Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Vyskakují okna a upozornění na Trojany

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Hooker
Návštěvník
Návštěvník
Příspěvky: 109
Registrován: 29 úno 2008 02:26
Bydliště: Čáslav

Vyskakují okna a upozornění na Trojany

#1 Příspěvek od Hooker »

Zdravím všechny na forum "viry.cz" a prosím o kontrolu logu.
Synovi u počítače vyskakují varovné hlášky a neví ,který program ho na infekci upozorňuje. Tvrdí, že používá pouze AVG a Spybot-Search & Destroy.Posílám jeho log a obrázky, díky za ochotu.

Obrázek

Obrázek

Logfile of random's system information tool 1.08 (written by random/random)
Run by Bohatý at 2010-10-13 21:33:53
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 15 GB (10%) free of 153 GB
Total RAM: 1022 MB (17% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:34:02, on 13.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Silvercrest MTS2218 driver\KMWDSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Silvercrest MTS2218 driver\StartAutorun.exe
C:\Program Files\AMT Media Manager\AMTDeviceService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Silvercrest MTS2218 driver\KMConfig.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Silvercrest MTS2218 driver\KMProcess.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Plocha\NHL_09\Crack\nhl2009.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Data aplikací\6f9c274\MS6f9c_231.exe
C:\DOCUME~1\BOHAT~1.BOH\LOCALS~1\Temp\Dt1.exe
C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Bohatý.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=fbpage1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=fbpage1&s ... Terms}&f=4
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.15.13\bh\facemoods.dll (file missing)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: SignatureManagerBHO - {C6CC9344-BC12-4EA7-9E37-46D61866C771} - C:\Program Files\SM\SubsHelperBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.15.13\facemoodsTlbr.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [DriverCD] D:\Run.exe
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Silvercrest MTS2218 driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [AMTDeviceService] "C:\Program Files\AMT Media Manager\AMTDeviceService.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.15.13\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [XBV6RD5SZF] C:\DOCUME~1\BOHAT~1.BOH\LOCALS~1\Temp\Dt1.exe
O4 - HKCU\..\Run: [My Security Shield] "C:\Documents and Settings\All Users\Data aplikací\6f9c274\MS6f9c_231.exe" /s /d
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = ?
O8 - Extra context menu item: &Search - ?s=100000341&p=GRxdm047YYCZ&si=&a=srlxUyVGsG4b2qqAWf3fsg&n=2010082801
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {755B05A7-0770-4185-B5F6-E75A2CA527E2} - C:\Program Files\SM\SubsHelper.dll
O9 - Extra 'Tools' menuitem: Signature Manager options - {755B05A7-0770-4185-B5F6-E75A2CA527E2} - C:\Program Files\SM\SubsHelper.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Nabídka Start\Programy\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: monln - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Silvercrest MTS2218 driver\KMWDSrv.exe
O23 - Service: Made Man Drivers Auto Removal (pr2apasb) (pr2apasb) - City Interactive Sp z o.o. - C:\WINDOWS\system32\pr2apasb.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 12620 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for Bohatý.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
CescrtHlpr Object - C:\Program Files\facemoods.com\facemoods\1.4.15.13\bh\facemoods.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489}]
Alcohol Toolbar Helper - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll [2009-10-16 798720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-08-27 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-10-06 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6CC9344-BC12-4EA7-9E37-46D61866C771}]
SignatureManagerBHO - C:\Program Files\SM\SubsHelperBHO.dll [2010-09-02 126464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-29 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
{ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - Alcohol Toolbar - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll [2009-10-16 798720]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-08-27 278192]
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - facemoods Toolbar - C:\Program Files\facemoods.com\facemoods\1.4.15.13\facemoodsTlbr.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"GEST"== []
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-06-13 528384]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-20 77824]
"Windows TaskAd"=C:\Program Files\Windows TaskAd\WinTaskAd.exe []
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2010-08-28 590848]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice []
"DriverCD"=D:\Run.exe []
"KMCONFIG"=C:\Program Files\Silvercrest MTS2218 driver\StartAutorun.exe [2008-05-30 212992]
"AMTDeviceService"=C:\Program Files\AMT Media Manager\AMTDeviceService.exe [2009-01-21 184320]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2004-12-14 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2004-12-14 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2004-12-14 217088]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"facemoods"=C:\Program Files\facemoods.com\facemoods\1.4.15.13\facemoodssrv.exe /md I []
"My Web Search Bar"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"BlazeServoTool"=C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-08-27 39408]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-09-02 13351304]
"XBV6RD5SZF"=C:\DOCUME~1\BOHAT~1.BOH\LOCALS~1\Temp\Dt1.exe [2010-08-31 192512]
"My Security Shield"=C:\Documents and Settings\All Users\Data aplikací\6f9c274\MS6f9c_231.exe [2010-10-08 2523648]
"Steam"=C:\Program Files\Steam\Steam.exe [2010-09-19 1242448]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Nabídka Start\Programy\Po spuštění
IMVU.lnk - C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Data aplikací\IMVUClient\IMVUQualityAgent.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-06-06 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\monln]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"DisallowRun"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Ubisoft\Demo\Surf's Up\System\SurfsUpGame.exe"="C:\Program Files\Ubisoft\Demo\Surf's Up\System\SurfsUpGame.exe:*:Enabled:Surf's Up"
"C:\Program Files\EA Sports\FIFA 07\fifa07.exe"="C:\Program Files\EA Sports\FIFA 07\fifa07.exe:*:Disabled:fifa07"
"C:\Program Files\32nd America's Cup - Demo\VskAC32_Demo.exe"="C:\Program Files\32nd America's Cup - Demo\VskAC32_Demo.exe:*:Enabled:VskAC32_Demo"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe:*:Enabled:Zoo Tycoon 2 Demo Executable"
"C:\Program Files\Roger Wilco\roger.exe"="C:\Program Files\Roger Wilco\roger.exe:*:Enabled:roger"
"C:\Documents and Settings\Bohatý\Plocha\FIFA08.exe"="C:\Documents and Settings\Bohatý\Plocha\FIFA08.exe:*:Enabled:FIFA08"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\Bohatý\Plocha\PES 2009\pes2009.exe"="C:\Documents and Settings\Bohatý\Plocha\PES 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Boiling Point - Cesta do pekel\XENUS.EXE"="C:\Program Files\Boiling Point - Cesta do pekel\XENUS.EXE:*:Enabled:XENUS"
"C:\Games\Paintball2\paintball2.exe"="C:\Games\Paintball2\paintball2.exe:*:Enabled:paintball2"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Plocha\rld-p210\Crack\pes2010.exe"="C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Plocha\rld-p210\Crack\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe"="C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage"
"C:\Program Files\ABC\Starship Troopers\STGame.exe"="C:\Program Files\ABC\Starship Troopers\STGame.exe:*:Enabled:Starship Troopers E1"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Plocha\moje věci\rld-p210\Crack\pes2010.exe"="C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Plocha\moje věci\rld-p210\Crack\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Program Files\Đ»đ¸ßÇĺµçÓ°\BlazeTV.exe"="C:\Program Files\Đ»đ¸ßÇĺµçÓ°\BlazeTV.exe:*:Enabled:BlazeTV"
"C:\Program Files\Sports Interactive\Football Manager 2010 Demo\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2010 Demo\fm.exe:*:Enabled:Football Manager 2010 Demo"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\EA Sports\FIFA 10\FIFA10.exe"="C:\Program Files\EA Sports\FIFA 10\FIFA10.exe:*:Enabled:FIFA10"
"C:\Program Files\EA Sports\FIFA 11 Demo\Game\fifa.exe"="C:\Program Files\EA Sports\FIFA 11 Demo\Game\fifa.exe:*:Enabled:FIFA 11"
"C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Dokumenty\Downloads\Facemoods.exe"="C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Dokumenty\Downloads\Facemoods.exe:*:Enabled:Facemoods Installer"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\SteamApps\common\mafia ii - public demo\launcher.exe"="C:\Program Files\Steam\SteamApps\common\mafia ii - public demo\launcher.exe:*:Enabled:Mafia II - Demo"
"C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Data aplikací\IMVUClient\1VivoxVoice.exe"="C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Data aplikací\IMVUClient\1VivoxVoice.exe:*:Enabled:1VivoxVoice"
"C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Data aplikací\Football Superstars\FSClientr.exe"="C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Data aplikací\Football Superstars\FSClientr.exe:*:Enabled:FSClientr"
"C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Plocha\NHL_09\Crack\nhl2009.exe"="C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Plocha\NHL_09\Crack\nhl2009.exe:*:Enabled:nhl2009"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\hlds.exe"="C:\Program Files\Valve\hlds.exe:*:Enabled:HLDS Launcher"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\All Users\Data aplikací\6f9c274\MS6f9c_231.exe"="C:\Documents and Settings\All Users\Data aplikací\6f9c274\MS6f9c_231.exe:*:Enabled:My Security Shield"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
MS Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika), Genuine Intel CPU2140@ 1.60GHz, 2.00GB RAM , NVIDIA GeForce 9400 GT
Nahoru
Uživatelský avatar
earl
VIP
VIP
Příspěvky: 1279
Registrován: 14 pro 2005 20:59
Bydliště: Brno

Re: Vyskakují okna a upozornění na Trojany

#2 Příspěvek od earl »

Zdravim,

log neni cely,ale nejaka infekce tam je.

:arrow: CTETE POZORNE NAVOD,TENTO SOFT NETOLERUJE CHYBY V POSTUPU APLIKOVANI!

Klidne si nasledujici radky vytisknete,at vite,co se bude na obrazovce odehravat.

Budte prihlasen na pc s administratorskymi pravy.

V operacnich systemech Windows Vista a Windows 7 je nutno spoustet aplikaci jako spravce (kliknutim pravym tlacitkem mysi na ikonu ComboFixu a klepnutim levym na volbu "Spustit jako spravce")

stahnete a ulozte nejlepe na plochu ComboFix

v pripade,ze nepujde stranka nacist-stahnete odtud download , popr. nepujde ComboFix spustit - prejmenujte jej na grinder.com a postupujte dale dle instrukci.

hned po startu se zobrazi Zreknuti se prava zaruky na funkcnost software, pokracujte kliknutim na tlacitko Ano:

Obrázek

pote muze nasledovat upozorneni na nainstalovane emulatory CD mechanik,typicky Daemon Tools nebo Alcohol 120

Obrázek

odklepnout OK

Souhlasit s instalaci Recovery console(Konzola pro zotaveni)-nutno funkcni internet :!:

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: upozorneni: Vypnete rezidentni stit u antiviru a antispywaru a zakazte docasne firewall-ComboFix by nemusel fungovat korektne-pokud budete mit stity vypnute a Combofix zahlasi,ze nejsou,pokracujte dal a potvrdte.

po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
ObrázekAKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ObrázekZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
ObrázekNEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
Obrázek Obrázek
Obrázek Obrázek
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Nahoru
Hooker
Návštěvník
Návštěvník
Příspěvky: 109
Registrován: 29 úno 2008 02:26
Bydliště: Čáslav

Re: Vyskakují okna a upozornění na Trojany

#3 Příspěvek od Hooker »

Posílám log znovu a celý. Ten prostředek, tedy konec u toho co jsem již odeslal se opakuje asi 300x, a to je možná slabý odhad. Tak jsem to přerušil a navázal až konec, jinak mi to nešlo odeslat.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Bohatý at 2010-10-13 21:33:53
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 15 GB (10%) free of 153 GB
Total RAM: 1022 MB (17% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:34:02, on 13.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Silvercrest MTS2218 driver\KMWDSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Silvercrest MTS2218 driver\StartAutorun.exe
C:\Program Files\AMT Media Manager\AMTDeviceService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Silvercrest MTS2218 driver\KMConfig.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Silvercrest MTS2218 driver\KMProcess.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Plocha\NHL_09\Crack\nhl2009.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Data aplikací\6f9c274\MS6f9c_231.exe
C:\DOCUME~1\BOHAT~1.BOH\LOCALS~1\Temp\Dt1.exe
C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Bohatý.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=fbpage1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=fbpage1&s ... Terms}&f=4
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.15.13\bh\facemoods.dll (file missing)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: SignatureManagerBHO - {C6CC9344-BC12-4EA7-9E37-46D61866C771} - C:\Program Files\SM\SubsHelperBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.15.13\facemoodsTlbr.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [DriverCD] D:\Run.exe
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Silvercrest MTS2218 driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [AMTDeviceService] "C:\Program Files\AMT Media Manager\AMTDeviceService.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.15.13\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [XBV6RD5SZF] C:\DOCUME~1\BOHAT~1.BOH\LOCALS~1\Temp\Dt1.exe
O4 - HKCU\..\Run: [My Security Shield] "C:\Documents and Settings\All Users\Data aplikací\6f9c274\MS6f9c_231.exe" /s /d
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = ?
O8 - Extra context menu item: &Search - ?s=100000341&p=GRxdm047YYCZ&si=&a=srlxUyVGsG4b2qqAWf3fsg&n=2010082801
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {755B05A7-0770-4185-B5F6-E75A2CA527E2} - C:\Program Files\SM\SubsHelper.dll
O9 - Extra 'Tools' menuitem: Signature Manager options - {755B05A7-0770-4185-B5F6-E75A2CA527E2} - C:\Program Files\SM\SubsHelper.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Nabídka Start\Programy\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: monln - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Silvercrest MTS2218 driver\KMWDSrv.exe
O23 - Service: Made Man Drivers Auto Removal (pr2apasb) (pr2apasb) - City Interactive Sp z o.o. - C:\WINDOWS\system32\pr2apasb.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 12620 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for Bohatý.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
CescrtHlpr Object - C:\Program Files\facemoods.com\facemoods\1.4.15.13\bh\facemoods.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489}]
Alcohol Toolbar Helper - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll [2009-10-16 798720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-08-27 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-10-06 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6CC9344-BC12-4EA7-9E37-46D61866C771}]
SignatureManagerBHO - C:\Program Files\SM\SubsHelperBHO.dll [2010-09-02 126464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-29 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
{ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - Alcohol Toolbar - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll [2009-10-16 798720]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-08-27 278192]
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - facemoods Toolbar - C:\Program Files\facemoods.com\facemoods\1.4.15.13\facemoodsTlbr.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"GEST"== []
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-06-13 528384]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-20 77824]
"Windows TaskAd"=C:\Program Files\Windows TaskAd\WinTaskAd.exe []
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2010-08-28 590848]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice []
"DriverCD"=D:\Run.exe []
"KMCONFIG"=C:\Program Files\Silvercrest MTS2218 driver\StartAutorun.exe [2008-05-30 212992]
"AMTDeviceService"=C:\Program Files\AMT Media Manager\AMTDeviceService.exe [2009-01-21 184320]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2004-12-14 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2004-12-14 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2004-12-14 217088]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"facemoods"=C:\Program Files\facemoods.com\facemoods\1.4.15.13\facemoodssrv.exe /md I []
"My Web Search Bar"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"BlazeServoTool"=C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-08-27 39408]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-09-02 13351304]
"XBV6RD5SZF"=C:\DOCUME~1\BOHAT~1.BOH\LOCALS~1\Temp\Dt1.exe [2010-08-31 192512]
"My Security Shield"=C:\Documents and Settings\All Users\Data aplikací\6f9c274\MS6f9c_231.exe [2010-10-08 2523648]
"Steam"=C:\Program Files\Steam\Steam.exe [2010-09-19 1242448]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Nabídka Start\Programy\Po spuštění
IMVU.lnk - C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Data aplikací\IMVUClient\IMVUQualityAgent.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-06-06 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\monln]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"DisallowRun"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Ubisoft\Demo\Surf's Up\System\SurfsUpGame.exe"="C:\Program Files\Ubisoft\Demo\Surf's Up\System\SurfsUpGame.exe:*:Enabled:Surf's Up"
"C:\Program Files\EA Sports\FIFA 07\fifa07.exe"="C:\Program Files\EA Sports\FIFA 07\fifa07.exe:*:Disabled:fifa07"
"C:\Program Files\32nd America's Cup - Demo\VskAC32_Demo.exe"="C:\Program Files\32nd America's Cup - Demo\VskAC32_Demo.exe:*:Enabled:VskAC32_Demo"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe:*:Enabled:Zoo Tycoon 2 Demo Executable"
"C:\Program Files\Roger Wilco\roger.exe"="C:\Program Files\Roger Wilco\roger.exe:*:Enabled:roger"
"C:\Documents and Settings\Bohatý\Plocha\FIFA08.exe"="C:\Documents and Settings\Bohatý\Plocha\FIFA08.exe:*:Enabled:FIFA08"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\Bohatý\Plocha\PES 2009\pes2009.exe"="C:\Documents and Settings\Bohatý\Plocha\PES 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Boiling Point - Cesta do pekel\XENUS.EXE"="C:\Program Files\Boiling Point - Cesta do pekel\XENUS.EXE:*:Enabled:XENUS"
"C:\Games\Paintball2\paintball2.exe"="C:\Games\Paintball2\paintball2.exe:*:Enabled:paintball2"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Plocha\rld-p210\Crack\pes2010.exe"="C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Plocha\rld-p210\Crack\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe"="C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage"
"C:\Program Files\ABC\Starship Troopers\STGame.exe"="C:\Program Files\ABC\Starship Troopers\STGame.exe:*:Enabled:Starship Troopers E1"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Plocha\moje věci\rld-p210\Crack\pes2010.exe"="C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Plocha\moje věci\rld-p210\Crack\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Program Files\Đ»đ¸ßÇĺµçÓ°\BlazeTV.exe"="C:\Program Files\Đ»đ¸ßÇĺµçÓ°\BlazeTV.exe:*:Enabled:BlazeTV"
"C:\Program Files\Sports Interactive\Football Manager 2010 Demo\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2010 Demo\fm.exe:*:Enabled:Football Manager 2010 Demo"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\EA Sports\FIFA 10\FIFA10.exe"="C:\Program Files\EA Sports\FIFA 10\FIFA10.exe:*:Enabled:FIFA10"
"C:\Program Files\EA Sports\FIFA 11 Demo\Game\fifa.exe"="C:\Program Files\EA Sports\FIFA 11 Demo\Game\fifa.exe:*:Enabled:FIFA 11"
"C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Dokumenty\Downloads\Facemoods.exe"="C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Dokumenty\Downloads\Facemoods.exe:*:Enabled:Facemoods Installer"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\SteamApps\common\mafia ii - public demo\launcher.exe"="C:\Program Files\Steam\SteamApps\common\mafia ii - public demo\launcher.exe:*:Enabled:Mafia II - Demo"
"C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Data aplikací\IMVUClient\1VivoxVoice.exe"="C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Data aplikací\IMVUClient\1VivoxVoice.exe:*:Enabled:1VivoxVoice"
"C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Data aplikací\Football Superstars\FSClientr.exe"="C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Data aplikací\Football Superstars\FSClientr.exe:*:Enabled:FSClientr"
"C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Plocha\NHL_09\Crack\nhl2009.exe"="C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Plocha\NHL_09\Crack\nhl2009.exe:*:Enabled:nhl2009"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\hlds.exe"="C:\Program Files\Valve\hlds.exe:*:Enabled:HLDS Launcher"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\All Users\Data aplikací\6f9c274\MS6f9c_231.exe"="C:\Documents and Settings\All Users\Data aplikací\6f9c274\MS6f9c_231.exe:*:Enabled:My Security Shield"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe

...........Tady se to asi 300x opakuje, tak jsem to přerušil. aby se to vešlo v celku.
----------------------------------------------------------------------------



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="svchost.exe

======List of files/folders created in the last 1 months======

2010-10-13 20:55:35 ----D---- C:\Program Files\trend micro
2010-10-13 20:55:29 ----D---- C:\rsit
2010-10-09 08:10:00 ----D---- C:\WINDOWS\LastGood
2010-10-05 20:58:40 ----D---- C:\Program Files\Zeallsoft
2010-10-04 18:32:39 ----A---- C:\moduleName.txt
2010-09-30 14:33:47 ----D---- C:\Program Files\Counter-Strike 1.6
2010-09-30 13:33:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$
2010-09-25 09:07:15 ----A---- C:\WINDOWS\imsins.BAK
2010-09-21 07:54:01 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-09-21 07:54:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-09-20 10:58:25 ----D---- C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Data aplikací\Football Superstars
2010-09-20 08:18:26 ----D---- C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Data aplikací\Vivox
2010-09-20 07:57:50 ----D---- C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Data aplikací\IMVU
2010-09-20 07:56:04 ----D---- C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Data aplikací\IMVUClient
2010-09-19 21:03:15 ----D---- C:\Program Files\OpenAL
2010-09-19 21:03:15 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2010-09-19 21:03:15 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2010-09-19 21:01:22 ----D---- C:\Program Files\Prodigium Game Studios
2010-09-19 18:33:28 ----A---- C:\WINDOWS\system32\eax.dll
2010-09-19 15:19:27 ----D---- C:\WINDOWS\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2010-09-19 12:29:02 ----D---- C:\Program Files\NVIDIA Corporation
2010-09-19 08:45:20 ----D---- C:\Program Files\Steam
2010-09-17 16:30:08 ----D---- C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Data aplikací\facemoods.com
2010-09-16 06:40:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-16 06:39:44 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-16 06:39:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-16 06:38:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-16 06:38:33 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-16 06:38:21 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-16 06:37:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$

======List of files/folders modified in the last 1 months======

2010-10-13 21:28:55 ----D---- C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Data aplikací\Skype
2010-10-13 21:24:03 ----SD---- C:\WINDOWS\Tasks
2010-10-13 20:55:49 ----D---- C:\WINDOWS\Prefetch
2010-10-13 20:55:35 ----RD---- C:\Program Files
2010-10-13 19:07:11 ----D---- C:\WINDOWS\system32
2010-10-13 17:28:46 ----HD---- C:\WINDOWS\inf
2010-10-13 17:27:52 ----HD---- C:\WINDOWS\$hf_mig$
2010-10-13 17:27:51 ----D---- C:\WINDOWS
2010-10-13 17:12:57 ----D---- C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Data aplikací\skypePM
2010-10-11 20:54:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-10 13:25:59 ----D---- C:\WINDOWS\Temp
2010-10-09 12:35:20 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\6f9c274
2010-10-09 08:35:14 ----D---- C:\WINDOWS\Microsoft.NET
2010-10-09 08:34:19 ----RSD---- C:\WINDOWS\assembly
2010-10-09 08:13:02 ----SHD---- C:\WINDOWS\Installer
2010-10-09 08:13:02 ----D---- C:\Program Files\EA Sports
2010-10-09 08:13:02 ----D---- C:\Config.Msi
2010-10-09 08:10:21 ----D---- C:\WINDOWS\system32\DirectX
2010-10-09 08:10:20 ----D---- C:\WINDOWS\Logs
2010-10-09 08:09:58 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-08 15:09:22 ----D---- C:\Program Files\JDownloader
2010-10-08 15:06:34 ----D---- C:\Program Files\KONAMI
2010-10-08 12:17:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-08 12:17:05 ----D---- C:\WINDOWS\WinSxS
2010-10-08 12:08:59 ----D---- C:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Data aplikací\AVG7
2010-10-01 18:39:15 ----D---- C:\Program Files\Mozilla Firefox
2010-09-23 20:33:51 ----HD---- C:\Program Files\InstallShield Installation Information
2010-09-21 08:51:40 ----A---- C:\WINDOWS\WININIT.INI
2010-09-21 08:13:18 ----D---- C:\WINDOWS\Debug
2010-09-19 12:29:00 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-09-18 17:50:03 ----D---- C:\Documents and Settings
2010-09-16 06:39:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-16 06:38:16 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Cavasm;Cavasm; C:\WINDOWS\system32\DRIVERS\cavasm.sys [2008-08-08 102400]
R0 pe3apasb;Made Man Environment Driver (pe3apasb); C:\WINDOWS\system32\drivers\pe3apasb.sys [2007-11-13 65136]
R0 ps7apasb;Made Man Synchronization Driver (ps7apasb); C:\WINDOWS\system32\drivers\ps7apasb.sys [2007-11-13 68728]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-10-28 721904]
R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2009-10-16 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2009-10-16 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2009-10-16 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2009-10-16 10760]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-02-20 29704]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-02-20 54280]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2009-10-16 4960]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-02-20 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-02-20 71176]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-04-14 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-04-14 55936]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-06-06 2155520]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-02-20 30728]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
R3 KMWDFilter;KMWDFilter; \??\C:\WINDOWS\System32\Drivers\KMWDFilter.SYS []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 AF15BDA;AF9015 BDA Device; C:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2010-08-20 483200]
S3 auin2dhw;auin2dhw; C:\WINDOWS\system32\drivers\auin2dhw.sys []
S3 awt18hgw;awt18hgw; C:\WINDOWS\system32\drivers\awt18hgw.sys []
S3 azm133av;azm133av; C:\WINDOWS\system32\drivers\azm133av.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 gtermddo;gtermddo; \??\C:\DOCUME~1\BOHAT~1\LOCALS~1\Temp\gtermddo.sys []
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2004-10-11 22016]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 PID_0928;Labtec WebCam(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2004-10-11 211712]
S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 98696]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-06-06 483328]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2009-10-16 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2009-10-16 49664]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-08-29 153376]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service; C:\Program Files\Silvercrest MTS2218 driver\KMWDSrv.exe [2008-05-30 208896]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 32768]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2009-10-16 406528]
S2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-27 136176]
S2 pr2apasb;Made Man Drivers Auto Removal (pr2apasb); C:\WINDOWS\system32\pr2apasb.exe [2007-11-13 410992]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe []
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-08-27 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;Tiskový server TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2008-04-14 19456]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
MS Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika), Genuine Intel CPU2140@ 1.60GHz, 2.00GB RAM , NVIDIA GeForce 9400 GT
Nahoru
Hooker
Návštěvník
Návštěvník
Příspěvky: 109
Registrován: 29 úno 2008 02:26
Bydliště: Čáslav

Re: Vyskakují okna a upozornění na Trojany

#4 Příspěvek od Hooker »

Bohužel nemohu nyní pokračovat, protože kluk je ve škole, se mnou nebydlí a já toto posílám z mého počítače. Až se se mnou odpoledne spojí, tak vše provedeme dle instrukcí.
MS Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika), Genuine Intel CPU2140@ 1.60GHz, 2.00GB RAM , NVIDIA GeForce 9400 GT
Nahoru
Uživatelský avatar
earl
VIP
VIP
Příspěvky: 1279
Registrován: 14 pro 2005 20:59
Bydliště: Brno

Re: Vyskakují okna a upozornění na Trojany

#5 Příspěvek od earl »

Ok.
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
ObrázekAKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ObrázekZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
ObrázekNEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
Obrázek Obrázek
Obrázek Obrázek
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Nahoru
Hooker
Návštěvník
Návštěvník
Příspěvky: 109
Registrován: 29 úno 2008 02:26
Bydliště: Čáslav

Re: Vyskakují okna a upozornění na Trojany

#6 Příspěvek od Hooker »

Posílám požadovaný log ComboFixu]

ComboFix 10-10-12.03 - Bohatý 14.10.2010 15:19:02.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1022.574 [GMT 2:00]
Spuštěný z: c:\documents and settings\Bohatý.BOHAT-91BE0107D\Dokumenty\Downloads\ComboFix.exe
AV: AVG 7.5.560 *On-access scanning enabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\BOHAT~1.BOH\LOCALS~1\Temp\Dt1.exe
c:\documents and settings\All Users\Data aplikací\6f9c274
c:\documents and settings\All Users\Data aplikací\6f9c274\76.mof
c:\documents and settings\All Users\Data aplikací\6f9c274\BackUp\EA_RESTART_001.lnk
c:\documents and settings\All Users\Data aplikací\6f9c274\BackUp\EA_RESTART_002.lnk
c:\documents and settings\All Users\Data aplikací\6f9c274\BackUp\IMVU.lnk
c:\documents and settings\All Users\Data aplikací\6f9c274\BackUp\Registrace FIFA 10.lnk
c:\documents and settings\All Users\Data aplikací\6f9c274\mozcrt19.dll
c:\documents and settings\All Users\Data aplikací\6f9c274\MS6f9c_231.exe
c:\documents and settings\All Users\Data aplikací\6f9c274\MSS.ico
c:\documents and settings\All Users\Data aplikací\6f9c274\MSSSys\vd952342.bd
c:\documents and settings\All Users\Data aplikací\6f9c274\sqlite3.dll
c:\documents and settings\All Users\Data aplikací\6f9c274\update.exe
c:\documents and settings\All Users\Data aplikací\6f9c274\update1.exe
c:\documents and settings\All Users\Data aplikací\6f9c274\update2.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Data aplikací\facemoods.com
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Data aplikací\My Security Shield
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Data aplikací\My Security Shield\Instructions.ini
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Data aplikací\My Security Shield\mozcrt19.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Data aplikací\My Security Shield\MSSSys\vd952342.bd
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Data aplikací\My Security Shield\sqlite3.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\ANTIGEN.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\ANTIGEN.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\ANTIGEN.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\ANTIGEN.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\ANTIGEN.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\cb.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\cb.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\cb.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\cb.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\cb.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\cid.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\cid.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\cid.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\cid.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\cid.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\CLSV.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\CLSV.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\CLSV.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\CLSV.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\CLSV.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\DBOLE.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\DBOLE.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\DBOLE.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\DBOLE.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\DBOLE.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\ddv.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\ddv.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\ddv.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\ddv.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\ddv.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\delfile.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\delfile.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\delfile.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\delfile.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\delfile.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\dudl.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\dudl.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\dudl.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\dudl.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\dudl.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\eb.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\eb.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\eb.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\eb.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\eb.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\energy.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\energy.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\energy.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\energy.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\energy.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\exec.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\exec.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\exec.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\exec.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\exec.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\fan.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\fan.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\fan.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\fan.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\fan.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\fix.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\fix.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\fix.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\fix.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\fix.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\FS.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\FS.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\FS.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\FS.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\FS.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\FW.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\FW.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\FW.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\FW.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\FW.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\gid.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\gid.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\gid.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\gid.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\gid.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\grid.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\grid.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\grid.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\grid.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\grid.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\hymt.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\hymt.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\hymt.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\hymt.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\hymt.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\kernel32.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\kernel32.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\kernel32.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\kernel32.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\kernel32.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\pal.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\pal.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\pal.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\pal.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\pal.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\PE.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\PE.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\PE.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\PE.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\PE.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\ppal.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\ppal.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\ppal.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\ppal.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\ppal.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\runddl.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\runddl.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\runddl.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\runddl.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\runddl.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\runddlkey.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\runddlkey.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\runddlkey.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\runddlkey.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\runddlkey.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\SICKBOY.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\SICKBOY.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\SICKBOY.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\SICKBOY.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\SICKBOY.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\sld.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\sld.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\sld.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\sld.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\sld.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\SM.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\SM.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\SM.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\SM.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\SM.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\snl2w.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\snl2w.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\snl2w.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\snl2w.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\snl2w.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\std.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\std.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\std.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\std.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\std.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\tempdoc.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\tempdoc.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\tempdoc.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\tempdoc.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\tempdoc.tmp
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\tjd.dll
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\tjd.drv
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\tjd.exe
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\tjd.sys
c:\documents and settings\Bohatý.BOHAT-91BE0107D\Recent\tjd.tmp
c:\windows\Dnutaa.exe
c:\windows\system32\systeminfo.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_SSHNAS


((((((((((((((((((((((((( Soubory vytvořené od 2010-09-14 do 2010-10-14 )))))))))))))))))))))))))))))))
.

2010-10-14 12:44 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-13 18:55 . 2010-10-13 19:33 -------- d-----w- c:\program files\trend micro
2010-10-13 18:55 . 2010-10-13 18:56 -------- d-----w- C:\rsit
2010-10-07 13:28 . 2010-10-14 13:00 1409 ----a-w- c:\windows\QTFont.for
2010-10-05 18:58 . 2010-10-05 18:58 -------- d-----w- c:\program files\Zeallsoft
2010-09-30 12:33 . 2010-10-12 12:55 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-09-23 18:33 . 2004-07-15 22:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2010-09-23 18:33 . 2004-07-15 22:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2010-09-23 18:33 . 2004-07-15 22:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2010-09-23 18:33 . 2004-07-15 22:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2010-09-23 18:33 . 2004-07-15 22:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2010-09-23 18:33 . 2010-09-23 18:33 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2010-09-23 18:33 . 2010-09-23 18:33 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2010-09-21 05:54 . 2010-09-21 06:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-09-21 05:54 . 2010-09-21 05:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-20 08:58 . 2010-09-20 11:45 -------- d-----w- c:\documents and settings\Bohatý.BOHAT-91BE0107D\Data aplikací\Football Superstars
2010-09-20 06:18 . 2010-09-20 06:18 -------- d-----w- c:\documents and settings\Bohatý.BOHAT-91BE0107D\Data aplikací\Vivox
2010-09-20 05:57 . 2010-10-14 14:08 -------- d-----w- c:\documents and settings\Bohatý.BOHAT-91BE0107D\Data aplikací\IMVU
2010-09-19 19:03 . 2010-09-19 19:03 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-19 19:03 . 2010-09-19 19:03 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-19 19:03 . 2010-09-19 19:03 -------- d-----w- c:\program files\OpenAL
2010-09-19 19:01 . 2010-09-19 19:01 -------- d-----w- c:\program files\Prodigium Game Studios
2010-09-19 16:33 . 2001-12-11 10:52 135168 ----a-w- c:\windows\system32\eax.dll
2010-09-19 13:19 . 2010-09-19 13:19 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2010-09-19 10:46 . 2010-09-19 10:47 -------- d-----w- c:\documents and settings\Bohatý.BOHAT-91BE0107D\Local Settings\Data aplikací\Speedchecker
2010-09-19 10:29 . 2010-09-19 10:29 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-19 10:28 . 2010-09-19 10:28 -------- d-----w- c:\documents and settings\Bohatý.BOHAT-91BE0107D\Local Settings\Data aplikací\2K Games
2010-09-19 06:45 . 2010-10-14 14:06 -------- d-----w- c:\program files\Steam
2010-09-18 15:50 . 2010-09-18 15:50 -------- d-----w- c:\documents and settings\Bohat.BOHAT-91BE0107D

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6CC9344-BC12-4EA7-9E37-46D61866C771}]
2010-09-02 14:18 126464 ----a-w- c:\program files\SM\SubsHelperBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-27 39408]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"Steam"="c:\program files\Steam\Steam.exe" [2010-09-19 1242448]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-20 77824]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2010-08-28 590848]
"KMCONFIG"="c:\program files\Silvercrest MTS2218 driver\StartAutorun.exe" [2008-05-30 212992]
"AMTDeviceService"="c:\program files\AMT Media Manager\AMTDeviceService.exe" [2009-01-21 184320]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2009-10-16 219136]

c:\documents and settings\Bohatě\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-8-8 157000]

c:\documents and settings\Bohatě.BOHAT-91BE0107D\Nabˇdka Start\Programy\Po spuçtŘnˇ\
IMVU.lnk - c:\documents and settings\Bohatě.BOHAT-91BE0107D\Data aplikacˇ\IMVUClient\IMVUQualityAgent.exe [2010-9-10 21760]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Bohatý\\Plocha\\FIFA08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Documents and Settings\\Bohatý.BOHAT-91BE0107D\\Plocha\\moje věci\\rld-p210\\Crack\\pes2010.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010 Demo\\fm.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\EA Sports\\FIFA 10\\FIFA10.exe"=
"c:\\Documents and Settings\\Bohatý.BOHAT-91BE0107D\\Dokumenty\\Downloads\\Facemoods.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\mafia ii - public demo\\launcher.exe"=
"c:\\Documents and Settings\\Bohatý.BOHAT-91BE0107D\\Data aplikací\\IMVUClient\\1VivoxVoice.exe"=
"c:\\Documents and Settings\\Bohatý.BOHAT-91BE0107D\\Data aplikací\\Football Superstars\\FSClientr.exe"=
"c:\\Documents and Settings\\Bohatý.BOHAT-91BE0107D\\Plocha\\NHL_09\\Crack\\nhl2009.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pe3apasb;Made Man Environment Driver (pe3apasb);c:\windows\system32\drivers\pe3apasb.sys [13.11.2007 14:25 65136]
R0 ps7apasb;Made Man Synchronization Driver (ps7apasb);c:\windows\system32\drivers\ps7apasb.sys [13.11.2007 14:24 68728]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Silvercrest MTS2218 driver\KMWDSrv.exe [30.5.2008 2:17 208896]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" --> c:\program files\ESET\ESET Smart Security\ekrn.exe [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27.8.2010 16:49 136176]
S2 pr2apasb;Made Man Drivers Auto Removal (pr2apasb);c:\windows\system32\pr2apasb.exe svc --> c:\windows\system32\pr2apasb.exe svc [?]
S3 gtermddo;gtermddo;\??\c:\docume~1\BOHAT~1\LOCALS~1\Temp\gtermddo.sys --> c:\docume~1\BOHAT~1\LOCALS~1\Temp\gtermddo.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.10.2008 11:02 721904]
.
Obsah adresáře 'Naplánované úlohy'

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-27 14:49]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-27 14:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.facemoods.com/?a=fbpage1
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Search
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Bohatý.BOHAT-91BE0107D\Nabídka Start\Programy\IMVU\Run IMVU.lnk
IE: {{755B05A7-0770-4185-B5F6-E75A2CA527E2} - {755B05A7-0770-4185-B5F6-E75A2CA527E2} - c:\program files\SM\SubsHelper.dll
FF - ProfilePath - c:\documents and settings\Bohatý.BOHAT-91BE0107D\Data aplikací\Mozilla\Firefox\Profiles\3vtqgodw.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=fbpage1
FF - prefs.js: keyword.URL - hxxp://start.facemoods.com/?a=fbpage1&s={searchTerms}&f=4&hl={language}&src=chrm
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.4.15.13\bh\facemoods.dll
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.4.15.13\facemoodsTlbr.dll
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-BlazeServoTool - c:\program files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
HKCU-Run-My Security Shield - c:\documents and settings\All Users\Data aplikací\6f9c274\MS6f9c_231.exe
HKLM-Run-Windows TaskAd - c:\program files\Windows TaskAd\WinTaskAd.exe
HKLM-Run-egui - c:\program files\ESET\ESET Smart Security\egui.exe
HKLM-Run-DriverCD - D:\Run.exe
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.15.13\facemoodssrv.exe
HKLM-Run-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL
Notify-monln - (no file)
AddRemove-Attack on Pearl Harbor Demo - c:\program files\Attack on Pearl Harbor Demo\Uninstall.exe
AddRemove-Bluetooth File Sender_is1 - c:\program files\Bluetooth File Sender\unins000.exe
AddRemove-Cheatbook 04.2009 - c:\program files\Cheatbook 04.2009\Uninstal.exe
AddRemove-Cotoball - c:\program files\Cotoball\Uninstal.exe
AddRemove-EN-English_is1 - c:\program files\City Interactive\Crash Time II\unins000.exe
AddRemove-Delta Force 2 - c:\program files\NovaLogic\Delta Force 2\Uninst.isu
AddRemove-Dračí oko - c:\progra~1\Hypermax\DRACIO~1\UNWISE.EXE
AddRemove-EA Download Manager - c:\program files\Electronic Arts\EADM\EADMUninstall.exe
AddRemove-EAX Unified - c:\program files\Creative\EAX Unified\Uninst.isu
AddRemove-Evolution GT_is1 - c:\program files\Black Bean\Evolution GT\unins000.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.15.13\uninstall.exe
AddRemove-FIFA Manager 09 Demo - c:\program files\EA SPORTS\FIFA Manager 09 Demo\eauninstall.exe
AddRemove-FlatOut Ultimate Carnage - c:\program files\Empire Interactive\FlatOut Ultimate Carnage\Uninstall.exe
AddRemove-Future Pinball_is1 - c:\program files\Future Pinball\unins000.exe
AddRemove-GameSpy Arcade - c:\progra~1\GAMESP~1\UNWISE.EXE
AddRemove-Gish Demo - c:\program files\Gish Demo\uninstall.exe
AddRemove-Handball-Simulator: European Tournament 2010 - c:\program files\Handball Simulator 2010\uninstall.exe
AddRemove-InstallShield_{2F2B569E-2024-48B8-867B-DB1BF2338F38} - c:\program files\InstallShield Installation Information\{2F2B569E-2024-48B8-867B-DB1BF2338F38}\setup.exe
AddRemove-Jet'n'Guns Demo - c:\program files\Jet'n'Guns Demo\uninst.exe
AddRemove-Kannonwagens_is1 - c:\program files\Kannonwagens\unins000.exe
AddRemove-kill.switch ( DEMO ) - c:\progra~1\KILL~1.SWI\UNWISE.EXE
AddRemove-Knights Of The Temple_is1 - c:\program files\Knights Of The Temple\unins000.exe
AddRemove-LANGMaster Škola DNES_is1 - c:\program files\LANGMaster Škola DNES\unins000.exe
AddRemove-Mad Rally_is1 - c:\program files\MadRally\unins000.exe
AddRemove-Mafia Demo - c:\program files\MafiaDemo\MafiaDemoSetup.exe
AddRemove-Marine Heavy Gunner_is1 - c:\program files\City Interactive\Marine Heavy Gunner\unins000.exe
AddRemove-Moorhuhn Pinball XS - c:\phenom~1\MOORHU~1\UNWISE.EXE
AddRemove-MV2Player - c:\program files\Mv2Player\uninst.exe
AddRemove-Need For Russia Greatest Cars from CCCP_is1 - c:\program files\Need For Russia\unins000.exe
AddRemove-NSS - c:\program files\Norton Security Scan\Engine\2.7.3.34\InstWrap.exe
AddRemove-Out Of Order - c:\program files\Games\Out Of Order\Uninstall.exe
AddRemove-Paintball2 - c:\games\Paintball2\uninst.exe
AddRemove-Pinball Arcade Trial Version 1.0 - c:\program files\Microsoft Games\Pinball Arcade Trial\UNINSTAL.EXE
AddRemove-Reiner Knizia's Samurai_is1 - c:\program files\Klear\Samurai\unins000.exe
AddRemove-Roger Wilco - c:\progra~1\ROGERW~1\rwbs\UNWISE.EXE
AddRemove-SAS Secure Tomorrow_is1 - c:\program files\City Interactive\SAS Secure Tomorrow\unins000.exe
AddRemove-Scorpions WinCheater 2.06_is1 - c:\program files\Scorpions WinCheater\unins000.exe
AddRemove-Ski-Doo X-Team Racing - c:\program files\DayDream\Ski-Doo\UnInstall.exe
AddRemove-Socceraccess Euro Center - c:\socceraccess euro center\uninstall.exe
AddRemove-Soldier of Fortune Platinum - c:\program files\Xplosiv\SOF PLATINUM\sofplat.isu
AddRemove-Space Adventures_is1 - c:\program files\Space Adventures\unins000.exe
AddRemove-TAXI MADNESS USA - c:\program files\TAXI MADNESS USA\uninstall.exe
AddRemove-The I of the Dragon - c:\progra~1\Hypermax\DRACIO~1\Unwise.exe
AddRemove-ThinkTanksDemo - c:\program files\BraveTree\ThinkTanks Demo\uninst-tt.exe
AddRemove-Tomb Raider: Anniversary Demo - c:\program files\Tomb Raider - Anniversary Demo\uninsttra.exe
AddRemove-Tomb Raider: Legend - c:\program files\Tomb Raider - Legend\uninsttrl.exe
AddRemove-UEFA EURO 2008 Demo Patch - c:\program files\Mój Produkt\UEFA_EURO_2008_Demo_Turf_Patch.exe
AddRemove-Ultimate Duck Hunting Demo_is1 - c:\program files\Ultimate Duck Hunting Demo\unins000.exe
AddRemove-VRally3_is1 - c:\program files\Atari\VRally3\unins000.exe
AddRemove-Winter Games_is1 - c:\program files\Winter Games\unins000.exe
AddRemove-Zen Puzzle Garden Demo_is1 - c:\program files\Zen Puzzle Garden Demo\unins000.exe
AddRemove-Zoo Tycoon 2 Trial Version - c:\program files\Microsoft Games\Zoo Tycoon 2 Trial Version\UNINSTAL.EXE
AddRemove-{3A9C37A6-AD4C-443D-0098-6B0A1865DEE2} - c:\program files\EA SPORTS\FIFA 07\EAUninstall.exe
AddRemove-{448163D7-ACA4-4D83-8F57-D7D7AB697E65}_is1 - c:\program files\Cross Racing Championship\unins000.exe
AddRemove-{61A14C75-E6D3-48E0-00A4-451C1BBBAA31} - c:\program files\EA SPORTS\UEFA EURO 2004 Demo\EAUninstall.exe
AddRemove-{BCECC8FA-31AD-487A-A8C4-1C9C5454F9C6}_is1 - c:\program files\Mockba to Berlin\unins000.exe
AddRemove-{CFA21350-5CC1-46E5-BDEF-7B35837E26E6}_is1 - c:\program files\The Stalin Subway\unins000.exe
AddRemove-{D4006E71-FF32-44FF-AD5A-B5EE4389B825}_is1 - c:\program files\FlatOut2\unins000.exe
AddRemove-{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA} - c:\program files\kikin\uninst.exe
AddRemove-Đ»đ¸ßÇĺµçÓ°_is1 - c:\program files\Đ»đ¸ßÇĺµçÓ°\unins000.exe


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-725345543-1979792683-1177238915-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ea,88,7e,22,2e,a7,47,0e,a8,8d,c0,f6,94,22,9f,99,ba,b4,e7,c9,1b,68,a3,
d1,c6,a8,7d,c3,0b,8c,be,93,aa,7f,54,77,17,b1,ad,f6,89,39,08,de,9a,1d,16,1e,\
"??"=hex:fe,c7,7b,27,fc,5b,58,08,33,6c,42,33,39,0b,95,e2

[HKEY_USERS\S-1-5-21-725345543-1979792683-1177238915-1004\Software\SecuROM\License information*]
"datasecu"=hex:c2,07,a3,4b,2e,9e,87,64,22,b1,75,12,1c,38,af,74,3d,94,a2,09,13,
49,99,f5,70,d4,c3,3b,6c,c7,ac,f0,ba,94,3a,18,7e,e2,36,60,0b,2b,4e,83,0e,02,\
"rkeysecu"=hex:29,61,44,68,47,ba,60,dc,cf,b4,f8,c8,34,4a,26,a8

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2484)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\snmp.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\RTHDCPL.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\Silvercrest MTS2218 driver\KMConfig.exe
c:\program files\Silvercrest MTS2218 driver\KMProcess.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2010-10-14 16:16:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-14 14:16

Před spuštěním: Volných bajtů: 18 033 598 464
Po spuštění: Volných bajtů: 18 521 600 000

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[Boot Loader]
Timeout=2
Default=c:\$win_nt$.~bt\BOOTSECT.DAT
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
c:\$win_nt$.~bt\BOOTSECT.DAT="Instalace systému Windows"

- - End Of File - - 07E7DE0949D53D57E1FEE2AB78B335B7

Při restartu ComboFixem byl problém se systémem - vyskakovala hláška
<windows root>/system32/hal.dll - soubor poškozen nebo nenalezen
Nainstalujte znovu uvedený soubor
MS Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika), Genuine Intel CPU2140@ 1.60GHz, 2.00GB RAM , NVIDIA GeForce 9400 GT
Nahoru
Uživatelský avatar
earl
VIP
VIP
Příspěvky: 1279
Registrován: 14 pro 2005 20:59
Bydliště: Brno

Re: Vyskakují okna a upozornění na Trojany

#7 Příspěvek od earl »

:arrow: Odinstalujte AVG,mate ESS a dva antiviry v systemu mohou zpusobit nestabilitu.

:arrow: pokud jste tak jeste neucinil(a), presunte Combofix na plochu

otevrete si Poznamkovy blok

do nej zkopirujte skript z nasledujiciho okna:

Kód: Vybrat vše

Collect::
c:\Documents and Settings1\Bohatý.BOHAT-91BE0107D\Locals Settings\Temp\gtermddo.sys
c:\Documents and Settings\Bohatý.BOHAT-91BE0107D\Plocha\moje věci\rld-p210\Crack\pes2010.exe
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Bohatý.BOHAT-91BE0107D\\Plocha\\moje věci\\rld-p210\\Crack\\pes2010.exe"=-
Driver::
gtermddo
FCopy::
c:\windows\ServicePackFiles\i386\hal.dll | c:\windows\system32/hal.dll
Reboot::
ulozte vami vytvoreny textovy soubor jako CFScript.txt na plochu

po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:

Obrázek

po aplikaci by na vas mel vyskocit dalsi log, vlozte jej sem

Upozorneni: je mozne, ze po aplikaci skriptu a restartu nenabehnou Windows,

v takovem pripade znovu restartujte, po restartu mackejte F8 a zvolte Posledni znamou funkcni konfiguraci
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
ObrázekAKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ObrázekZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
ObrázekNEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
Obrázek Obrázek
Obrázek Obrázek
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Nahoru
Hooker
Návštěvník
Návštěvník
Příspěvky: 109
Registrován: 29 úno 2008 02:26
Bydliště: Čáslav

Re: Vyskakují okna a upozornění na Trojany

#8 Příspěvek od Hooker »

Udělal jsem vše co jste mi napsal a posílám požadovaný log ComboFixu:
ComboFix
10-10-15.04 - Bohatý 16.10.2010 18:24:58.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1022.470 [GMT 2:00]
Spuštěný z: c:\documents and settings\Bohatý.BOHAT-91BE0107D\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Bohatý.BOHAT-91BE0107D\Plocha\CFScript.txt.txt
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-09-16 do 2010-10-16 )))))))))))))))))))))))))))))))
.

2010-10-16 14:30 . 2010-10-16 14:30 -------- d-----w- c:\documents and settings\Bohatý.BOHAT-91BE0107D\Data aplikací\DivX
2010-10-16 14:28 . 2010-10-16 14:28 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-10-16 14:22 . 2010-10-16 14:31 -------- d-----w- c:\program files\DivX
2010-10-16 14:21 . 2010-10-16 14:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DivX
2010-10-14 12:44 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-13 18:55 . 2010-10-13 19:33 -------- d-----w- c:\program files\trend micro
2010-10-13 18:55 . 2010-10-13 18:56 -------- d-----w- C:\rsit
2010-10-07 13:28 . 2010-10-16 16:42 1409 ----a-w- c:\windows\QTFont.for
2010-10-05 18:58 . 2010-10-05 18:58 -------- d-----w- c:\program files\Zeallsoft
2010-09-30 12:33 . 2010-10-12 12:55 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-09-23 18:33 . 2004-07-15 22:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2010-09-23 18:33 . 2004-07-15 22:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2010-09-23 18:33 . 2004-07-15 22:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2010-09-23 18:33 . 2004-07-15 22:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2010-09-23 18:33 . 2004-07-15 22:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2010-09-23 18:33 . 2010-09-23 18:33 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2010-09-23 18:33 . 2010-09-23 18:33 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2010-09-21 05:54 . 2010-09-21 06:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-09-21 05:54 . 2010-09-21 05:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-20 08:58 . 2010-09-20 11:45 -------- d-----w- c:\documents and settings\Bohatý.BOHAT-91BE0107D\Data aplikací\Football Superstars
2010-09-20 06:18 . 2010-09-20 06:18 -------- d-----w- c:\documents and settings\Bohatý.BOHAT-91BE0107D\Data aplikací\Vivox
2010-09-20 05:57 . 2010-10-15 17:09 -------- d-----w- c:\documents and settings\Bohatý.BOHAT-91BE0107D\Data aplikací\IMVU
2010-09-19 19:03 . 2010-09-19 19:03 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-19 19:03 . 2010-09-19 19:03 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-19 19:03 . 2010-09-19 19:03 -------- d-----w- c:\program files\OpenAL
2010-09-19 19:01 . 2010-09-19 19:01 -------- d-----w- c:\program files\Prodigium Game Studios
2010-09-19 16:33 . 2001-12-11 10:52 135168 ----a-w- c:\windows\system32\eax.dll
2010-09-19 13:19 . 2010-09-19 13:19 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2010-09-19 10:46 . 2010-09-19 10:47 -------- d-----w- c:\documents and settings\Bohatý.BOHAT-91BE0107D\Local Settings\Data aplikací\Speedchecker
2010-09-19 10:29 . 2010-09-19 10:29 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-19 10:28 . 2010-09-19 10:28 -------- d-----w- c:\documents and settings\Bohatý.BOHAT-91BE0107D\Local Settings\Data aplikací\2K Games
2010-09-19 06:45 . 2010-10-15 17:08 -------- d-----w- c:\program files\Steam
2010-09-18 15:50 . 2010-09-18 15:50 -------- d-----w- c:\documents and settings\Bohat.BOHAT-91BE0107D

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6CC9344-BC12-4EA7-9E37-46D61866C771}]
2010-09-02 14:18 126464 ----a-w- c:\program files\SM\SubsHelperBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-27 39408]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"Steam"="c:\program files\Steam\Steam.exe" [2010-09-19 1242448]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-20 77824]
"KMCONFIG"="c:\program files\Silvercrest MTS2218 driver\StartAutorun.exe" [2008-05-30 212992]
"AMTDeviceService"="c:\program files\AMT Media Manager\AMTDeviceService.exe" [2009-01-21 184320]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Windows TaskAd"="c:\program files\Windows TaskAd\WinTaskAd.exe" [BU]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Bohatě\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-8-8 157000]

c:\documents and settings\Bohatě.BOHAT-91BE0107D\Nabˇdka Start\Programy\Po spuçtŘnˇ\
IMVU.lnk - c:\documents and settings\Bohatě.BOHAT-91BE0107D\Data aplikacˇ\IMVUClient\IMVUQualityAgent.exe [2010-9-10 21760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]
[BU]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Bohatý\\Plocha\\FIFA08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010 Demo\\fm.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\EA Sports\\FIFA 10\\FIFA10.exe"=
"c:\\Documents and Settings\\Bohatý.BOHAT-91BE0107D\\Dokumenty\\Downloads\\Facemoods.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\mafia ii - public demo\\launcher.exe"=
"c:\\Documents and Settings\\Bohatý.BOHAT-91BE0107D\\Data aplikací\\IMVUClient\\1VivoxVoice.exe"=
"c:\\Documents and Settings\\Bohatý.BOHAT-91BE0107D\\Data aplikací\\Football Superstars\\FSClientr.exe"=
"c:\\Documents and Settings\\Bohatý.BOHAT-91BE0107D\\Plocha\\NHL_09\\Crack\\nhl2009.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pe3apasb;Made Man Environment Driver (pe3apasb);c:\windows\system32\drivers\pe3apasb.sys [13.11.2007 14:25 65136]
R0 ps7apasb;Made Man Synchronization Driver (ps7apasb);c:\windows\system32\drivers\ps7apasb.sys [13.11.2007 14:24 68728]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Silvercrest MTS2218 driver\KMWDSrv.exe [30.5.2008 2:17 208896]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" --> c:\program files\ESET\ESET Smart Security\ekrn.exe [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27.8.2010 16:49 136176]
S2 pr2apasb;Made Man Drivers Auto Removal (pr2apasb);c:\windows\system32\pr2apasb.exe svc --> c:\windows\system32\pr2apasb.exe svc [?]
S3 gtermddo;gtermddo;\??\c:\docume~1\BOHAT~1\LOCALS~1\Temp\gtermddo.sys --> c:\docume~1\BOHAT~1\LOCALS~1\Temp\gtermddo.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.10.2008 11:02 721904]
.
Obsah adresáře 'Naplánované úlohy'

2010-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-27 14:49]

2010-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-27 14:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.facemoods.com/?a=fbpage1
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Bohatý.BOHAT-91BE0107D\Nabídka Start\Programy\IMVU\Run IMVU.lnk
IE: {{755B05A7-0770-4185-B5F6-E75A2CA527E2} - {755B05A7-0770-4185-B5F6-E75A2CA527E2} - c:\program files\SM\SubsHelper.dll
FF - ProfilePath - c:\documents and settings\Bohatý.BOHAT-91BE0107D\Data aplikací\Mozilla\Firefox\Profiles\3vtqgodw.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=fbpage1
FF - prefs.js: keyword.URL - hxxp://start.facemoods.com/?a=fbpage1&s={searchTerms}&f=4&hl={language}&src=chrm
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - (no file)


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-725345543-1979792683-1177238915-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ea,88,7e,22,2e,a7,47,0e,a8,8d,c0,f6,94,22,9f,99,ba,b4,e7,c9,1b,68,a3,
d1,c6,a8,7d,c3,0b,8c,be,93,aa,7f,54,77,17,b1,ad,f6,89,39,08,de,9a,1d,16,1e,\
"??"=hex:fe,c7,7b,27,fc,5b,58,08,33,6c,42,33,39,0b,95,e2

[HKEY_USERS\S-1-5-21-725345543-1979792683-1177238915-1004\Software\SecuROM\License information*]
"datasecu"=hex:c2,07,a3,4b,2e,9e,87,64,22,b1,75,12,1c,38,af,74,3d,94,a2,09,13,
49,99,f5,70,d4,c3,3b,6c,c7,ac,f0,ba,94,3a,18,7e,e2,36,60,0b,2b,4e,83,0e,02,\
"rkeysecu"=hex:29,61,44,68,47,ba,60,dc,cf,b4,f8,c8,34,4a,26,a8

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(940)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3988)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-10-16 18:45:30
ComboFix-quarantined-files.txt 2010-10-16 16:45
ComboFix2.txt 2010-10-14 14:16

Před spuštěním: Volných bajtů: 16 776 982 528
Po spuštění: Volných bajtů: 16 808 906 752

- - End Of File - - F35002819A63C647C338ABCC095BB355
MS Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika), Genuine Intel CPU2140@ 1.60GHz, 2.00GB RAM , NVIDIA GeForce 9400 GT
Nahoru
Uživatelský avatar
earl
VIP
VIP
Příspěvky: 1279
Registrován: 14 pro 2005 20:59
Bydliště: Brno

Re: Vyskakují okna a upozornění na Trojany

#9 Příspěvek od earl »

:arrow: Klepnete na Tento pocitac-Nastroje-Moznosti slozky-Zobrazeni-a odfajfkujte Skryt chranene soubory operacniho systemu a oznacte Zobrazovat skryte soubory a slozky.Po ukonceni vsech procedur stejnou cestou vratte nastaveni zpet.

:arrow: otestujte na VIRUSTOTALu

c:\documents and settings\Bohatě.BOHAT-91BE0107D\Data aplikacˇ\IMVUClient\IMVUQualityAgent.exe

c:\docume~1\BOHAT~1\LOCALS~1\Temp\gtermddo.sys

(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledek sem vlozte)

Pokud skener napíše, že soubor již byl testován, dejte otestovat znovu.

Jak se chova pc nyni?
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
ObrázekAKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ObrázekZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
ObrázekNEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
Obrázek Obrázek
Obrázek Obrázek
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Nahoru
Hooker
Návštěvník
Návštěvník
Příspěvky: 109
Registrován: 29 úno 2008 02:26
Bydliště: Čáslav

Re: Vyskakují okna a upozornění na Trojany

#10 Příspěvek od Hooker »

Ten soubor zatím nelze najít ale určitě se najde.Mám další menší problém.Extrahuji si hru a iso dám do daemon tools chvilku se ukáže připojuji obraz,pak zmizí a nic se nenačte.
MS Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika), Genuine Intel CPU2140@ 1.60GHz, 2.00GB RAM , NVIDIA GeForce 9400 GT
Nahoru
Uživatelský avatar
earl
VIP
VIP
Příspěvky: 1279
Registrován: 14 pro 2005 20:59
Bydliště: Brno

Re: Vyskakují okna a upozornění na Trojany

#11 Příspěvek od earl »

Herni problematika se zde na foru neresi,zkuste Daemona preinstalovat novejsi verzi.

Na Virustotal pockam.
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
ObrázekAKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ObrázekZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
ObrázekNEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
Obrázek Obrázek
Obrázek Obrázek
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Nahoru
Hooker
Návštěvník
Návštěvník
Příspěvky: 109
Registrován: 29 úno 2008 02:26
Bydliště: Čáslav

Re: Vyskakují okna a upozornění na Trojany

#12 Příspěvek od Hooker »

Omlouvám se za kluka, ten by se na to všechno nejraději vyprd´,je mu 12 roků.
posílám požadované ale ne všechno, píše, že jeden soubor nemůže najít.

virustotal:
IMVUQalityAgent.exe 0/43 (0,0%)
a soubor "gtermddo.sys" nemůžu najít.

PC nyní o mnoho lepší, nic na mě nevyskakuje a je i rychlejší načítání.
MS Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika), Genuine Intel CPU2140@ 1.60GHz, 2.00GB RAM , NVIDIA GeForce 9400 GT
Nahoru
Uživatelský avatar
earl
VIP
VIP
Příspěvky: 1279
Registrován: 14 pro 2005 20:59
Bydliště: Brno

Re: Vyskakují okna a upozornění na Trojany

#13 Příspěvek od earl »

:arrow: Start - spustit - napiste ComboFix /Uninstall - a klepnout na OK,

pokud to takto nepujde,tak přejmenovat ComboFix.exe na Uninstall.exe a spustit ho

:arrow: Stahnete OTC

spustte a klepnete na CleanUp.

Obrázek

:arrow: Vycistete pc Ccleanerem.

Vzdy nejprve Analyzovat a pak Spustit Cleaner.2x po sobe.

Windows-odskrtnout historii a historii automatickeho vyplnovani formularu - prisel byste o historii navstivenych stranek a o ulozena hesla ve formularich

(je to sice z pohledu zabezpeceni spatne,ale aspon pak uzivatel nenadava,kam ze mu to zmizelo :D )

Aplikace-u prohlizecu internetu odskrtnout Historii internetu.

Registry-nechat vse zaskrtle,Hledej problemy,Opravit vybrane problemy

(nechat ho udelat zalohu-ta je ulozena v Dokumentech-DULEZITE).

Taktez 2x-3x po sobe.

A hotovo.
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
ObrázekAKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ObrázekZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
ObrázekNEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
Obrázek Obrázek
Obrázek Obrázek
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Nahoru
Hooker
Návštěvník
Návštěvník
Příspěvky: 109
Registrován: 29 úno 2008 02:26
Bydliště: Čáslav

Re: Vyskakují okna a upozornění na Trojany

#14 Příspěvek od Hooker »

Ahoj. Tak kluk vše udělal, pročištěno,comp se chová pěkně, myslím, že to bude dobré (než ho zase zahnojí šmejdama). Díky za rady a hlavně ochotu a trpělivost s takovými počítačovými "odborníky" jako je můj kluk i já. :lol: Přeji hezký den! Hooker
MS Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika), Genuine Intel CPU2140@ 1.60GHz, 2.00GB RAM , NVIDIA GeForce 9400 GT
Nahoru
Uživatelský avatar
earl
VIP
VIP
Příspěvky: 1279
Registrován: 14 pro 2005 20:59
Bydliště: Brno

Re: Vyskakují okna a upozornění na Trojany

#15 Příspěvek od earl »

Nemate zac,kdyby neco,jsme tu. :)
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
ObrázekAKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ObrázekZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
ObrázekNEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
Obrázek Obrázek
Obrázek Obrázek
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“