VIRY.CZ

Ahoj, provider volal kámošce, že z jejího notasu odchází tisíce mailů někam do ukrajiny. Tak sem si vzal její notas a potřeboval bych vaší pomoc. Abych jí to nějak pročistil. Tady jsou RSIT logy, jsou ale bez Hijacku, nechci ten její notas zapojovat do sítě.

INFO

info.txt logfile of random's system information tool 1.08 2010-11-25 18:54:03

======Uninstall list======

2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x5 -removeonly
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x5 -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x5 -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x5 -removeonly
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly
Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x5 -removeonly
Acer GridVista-->C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x9 -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Reader 9.2 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A92000000001}
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {0A1FAC46-B899-421D-B1A2-470896DC45DB}
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {E68DD413-B834-4923-8181-0A03B7555187}
Ashampoo Burning Studio 6 FREE-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 6 FREE\unins000.exe"
Asistent pro přihlášení ke službě Windows Live-->MsiExec.exe /I{BD86C297-41C7-4DB5-82C4-98DE3399A2EF}
ATF-->C:\Windows\UIA200.exe "C:\Program Files\All Ten Fingers\DelList.lst"
Atlas školství-->"C:\Program Files\AtlasSkolstvi\Uninstall.exe"
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}
Business Contact Manager pro aplikaci Outlook 2007 SP2-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {432282b5-d708-431a-9ada-abbbbac3f205}
Business Contact Manager pro aplikaci Outlook 2007 SP2-->MsiExec.exe /X{432282B5-D708-431A-9ADA-ABBBBAC3F205}
Canon LBP3000-->C:\Program Files\Canon\PrnUninstall\Canon LBP3000\CNAB3UN.EXE
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)-->C:\Windows\SQL9_KB970892_ENU\Hotfix.exe /Uninstall
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -Ic:\Release\Foxconn\51338\AcrZUn32z.inf
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft .NET Framework 3.5 Language Pack SP1 - csy-->MsiExec.exe /I{DD73CA82-EA82-38AA-863D-9A24A018DC96}
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - csy\setup.exe
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2000 Professional-->MsiExec.exe /I{00010405-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40405-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0405-0000-0000000FF1CE} /uninstall {1FC5BC34-0301-40D2-9432-05BA220277B8}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0405-0000-0000000FF1CE} /uninstall {E12F9D31-4025-4BC6-B1B2-AB262C5580B0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Notebook Software-->MsiExec.exe /X{F581DF68-CAE9-4064-A6CD-705D95D1C756}
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1029 CDM7
NTI Shadow-->"C:\Program Files\InstallShield Installation Information\{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}\setup.exe" -removeonly
NTI Shadow-->C:\Program Files\InstallShield Installation Information\{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}\setup.exe -runfromtemp -l0x0405
OpenOffice.org 2.3-->MsiExec.exe /I{519556CC-4382-4B35-80F5-DD8E9460EEAC}
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x5 -removeonly
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office Outlook 2007 (KB2288953)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {8B772E1C-7C05-42D2-839D-3EC2D39EFF22}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9}
Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Ericsson PC Suite-->MsiExec.exe /I{C037D08B-4883-491D-9329-DC5ACA90F797}
Součásti připojení sady Microsoft Office Small Business-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}\setup.exe -runfromtemp -l0x0409
UltiDev Cassini Web Server Explorer-->MsiExec.exe /I{40247AAC-AB0D-449C-882F-90401C3351E8}
UltiDev Cassini Web Server for ASP.NET 2.0-->MsiExec.exe /I{F6C8DAED-8CC7-43FD-9DA4-1F629B873A17}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Outlook 2007 Junk Email Filter (KB2443839)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {E8CFA21A-2D44-446D-8324-ADFA3C9FCAD2}
Vodafone Mobile Connect-->MsiExec.exe /I{E3B99F3D-9856-482A-9048-305E28E2510C}
Windows Live installer-->MsiExec.exe /X{239BB983-8A2D-4974-B780-2ADAE32752D5}
Windows Live Messenger-->MsiExec.exe /X{F62475E6-6F06-4D65-97D3-71D3CB696A1C}
WinZip 14.5-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\common\unyt.exe
Zoner Photo Studio 8-->"C:\Program Files\Zoner\Photo Studio 8\unins000.exe"

======Security center information======

AV: avast! Antivirus (disabled)
AS: Windows Defender (outdated)
AS: avast! Antivirus (disabled)

======System event log======

Computer Name: Michal-PC
Event Code: 24576
Message: Byly úspěšně nainstalovány ovladače pro zařízení UMB\STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_A-DATA&PROD_USB_FLASH_DRIVE&REV_0.00#A3A47C53AFC5F8&0#.
Record Number: 240071
Source Name: Microsoft-Windows-WPDClassInstaller
Time Written: 20101125175041.000000-000
Event Type: Informace
User:

Computer Name: Michal-PC
Event Code: 24577
Message: U programu Media Player a programu pro zpracování obrázků byly úspěšně zaregistrovány vrstvy kompatibility pro zařízení UMB\STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_A-DATA&PROD_USB_FLASH_DRIVE&REV_0.00#A3A47C53AFC5F8&0#. Požadováno 0x00000003 bitů vrstvy, zaregistrováno 0x00000003 bitů vrstvy.
Record Number: 240072
Source Name: Microsoft-Windows-WPDClassInstaller
Time Written: 20101125175042.000000-000
Event Type: Informace
User:

Computer Name: Michal-PC
Event Code: 24579
Message: Registrace automatického přehrávání u zařízení UMB\STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_A-DATA&PROD_USB_FLASH_DRIVE&REV_0.00#A3A47C53AFC5F8&0# byla přeskočena.
Record Number: 240073
Source Name: Microsoft-Windows-WPDClassInstaller
Time Written: 20101125175042.000000-000
Event Type: Informace
User:

Computer Name: Michal-PC
Event Code: 20001
Message: Správa ovladače dokončila proces instalace ovladače FileRepository\wpdfs.inf_96a77ef0\wpdfs.inf pro ID instance zařízení WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_A-DATA&PROD_USB_FLASH_DRIVE&REV_0.00#A3A47C53AFC5F8&0# s následujícím stavem: 0.
Record Number: 240074
Source Name: Microsoft-Windows-User-PnP
Time Written: 20101125175117.294411-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Michal-PC
Event Code: 57
Message: Systému se nepodařilo zapsat data do protokolu transakcí. Pravděpodobně dojde k poškození.
Record Number: 240075
Source Name: volmgr
Time Written: 20101125175117.774411-000
Event Type: Upozornění
User:

=====Application event log=====

Computer Name: Michal-PC
Event Code: 0
Message: DEV: type=DiskRemoved, name=
Record Number: 106143
Source Name: VMCService
Time Written: 20101125175118.000000-000
Event Type: Informace
User:

Computer Name: Michal-PC
Event Code: 0
Message: EXP: id=3620, msg=DMSN:ND,
Record Number: 106144
Source Name: VMCService
Time Written: 20101125175118.000000-000
Event Type: Informace
User:

Computer Name: Michal-PC
Event Code: 1001
Message: Čítače výkonu pro službu WmiApRpl (WmiApRpl) byly úspěšně odstraněny. Data záznamu obsahují nové hodnoty položek Last Counter a Last Help systémového registru.
Record Number: 106145
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20101125175144.000000-000
Event Type: Informace
User:

Computer Name: Michal-PC
Event Code: 1000
Message: Čítače výkonu pro službu WmiApRpl (WmiApRpl) byly úspěšně načteny. Data záznamu v datové části obsahují nové indexové hodnoty přiřazené této službě.
Record Number: 106146
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20101125175144.000000-000
Event Type: Informace
User:

Computer Name: Michal-PC
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 106147
Source Name: LightScribeService
Time Written: 20101125175400.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: Michal-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: MICHAL-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x28c
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 53800
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100327151123.357333-000
Event Type: Úspěch auditu
User:

Computer Name: Michal-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 53801
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100327151123.357333-000
Event Type: Úspěch auditu
User:

Computer Name: Michal-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: MICHAL-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-19
Název účtu: LOCAL SERVICE
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e5
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x28c
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 53802
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100327151123.466534-000
Event Type: Úspěch auditu
User:

Computer Name: Michal-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-19
Název účtu: LOCAL SERVICE
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e5

Oprávnění: SeAuditPrivilege
SeImpersonatePrivilege
SeAssignPrimaryTokenPrivilege
Record Number: 53803
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100327151123.466534-000
Event Type: Úspěch auditu
User:

Computer Name: Michal-PC
Event Code: 4648
Message: Došlo k pokusu o přihlášení pomocí explicitního pověření.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: MICHAL-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Účet, jehož pověření bylo použito:
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Cílový server:
Název cílového serveru: localhost
Další informace: localhost

Informace o procesu:
ID procesu: 0x28c
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Síťová adresa: -
Port: -

Tato událost je generována, pokud se proces pokusí přihlásit k účtu explicitním zadáním pověření tohoto účtu. K tomu nejčastěji dochází v dávkových konfiguracích, například naplánovaných úlohách, nebo při použití příkazu RUNAS.
Record Number: 53804
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100327151123.934537-000
Event Type: Úspěch auditu
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2

-----------------EOF-----------------

LOG

Logfile of random's system information tool 1.08 (written by random/random)
Run by Míša at 2010-11-25 18:53:54
Microsoft® Windows Vista™ Home Basic
System drive C: has 3 GB (6%) free of 52 GB
Total RAM: 1014 MB (23% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-06 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67BCF957-85FC-4036-8DC4-D4D80E00A77B}]
CIEDownload Object - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll [2008-07-31 558376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Windows\system32\ActiveToolBand.dll [2007-04-25 299008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-04-25 151552]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-07-25 1006264]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-05-29 4472832]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104]
"Acer Tour"= []
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-02-07 54832]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-04-25 457216]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2007-06-15 850704]
"eRecoveryService"= []
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-01-02 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-01-02 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-01-02 133656]
"zzz_ImInstaller_IncrediMail"=C:\Users\Zuzka\AppData\Local\Temp\ImInstaller\IncrediMail\incredimail_install.exe [2008-11-18 610648]
"MobileConnect"=C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2009-04-20 2327552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"TQ566808"=E:\Setup.exe []
"AutoStart"=C:\Users\JA5B1C~1\AppData\Local\Temp\81576.exe [2010-11-20 31232]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-11 1232896]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Canon LBP3000 Status Window.lnk - C:\Windows\System32\spool\drivers\w32x86\3\CNAB3LAK.EXE
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

C:\Users\Míša\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-01-02 200704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-11-25 18:53:55 ----D---- C:\Program Files\trend micro
2010-11-25 18:53:54 ----D---- C:\rsit
2010-11-25 16:45:59 ----SHD---- C:\Config.Msi
2010-11-25 16:34:01 ----A---- C:\Windows\system32\drivers\aswSP.sys
2010-11-25 16:34:01 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2010-11-25 16:34:00 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2010-11-25 16:34:00 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2010-11-25 16:33:57 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2010-11-25 16:32:51 ----A---- C:\Windows\system32\aswBoot.exe
2010-11-25 16:32:16 ----D---- C:\ProgramData\Alwil Software
2010-11-25 16:32:15 ----D---- C:\Program Files\Alwil Software
2010-11-20 23:52:16 ----RSHD---- C:\RECYCLER

======List of files/folders modified in the last 1 months======

2010-11-25 18:53:55 ----RD---- C:\Program Files
2010-11-25 18:52:16 ----D---- C:\Windows\Temp
2010-11-25 18:51:44 ----D---- C:\Windows\inf
2010-11-25 18:51:44 ----AD---- C:\Windows\System32
2010-11-25 18:51:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-11-25 18:37:43 ----SHD---- C:\System Volume Information
2010-11-25 17:51:46 ----D---- C:\Users\Míša\AppData\Roaming\OpenOffice.org2
2010-11-25 17:00:44 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-11-25 16:58:12 ----SHD---- C:\Windows\Installer
2010-11-25 16:57:27 ----D---- C:\Windows
2010-11-25 16:56:57 ----D---- C:\ProgramData\Symantec
2010-11-25 16:56:16 ----AD---- C:\Windows\system32\drivers
2010-11-25 16:56:01 ----D---- C:\Program Files\Common Files
2010-11-25 16:42:11 ----HD---- C:\ProgramData
2010-11-25 16:33:34 ----D---- C:\Windows\winsxs
2010-11-22 17:16:45 ----D---- C:\Windows\Prefetch
2010-11-12 23:17:59 ----D---- C:\Windows\system32\catroot2
2010-11-11 11:05:25 ----D---- C:\ProgramData\Microsoft Help
2010-11-03 19:01:32 ----D---- C:\ProgramData\Norton
2010-10-30 20:38:06 ----D---- C:\Program Files\Skype
2010-10-30 19:21:30 ----D---- C:\Program Files\ICQ6Toolbar
2010-10-30 19:21:24 ----HD---- C:\Program Files\InstallShield Installation Information
2010-10-30 19:21:23 ----D---- C:\Program Files\ICQ6.5
2010-10-30 19:21:19 ----D---- C:\ProgramData\ICQ

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-07-12 305176]
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 20776]
R0 PSDNServ;PSDNSERVER; C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16680]
R0 psdvdisk;psdvdisk; C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 60712]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-09-07 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 tcpipBM;Bytemobile Kernel Network Provider; C:\Windows\system32\drivers\tcpipBM.sys [2008-10-09 18816]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 13560]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2007-03-02 76584]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2006-11-02 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-29 8192]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 534016]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2007-06-15 21264]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-22 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-22 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-05-31 1780576]
R3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2006-11-02 30720]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-07-25 6144]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-12-02 82432]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-05-02 290816]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-22 659968]
S0 BMLoad;Bytemobile Boot Time Load Driver; C:\Windows\system32\drivers\BMLoad.sys [2008-10-09 22528]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 534016]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-12-13 102784]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\Windows\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\Windows\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\Windows\system32\DRIVERS\MSIRCOMM.sys [2006-11-02 24064]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys []
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-04-25 457512]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-04-23 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 135168]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-07-03 53248]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 24576]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-04-03 272024]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0; C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2007-02-07 49152]
R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-04-20 9216]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 167936]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-29 386560]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Služba Čtení deníku USN sdílených složek programu Messenger; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Combofix

ComboFix 10-11-24.04 - Míša 25.11.2010 19:50:12.1.2 - x86
Spuštěný z: c:\users\Míša\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! Antivirus *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\common.data
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Ája\AppData\Roaming\Microsoft\paloolope.exe
c:\users\Ája\AppData\Roaming\Microsoft\quigy.exe
c:\users\Public\nvsvc32.exe
c:\windows\system32\arp.exe
c:\windows\system32\spool\prtprocs\w32x86\CNMPP8F.DLL
c:\windows\Temp\log.txt

----- Souboroví replikátoři -----

c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut1_1.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut10.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut11.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut11_A888ADCD972E402C989E44C9B6E8DB64.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut12.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut12_A888ADCD972E402C989E44C9B6E8DB64.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut13.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut13_A888ADCD972E402C989E44C9B6E8DB64.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut14.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut14_A888ADCD972E402C989E44C9B6E8DB64.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut15_A888ADCD972E402C989E44C9B6E8DB64.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut16_A888ADCD972E402C989E44C9B6E8DB64.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut17_A888ADCD972E402C989E44C9B6E8DB64.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut18.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut19.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut2_1.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut20.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut21.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut22.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut23.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut24.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut25.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut26.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut27.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut28.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut29.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut3_1.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut3_A888ADCD972E402C989E44C9B6E8DB64.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut30.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut32.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut33.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut34.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut35.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut36.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut37.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut38.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut39.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut4.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut40.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut8.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut8_A888ADCD972E402C989E44C9B6E8DB64.exe
c:\windows\Installer\{C037D08B-4883-491D-9329-DC5ACA90F797}\NewShortcut9.BB7DC861_90E5_455B_AF72_47A8D82F237A.exe
.
----- BITS: Možné infikované stránky -----

hxxp://au.download.windowsupdate.j+|Cv+@J:NGD_DQ{zZOmOGxkVA'{AC76BA86-7AD7-1029-7B44-A92000000001}
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_usnjsvc

((((((((((((((((((((((((( Soubory vytvořené od 2010-10-25 do 2010-11-25 )))))))))))))))))))))))))))))))
.

2010-11-25 19:07 . 2010-11-25 19:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-25 19:07 . 2010-11-25 19:07 -------- d-----w- c:\users\Ája\AppData\Local\temp
2010-11-25 19:07 . 2010-11-25 19:07 -------- d-----w- c:\users\Zuzka\AppData\Local\temp
2010-11-25 19:07 . 2010-11-25 19:07 -------- d-----w- c:\users\Michal\AppData\Local\temp
2010-11-25 17:53 . 2010-11-25 17:53 -------- d-----w- c:\program files\trend micro
2010-11-25 17:53 . 2010-11-25 17:54 -------- d-----w- C:\rsit
2010-11-25 15:34 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-25 15:34 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-25 15:34 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-25 15:34 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-25 15:33 . 2010-09-07 15:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-11-25 15:32 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-25 15:32 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-25 15:32 . 2010-11-25 15:32 -------- d-----w- c:\programdata\Alwil Software
2010-11-25 15:32 . 2010-11-25 15:32 -------- d-----w- c:\program files\Alwil Software
2010-11-23 11:47 . 2010-11-23 11:47 18432 ---ha-w- c:\users\Ája\bne.exe
2010-11-23 11:47 . 2010-11-23 11:47 43008 --sh--r- c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vqf9a0vqq.exe
2010-11-23 11:47 . 2010-11-23 11:47 43008 --sh--r- c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqlff6av.exe
2010-11-23 11:47 . 2010-11-23 11:47 43008 --sh--r- c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7lfaa7v.exe
2010-11-23 11:47 . 2010-11-23 11:47 43008 --sh--r- c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlaavlaq.exe
2010-11-22 16:18 . 2010-11-22 16:18 43008 --sh--r- c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hh2cxmm1xxr.exe
2010-11-22 16:18 . 2010-11-22 16:18 43008 --sh--r- c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h2cxmm1xxr.exe
2010-11-22 16:18 . 2010-11-22 16:18 43008 --sh--r- c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cm8cx1rmmhx.exe
2010-11-22 16:18 . 2010-11-22 16:18 43008 --sh--r- c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7rmh9cc.exe
2010-11-22 16:18 . 2010-11-22 16:18 18432 ---ha-w- c:\users\Ája\rcapt.exe
2010-11-20 22:52 . 2010-11-20 22:52 43008 --sh--r- c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kaapuaukau.exe
2010-11-20 22:52 . 2010-11-20 22:52 43008 --sh--r- c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ffa6kkfu4a.exe
2010-11-20 22:52 . 2010-11-20 22:52 43008 --sh--r- c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\akka1a0afpa.exe
2010-11-20 22:52 . 2010-11-20 22:52 43008 --sh--r- c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\u0ppufpp.exe
2010-11-20 22:51 . 2010-11-20 22:51 85504 --sh--r- c:\users\Ája\AppData\Roaming\juzjf.exe
2010-11-08 19:42 . 2010-11-08 19:42 -------- d-----w- c:\users\Zuzka\xinorbis
2010-11-07 14:52 . 2010-11-07 14:52 -------- d-----w- c:\users\Zuzka\AppData\Local\Microsoft Help
2010-10-30 18:20 . 2010-10-30 18:20 -------- d-----w- c:\users\Michal\AppData\Local\AOL

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-17 12:55 . 2010-10-17 12:55 339456 ----a-w- c:\windows\UIA200.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-11 1232896]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-04-20 2327552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

c:\users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-9-11 393216]

c:\users\µja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
7lfaa7v.exe [2010-11-23 43008]
7rmh9cc.exe [2010-11-22 43008]
akka1a0afpa.exe [2010-11-20 43008]
cm8cx1rmmhx.exe [2010-11-22 43008]
ffa6kkfu4a.exe [2010-11-20 43008]
h2cxmm1xxr.exe [2010-11-22 43008]
hh2cxmm1xxr.exe [2010-11-22 43008]
kaapuaukau.exe [2010-11-20 43008]
qlaavlaq.exe [2010-11-23 43008]
qqlff6av.exe [2010-11-23 43008]
u0ppufpp.exe [2010-11-20 43008]
vqf9a0vqq.exe [2010-11-23 43008]

c:\users\Mˇça\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-9-11 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2007-02-07 49152]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-04-20 9216]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - BMLoad

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://cs.intl.acer.yahoo.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: bmnet.dll
FF - ProfilePath - c:\users\Míša\AppData\Roaming\Mozilla\Firefox\Profiles\z1g97cxn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-zzz_ImInstaller_IncrediMail - c:\users\Zuzka\AppData\Local\Temp\ImInstaller\IncrediMail\incredimail_install.exe
HKLM-Run-TQ566808 - E:\Setup.exe
HKLM-Run-AutoStart - c:\users\JA5B1C~1\AppData\Local\Temp\81576.exe
AddRemove-Beach Soccer - c:\users\Míša\Documents\aja\oblázky\Beach Soccer\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-25 20:52
Windows 6.0.6000 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\users\MA7580~1\AppData\Local\Temp\JET385E.tmp 0 bytes

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(612)
c:\windows\system32\bmnet.dll

- - - - - - - > 'Explorer.exe'(3736)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\program files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll
c:\program files\Sony Ericsson\Mobile\File Manager\fmgrguil.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\CNAB3RPK.EXE
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\LManager.exe
c:\program files\OpenOffice.org 2.3\program\soffice.exe
c:\acer\Empowering Technology\ENET\ENMTRAY.EXE
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\windows\system32\igfxsrvc.exe
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OpenOffice.org 2.3\program\soffice.BIN
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Celkový čas: 2010-11-25 21:02:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-25 20:02

Před spuštěním: 2 811 006 976
Po spuštění: 5 021 167 616

- - End Of File - - 188823CA17273FEBAB0E4ECC5D457FF1

Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vqf9a0vqq.exe
c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqlff6av.exe
c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7lfaa7v.exe
c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlaavlaq.exe
c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hh2cxmm1xxr.exe
c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h2cxmm1xxr.exe
c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cm8cx1rmmhx.exe
c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7rmh9cc.exe
c:\users\Ája\rcapt.exe
c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kaapuaukau.exe
c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ffa6kkfu4a.exe
c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\akka1a0afpa.exe
c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\u0ppufpp.exe
c:\users\Ája\AppData\Roaming\juzjf.exe
c:\windows\UIA200.exe
c:\users\MA7580~1\AppData\Local\Temp\JET385E.tmp

Driver::
BMLoad

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Hele tak máme problém komp přestal fungovat, vzal jsem ten textak dal jsem ho nad combofix, nic to neudělalo a napsalo to error "Pokus použít neplatnou operaci na klíč registru, který je oynačen pro odstranění. Teď už nejde zapnout žádný program ani spustit žádný soubor. Co teď?

Zkuste nastartovat do nouz. režimu a provést obnovu systému k datu, kdy korektně fungoval. Pokud to nepůjde, budete muset provést opravu z instal. média. Viry patrně poškodily systém a při pokusu o jejich odebrání systém spadl.

Tak to nakonec nějak prošlo, na konci to po mě chtělo odeslat ten soubor k dalšímu prozkoumání, tak jsem to tam poslal.

Tady je log

ComboFix 10-11-24.04 - Míša 25.11.2010 22:58:01.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1250.420.1029.18.1014.202 [GMT 1:00]
Spuštěný z: c:\users\Míša\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Míša\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! Antivirus *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

file zipped: c:\users\Ája\AppData\Roaming\juzjf.exe
file zipped: c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7lfaa7v.exe
file zipped: c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7rmh9cc.exe
file zipped: c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\akka1a0afpa.exe
file zipped: c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cm8cx1rmmhx.exe
file zipped: c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ffa6kkfu4a.exe
file zipped: c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h2cxmm1xxr.exe
file zipped: c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hh2cxmm1xxr.exe
file zipped: c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kaapuaukau.exe
file zipped: c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlaavlaq.exe
file zipped: c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqlff6av.exe
file zipped: c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\u0ppufpp.exe
file zipped: c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vqf9a0vqq.exe
file zipped: c:\users\Ája\rcapt.exe
file zipped: c:\windows\UIA200.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Ája\rcapt.exe
c:\windows\UIA200.exe

Nakažená kopie c:\windows\system32\drivers\ntfs.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\combofix\HarddiskVolumeShadowCopy1_!Windows!System32!drivers!ntfs.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BMLOAD
-------\Service_BMLoad

((((((((((((((((((((((((( Soubory vytvořené od 2010-10-25 do 2010-11-25 )))))))))))))))))))))))))))))))
.

2010-11-25 22:20 . 2010-11-25 22:20 -------- d-----w- c:\users\Zuzka\AppData\Local\temp
2010-11-25 22:20 . 2010-11-25 22:20 -------- d-----w- c:\users\Michal\AppData\Local\temp
2010-11-25 22:20 . 2010-11-25 22:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-25 22:20 . 2010-11-25 22:20 -------- d-----w- c:\users\Ája\AppData\Local\temp
2010-11-25 20:02 . 2010-11-25 22:24 -------- d-----w- c:\users\Míša\AppData\Local\temp
2010-11-25 17:53 . 2010-11-25 17:53 -------- d-----w- c:\program files\trend micro
2010-11-25 17:53 . 2010-11-25 17:54 -------- d-----w- C:\rsit
2010-11-25 15:34 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-25 15:34 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-25 15:34 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-25 15:34 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-25 15:33 . 2010-09-07 15:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-11-25 15:32 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-25 15:32 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-25 15:32 . 2010-11-25 15:32 -------- d-----w- c:\programdata\Alwil Software
2010-11-25 15:32 . 2010-11-25 15:32 -------- d-----w- c:\program files\Alwil Software
2010-11-23 11:47 . 2010-11-23 11:47 18432 ---ha-w- c:\users\Ája\bne.exe
2010-11-23 11:47 . 2010-11-23 11:47 43008 --sha-r- c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vqf9a0vqq.exe
2010-11-23 11:47 . 2010-11-23 11:47 43008 --sha-r- c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqlff6av.exe
2010-11-23 11:47 . 2010-11-23 11:47 43008 --sha-r- c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7lfaa7v.exe
2010-11-23 11:47 . 2010-11-23 11:47 43008 --sha-r- c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlaavlaq.exe
2010-11-22 16:18 . 2010-11-22 16:18 43008 --sha-r- c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hh2cxmm1xxr.exe
2010-11-22 16:18 . 2010-11-22 16:18 43008 --sha-r- c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h2cxmm1xxr.exe
2010-11-22 16:18 . 2010-11-22 16:18 43008 --sha-r- c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cm8cx1rmmhx.exe
2010-11-22 16:18 . 2010-11-22 16:18 43008 --sha-r- c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7rmh9cc.exe
2010-11-20 22:52 . 2010-11-20 22:52 43008 --sha-r- c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kaapuaukau.exe
2010-11-20 22:52 . 2010-11-20 22:52 43008 --sha-r- c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ffa6kkfu4a.exe
2010-11-20 22:52 . 2010-11-20 22:52 43008 --sha-r- c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\akka1a0afpa.exe
2010-11-20 22:52 . 2010-11-20 22:52 43008 --sha-r- c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\u0ppufpp.exe
2010-11-20 22:51 . 2010-11-20 22:51 85504 --sha-r- c:\users\Ája\AppData\Roaming\juzjf.exe
2010-11-08 19:42 . 2010-11-08 19:42 -------- d-----w- c:\users\Zuzka\xinorbis
2010-11-07 14:52 . 2010-11-07 14:52 -------- d-----w- c:\users\Zuzka\AppData\Local\Microsoft Help
2010-10-30 18:20 . 2010-10-30 18:20 -------- d-----w- c:\users\Michal\AppData\Local\AOL

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-11 1232896]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-04-20 2327552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

c:\users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-9-11 393216]

c:\users\µja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
7lfaa7v.exe [2010-11-23 43008]
7rmh9cc.exe [2010-11-22 43008]
akka1a0afpa.exe [2010-11-20 43008]
cm8cx1rmmhx.exe [2010-11-22 43008]
ffa6kkfu4a.exe [2010-11-20 43008]
h2cxmm1xxr.exe [2010-11-22 43008]
hh2cxmm1xxr.exe [2010-11-22 43008]
kaapuaukau.exe [2010-11-20 43008]
qlaavlaq.exe [2010-11-23 43008]
qqlff6av.exe [2010-11-23 43008]
u0ppufpp.exe [2010-11-20 43008]
vqf9a0vqq.exe [2010-11-23 43008]

c:\users\Mˇça\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-9-11 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2007-02-07 49152]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-04-20 9216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://cs.intl.acer.yahoo.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: bmnet.dll
FF - ProfilePath - c:\users\Míša\AppData\Roaming\Mozilla\Firefox\Profiles\z1g97cxn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-ATF - c:\windows\UIA200.exe

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(612)
c:\windows\system32\bmnet.dll

- - - - - - - > 'Explorer.exe'(5936)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\program files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll
c:\program files\Sony Ericsson\Mobile\File Manager\fmgrguil.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\CNAB3RPK.EXE
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\OpenOffice.org 2.3\program\soffice.exe
c:\acer\Empowering Technology\ENET\ENMTRAY.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\program files\OpenOffice.org 2.3\program\soffice.BIN
c:\users\MA7580~1\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Celkový čas: 2010-11-25 23:34:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-25 22:33
ComboFix2.txt 2010-11-25 20:02

Před spuštěním: 4 968 259 584
Po spuštění: 4 954 984 448

- - End Of File - - 9E3CC1DA9F052A9CBAB38FC8E86D7865

Zbytek zkusíme smazat Avengerem: http://www.viry.cz/forum/viewtopic.php?f=15&t=19832 . Spusťte jej tímto skriptem:

Files to delete:
c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vqf9a0vqq.exe
c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqlff6av.exe
c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7lfaa7v.exe
c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlaavlaq.exe
c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hh2cxmm1xxr.exe
c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h2cxmm1xxr.exe
c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cm8cx1rmmhx.exe
c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7rmh9cc.exe
c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kaapuaukau.exe
c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ffa6kkfu4a.exe
c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\akka1a0afpa.exe
c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\u0ppufpp.exe
c:\users\Ája\AppData\Roaming\juzjf.exe

Avenger LOG

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vqf9a0vqq.exe" deleted successfully.
File "c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqlff6av.exe" deleted successfully.
File "c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7lfaa7v.exe" deleted successfully.
File "c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlaavlaq.exe" deleted successfully.
File "c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hh2cxmm1xxr.exe" deleted successfully.
File "c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h2cxmm1xxr.exe" deleted successfully.
File "c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cm8cx1rmmhx.exe" deleted successfully.
File "c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7rmh9cc.exe" deleted successfully.
File "c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kaapuaukau.exe" deleted successfully.
File "c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ffa6kkfu4a.exe" deleted successfully.
File "c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\akka1a0afpa.exe" deleted successfully.
File "c:\users\Ája\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\u0ppufpp.exe" deleted successfully.
File "c:\users\Ája\AppData\Roaming\juzjf.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Vše bylo smazáno. PC by měl být již čistý. Nastala nějaká změna?

VIRY.CZ

Samovolné posílání mailů, celkový test

Samovolné posílání mailů, celkový test

Re: Samovolné posílání mailů, celkový test

Re: Samovolné posílání mailů, celkový test

Re: Samovolné posílání mailů, celkový test

Re: Samovolné posílání mailů, celkový test

Re: Samovolné posílání mailů, celkový test

Re: Samovolné posílání mailů, celkový test

Re: Samovolné posílání mailů, celkový test

Re: Samovolné posílání mailů, celkový test

Re: Samovolné posílání mailů, celkový test