiangmin 13.0.900 2010.03.26 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.26 -
McAfee 5931 2010.03.25 -
McAfee+Artemis 5931 2010.03.25 -
McAfee-GW-Edition 6.8.5 2010.03.26 -
Microsoft 1.5605 2010.03.26 -
NOD32 4977 2010.03.26 -
Norman 6.04.10 2010.03.26 -
nProtect 2009.1.8.0 2010.03.26 -
Panda 10.0.2.2 2010.03.26 -
PCTools 7.0.3.5 2010.03.26 -
Prevx 3.0 2010.03.26 -
Rising 22.40.04.04 2010.03.26 -
Sophos 4.52.0 2010.03.26 -
Sunbelt 6100 2010.03.26 -
Symantec 20091.2.0.41 2010.03.26 Suspicious.Insight
TheHacker 6.5.2.0.245 2010.03.26 -
TrendMicro 9.120.0.1004 2010.03.26 -
VBA32 3.12.12.2 2010.03.25 -
ViRobot 2010.3.26.2246 2010.03.26 -
VirusBuster 5.0.27.0 2010.03.26 -
Additional information
Show all
MD5 : 3ca180b1d5bd5cc22374b2fb77491ee8
SHA1 : 30e2a621cfdc807a2d4a728d56c43c696a689887
SHA256: 1dff5251dc42690ad159ce334d67c9e91bf4db6adecd4fa831c12f9d695c06e8
ssdeep: 24576:ozEuAwj2fNuIfeY+Kudn4v9Ny3QqVrHV334FEG+6nPhRttV6Jn:ozvKfNuI6V9Aw3PVr1
334FEGNPhRLU5
File size : 1881088 bytes
First seen: 2009-09-24 23:25:06
Last seen : 2010-03-26 18:28:26
Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID:
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. V_echna pr_va vyhrazena.
product......: Microsoft(R) Windows (R) 2000 Operating System
description..: Pr_zkumn_k Windows
original name: EXPLORER.EXE
internal name: explorer
file version.: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1E24E
timedatestamp....: 0x41107ECE (Wed Aug 04 06:14:38 2004)
machinetype......: 0x14C (Intel I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x44689, 0x44800, 6.38, b527a0acaf87251d79f0236e90308ccc
.data, 0x46000, 0x1D90, 0x1800, 1.29, d0b87d8ce5a34731be197efb73b5d7bf
.rsrc, 0x48000, 0x18176F, 0x181800, 5.88, d70c06a31ce00d4825770731674233e0
.reloc, 0x1CA000, 0x36DC, 0x3800, 6.75, ee49ce3a409d6d28c1d63eabd34499b3

[[ 13 import(s) ]]
advapi32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW
browseui.dll: -, -, -, -
gdi32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, SetTextColor, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, CreateRectRgnIndirect, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode
kernel32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, RegisterWaitForSingleObject, OpenEventW, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, DelayLoadFailureHook, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, GetFileAttributesExW, MulDiv, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, InitializeCriticalSectionAndSpinCount
msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf
ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess
ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop
oleaut32.dll: -, -
shdocvw.dll: -, -, -
shell32.dll: -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, ShellExecuteExW, -, -, -, -, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, SHGetSpecialFolderLocation, -, -, -, -, SHGetSpecialFolderPathW, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -
shlwapi.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, StrCmpNW, -, -
user32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, CopyRect, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, PtInRect, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, ModifyMenuW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW
uxtheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed


že sa v tom vyznáte...skládam obdiv

Diky

Mohol by si, prosim, tie tri exporer.exe zrarovat do jednho priecinka a upnut na leteckaposta.cz a odoslat ?

tady http://leteckaposta.cz/139731075

Už mám ten PC v pohode ??? pls daj vediet Ď

Nie je to ciste.

Urob tento navod :

pokud jste tak jeste neucinil(a), presunte Combofix na plochu

otevrete si Poznamkovy blok

do nej zkopirujte skript z nasledujiciho okna:

Kód: Vybrat vše

KillAll::

File::
c:\windows\Tasks\WGASetup.job
c:\windows\system32\KB905474\wgasetup.exe 
c:\WINDOWS\nvsvc32.exe
c:\windows\Olufya.exe
C:\tsa.exe

DirLook::
c:\windows\system32\KB905474

Rootkit::
c:\windows\Tasks\WGASetup.job
c:\windows\system32\KB905474\wgasetup.exe
c:\WINDOWS\nvsvc32.exe
c:\windows\Olufya.exe
C:\tsa.exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Golis family\\Plocha\\P185623111.JPG-www.facebook.exe"=-

RegLock::
[HKEY_USERS\S-1-5-21-343818398-823518204-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

DDS::
uStart Page = hxxp://mystart.incredimail.com/
mStart Page = hxxp://search.Facesounds.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Firefox::
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
FF - prefs.js: keyword.URL - hxxp://search.Facesounds.com/?q=

Reboot::

ulozte vami vytvoreny textovy soubor jako CFScript.txt na plochu

po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:



po aplikaci by na vas mel vyskocit dalsi log, vlozte jej sem

Upozorneni: je mozne, ze po aplikaci skriptu a restartu nenabehnou Windows, v takovem pripade znovu restartujte, po restartu mackejte F8 a zvolte Posledni znamou funkcni konfiguraci

Vše som učinil tak ako ste napsal...Combo naskočil, vše som vyp.anti vyr atď .Combo vypisoval, že dačo maže PC sa raz reštartoval potom nabehol...a po minútke naskočila modrá obrazovka a že win. musel vyp. PC aby ho nepoškodil, že našiel chybu...pak restart, nábeh PC a žiaden log nenaskočil neviem...+ combo stále vypisuje že mám vyp. vše programy antivir atď čo som učinil lenže po restarte sa antivir sam zapne takže neviem či to nemôže blbnúť tým...a ja neviem spraviť to aby po rese bol antivir vyp.